Windows 7 Massive Amounts of Network Traffic / Packets

[HamAndYam]

Hello,

I purchased a new Dell XPS 17 and have previously been a long time user of XP. One big reason I am already not a fan of Windows 7 is because while some things have improved other things have gotten worse. By far this is the worst problem:

In XP my Duration online can be 1-2 days and would barely hit a million or a million and a half of packets for sent and outgoing individually. With the Same exact setup in Windows 7 what takes days in XP I experience in about 1 Hour in Windows 7!! As of right now I have over 19million outgoing packets! Similar for Received. What gives?? I have searched online and am hoping i'm not the only one with this issue.

Before you suggest it, I'm not a n00b but I could have overlooked somethings, I have already ran a Spybot Search & Destroy Scan and a Windows Security Essentials Scan to no avail. I'm fairly certain my system is clean.

By the way I have an Intel 1000BGN Internal Adapter but I have it disabled and am using an Alfa AWUS036h b/g adapter. My router is a Netgear N300 WNR2000v2. I am experiencing very low speeds 1-5.5 and occasionally a stable 11mbps. I firmly believe this network traffic is causing both my low speeds and my random and frequent limited access / disconnections.

Please advise!

 

[HamAndYam]

I heard about Netlimiter and gave it a try, I like it better than Wireshark because it's more user friendly and also tells you what program or service is responsible for the specific traffic. Using it only confirmed my suspicions because the apps I am running barely use any bandwidth. I have also changed windows update from automatically download and install to ask me before doing either and this has had no effect on the packets sent and received. I didn't bother to turn it off completely after that result.

Mind you sent packets are moving the fastest despite nothing running in the foreground. I don't get it.. how can a network monitor that is supposed to see all traffic not display what's obviously flowing through? (I am witnessing this / going by what is shown in the status window.) I can post a link to 2 videos for comparison between my XP laptop and my XPS Win 7 x64 laptop if anyone doesn't believe the difference. Almost exact same setup just different OS's.. I am stumped.

 

[Mike]

I heard about Netlimiter and gave it a try, I like it better than Wireshark because it's more user friendly and also tells you what program or service is responsible for the specific traffic. Using it only confirmed my suspicions because the apps I am running barely use any bandwidth. I have also changed windows update from automatically download and install to ask me before doing either and this has had no effect on the packets sent and received. I didn't bother to turn it off completely after that result.

Mind you sent packets are moving the fastest despite nothing running in the foreground. I don't get it.. how can a network monitor that is supposed to see all traffic not display what's obviously flowing through? (I am witnessing this / going by what is shown in the status window.) I can post a link to 2 videos for comparison between my XP laptop and my XPS Win 7 x64 laptop if anyone doesn't believe the difference. Almost exact same setup just different OS's.. I am stumped.

Any idea where this stuff is going to? Sounds like a heinous problem. Under command prompt, "netstat -a" obviously - this will tell you what ports are open and what is going where. Also look up PortMon: Portmon for Windows

Something as simple as ESET Smart Security (trial version) firewall would give you an idea of network activity and exactly what applications are transmitting data. I don't use this feature regularly, but it is there and could prove to be quite useful. This is good software in general.

 

[Mike]

I heard about Netlimiter and gave it a try, I like it better than Wireshark because it's more user friendly and also tells you what program or service is responsible for the specific traffic. Using it only confirmed my suspicions because the apps I am running barely use any bandwidth. I have also changed windows update from automatically download and install to ask me before doing either and this has had no effect on the packets sent and received. I didn't bother to turn it off completely after that result.

Mind you sent packets are moving the fastest despite nothing running in the foreground. I don't get it.. how can a network monitor that is supposed to see all traffic not display what's obviously flowing through? (I am witnessing this / going by what is shown in the status window.) I can post a link to 2 videos for comparison between my XP laptop and my XPS Win 7 x64 laptop if anyone doesn't believe the difference. Almost exact same setup just different OS's.. I am stumped.

In Windows 7, Start -> Search -> Resource Monitor

Look at "Processes with Network Activity". This should give you some indication of what is draining bandwidth.

 

[HamAndYam]

woah while that was the answer I was expecting you kind of just scatted on my pay grade. Portmon looks a bit confusing / a step up on my skill level. If I post the debugged info can you decipher? I'll feed your brain the data and just dumb it down a notch for me?

I'm gonna try the resource monitor I thought it had to be downloaded seperately according to Microsoft's website.

