Slyck.com
 
Slyck Chatbox - And More

Lagging Internet Connection - Need a Packet Sniffer?

This is the forum to discuss tech-software related issues.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Lagging Internet Connection - Need a Packet Sniffer?

Postby IceCube » Thu May 24, 2007 3:33 am

Well, I have not had issues in years generally because of my not wanting to install everything type of attitude. Lately, my virus scanner has been picking up the occasional trojan or two. No biggy, nuked them. The last one it picked up was some sort of trojan dropper. Well, like the rest, nuked.

Now I know my connection quite well since my net use is pretty consistent. If I have eMule running, my browsing speed is not affected because I capped it at about 45kbps up. If I'm running BitTorrent, it can go up to about 120kbps up/down combined. At that point, my browsing speed is dirt slow, but the main influx in bandwidth usage generally doesn't last.

I come home to find that my browsing speed is slow. I have both my BitTorrent and my eMule programs running. I check the BitTorrent client and everything reads zero. I look on eMule and the upload speed can barely keep up with the cap (which is normal for a typical high-speed swarm on BitTorrent running in the background, but none of which actually exist) So as a precaution, I kill the BitTorrent client anyway. No change. Browsing speed is compromised and eMule can hardly keep up with the 45kbps up cap. WTF?

I turn on my laptop and try browsing with it and the browsing speed is compromised just like my main machine. So I rule out something faulty with FF. I open up my Norton Security and click on 'Block All Traffic' on the main machine. I then go to my laptop and try browsing. Browsing is suddenly amazingly fast. I unblock all traffic on the main machine and after a few minutes, it's the same story, compromised speed and eMule can hardly keep up with my set cap. WTF?

I shut my main machine down and have a theory (I'm actually not THAT big of a personal security expert) but something on the main machine is eating up serious amounts of bandwidth (upwards of 100kbps) The only thing I can think of is that something is using my connection to send out vast amounts of information (guessing spam)

So I'm thinking that it could possibly be just a glitch of some sort and I'll try tomorrow (shut my machine off at night) If it's the same story, I'm wondering if a packet sniffer would be of help to figure out where the hell my bandwidth is mysteriously being eaten up? Either that or try HijackThis?

Thanks for the help and hopefully I narrowed down all the suspects with my investigation. :)
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Postby swoosh » Thu May 24, 2007 4:56 am

Well, the same happened to me last year. shutting down the main pc improved my network connection drastically, the only difference with your case is that I used emule and