You gave me a hunch though.. I had recently uninstalled McAfee totally from the computer and finished it off removing all its traces with an uninstall proggy specifically for it. I hadn't checked the transfer rate before I did it but I wonder now after your firewall comment if it could had opened something open or dare I say left something open? Then again I don't remember it having any firewall features and think it was just an anti-virus.

Is windows firewall not sufficient?

 

[Mike]

OK, well there's a few questions in this, and so I should reply to you as best I can, especially about feeding information directly into my brain

Portmon looks a bit confusing / a step up on my skill level. If I post the debugged info can you decipher?

No need here. Don't worry about Portmon if it's confusing. See below.

I'm gonna try the resource monitor I thought it had to be downloaded seperately according to Microsoft's website.

To avoid confusion, please go to your Settings -> Edit Profile on this site and plug in as much information you can about your computer. We have recently added 40 new options for describing your computer system, but even the most simple information that you know can help. For example, if I know exactly what version of Windows you are running, I can tell for sure that you have Resource Monitor. For so long as you are running Windows 7, however, you can use Resource Monitor. It is not a separate download. Resource Monitor is used to monitor disk, memory, network, and CPU usage in real time. It is excellent for this type of thing.

Here is how easy it is to use Resource Monitor:



There is a good view explaining how to use Resource Monitor and other tools to figure out what is going on with your computer:

​

Go to about 10 minutes into this video for an explanation of Resource Monitor.

Check out this TechNet article for very in-depth details about Resource Monitor: Resource Availability Troubleshooting Getting Started Guide​

On average I'm doing about 512-600Kbps. This is normal with a few things open here and there. See here:



So you want to look at that number right after Network Activity and that is going to give you the inbound/outbound data rate in full time. This is in Kbps (kilobit), as we measure traffic in bits and not bytes. A kilobit is still eight times smaller than a kilobyte. So we're looking at not much substantial traffic for me. The average cable Internet connection is about 20 megabits per second. 600 kb is 19400 kb less than 20 Mb (megabit). I'd have to have to use 19,400 more kilobits per second to reach 20 megabit. So I'm using almost nothing. Finding this information is essential to see if you're really leaking data.

Now go to the top and organize by the last item where the arrow is pointing left. Continue to watch this accumulate to find out which program is transferring the most data in/out. Look at the top items on this list.

I had recently uninstalled McAfee totally from the computer and finished it off removing all its traces with an uninstall proggy specifically for it. I hadn't checked the transfer rate before I did it but I wonder now after your firewall comment if it could had opened something open or dare I say left something open?

Probably not. McAfee isn't that great (opinion). I prefer ESET Smart Security as my commercial software of choice for anti-spam, anti-virus, and anti-malware. Windows Firewall should be adequate in most situations. You should never leave your system without an anti-virus though, and Microsoft Security Essentials would be a good solution if you are without one. Generally you don't need a dedicated firewall if you're behind a NAT router and have Windows Firewall turned on. However, some commercial anti-virus applications also include firewall bundles that perform pro-active filtering for potential unwanted threats. Does this put you at risk of using up all your bandwidth without one? Absolutely not.

I would highly suggest using Resource Monitor to out exactly how much data is going in and out of your system and from which applications.

 

[HamAndYam]

Bear with me I am trying to respond as thoroughly as you did. By the way I mentioned in my original post that I ran a WSE scan so basically I replaced McAfee with MSE and am not anti-virusless. We are on the same page that windows firewall combined with MSE is a satisfactory free setup for the typical user.

Thank you double time for pointing out the Resource Monitor because again I had ran across an MS article that offered it to download and so I assumed it was a separate feature. Initially I was only going by Task Manager (Network Tab) which didn't show what I am about to tell you I most definitely found. In addition Safe Mode didn't stop this either and I ignorantly assumed if McAfee hadn't found it and wasn't the cause, and the firewall wasn't already blocking it, AND MSE didn't find anything then it must not be a virus/malware. I overlooked it and that's my fault for jumping all around for conclusions, I hadn't considered that it could have been malware that was trusted onto the system already. Word to the wise, always work in order and in steps. heh.

So basically I had told my gf that if it's not the router and not the adapter (after a ton of troubleshooting) it has to be a virus/malware (only a virus or malware could ever cause such headache usually) but I guess if you know women (or any PC amateur) you know they can be kinda careless and not tell you everything. Never give the benefit of the doubt when it comes to a amateur and a PC lol. She used to have a popular store in SL and basically had downloaded a couple mmorpg's? games tied with Aion and GamersFirst and this horrific malware called Pando Media Booster that was either used for updates to Aion or to try other games. She chalked it up to *nerd guilt* Sigh, either way check out this XP video of my status:

*Update: PMB.exe is tied to a Game called APB.

Link Removed due to 404 Error

Now a 3m video of status on the problematic Win7 machine:

2011-06-27_1911 - Th3Whit3Knight's library

Is that not pretty massive? At least in comparison to XP?

Here's the resource monitor pic:

http://goo.gl/GF6XP

Haha immediately it's like uhh..

Here's a Netlimiter pic:

2011-06-27_2009 - Th3Whit3Knight's library

That's when I noticed the GamersFirst thing. I don't know if it's obvious why I missed it at first considering in Netlimiter it didn't look as threatening as in the RM. All has been uninstalled. Including junk toolbars and the whole ADP game. Also got rid of some Akamai Accelerator thing that I didn't trust. Ran StartupCPL and noticed one app that starts on startup with absolutely no name or directory and unchecked a few other unnecessary things. Unfortunately after a reboot it's still disconnecting so I am looking for any traces or similar malware, specifically in msconfig/services.msc. Is ESET capable of finding things like this automatically and removing it? I thought MSE was able to do it but I guess not. I'm gonna try SpyDoctor via googlepack and see what it gets. It's ashame Spybot didn't find it.

*Update: Instead of SpyDoctor I gave MalwareBytes a try since it is a 1/10th of the size of SD and the connection speed is lacking on wifi. After fully updating it it only turned up 1 infection which was something in the recycle bin and has been quarantined so no luck really there. I wanna note that when connected to At&t's MiFi the laptop doesn't d/c anymore. It still shows high traffic but marginally less than before. Some things do seem faster and more open after eliminating Pando. Something still isn't right. I can feel it.

To sum up the network issues I am currently dealing with:

- Random D/C's and slow speeds on main network randomly and sometimes every few minutes and only able to connect to it (54mbps/4Bars) with Alfa (b/g only adapter). Internal can barely detect it and if it does it sits @ 1mbps-5.5 waiting to d/c. On MiFi Network able to connect with both adapters and stable now. No issues there.
- High Network Traffic
- Internal Adapter Unable to detect network and therefore I can't utilize N speeds. (ISP is Comcast) Router is configured fairly properly.. NAT is open not secured. 300mbps max. channel 1 no interference. inSSIDer shows nearly every other local network fighting on 6 or 11. I thought it would have solved it considering it was on 6 before but no dice. MMS on. MTU back to 1500. WPA2-PSK [AES] (Was initially on wpa2-psk [aes] + [tkip]

Unfortunately I am unable to test a hard-wired connect currently.

Here's some info I found about PMB.exe:

"Not only is Pando Media Booster a bandwidth leech/thief, it also causes probs for web devs.
Chances are that if you run a webserver (for development or whatever) on your work/gaming machine, after installing PMB it will claim port 80 (and 443), causing your webserver to shut down.
"Pando Media Booster uses standard ports for communication that are open by default with the majority of firewalls"
Is that for a stealthy install and/or running a sneaky distributed webserver farm?!
For such a drastic effect, don't you think there should be a warning when installing this software?
It's a thinly veiled virus and nothing more."

Btw Mike, TeamViewer rocks, no? haha.

P.S. I'll try to update my profile with system details when I can.

 

[HamAndYam]

There still seems to be something hogging the bandwidth and the rate increase is very high. I do not see anything else that explains it.


I have disabled RDC in add/remove program features. And have also manually disabled Auto-Tuning in netshell. There wasn't an immediate improvement as I think this affects local network traffic speed more than internet. I have yet to reboot following the changes and will report if it made a difference.


Adapter setting are set to automatically obtain ip address and dns server and there is no proxy set in internet options, it is automatic as well. Still the internet is very slow and sometimes I am unable to even perform a speedtest at Speedtest.com.


Please advise. I am going to attempt a TCP/IP reset in CMD.

 

[HamAndYam]

Feeling kind of dumb.. I was just staring at both status's when I noticed in Windows 7 it says "Bytes:" not "Packets" like in XP.. lol does that explain the difference in rate?

If so, at least the situation helped me get rid of malware. I still am experiencing slow downloads/browsing on the machine and random/frequent disconnections but that seems to be tied to one specific network using the N300 WNR2000v2 router. I have recently done a TCP/IP stack reset which seems to have helped but the issue remains with that connection. Seems fine with MiFi now though! (Even though it is slow cellular speeds)

I suppose my question now is what would cause these router issues if interference and signal strength isn't a problem?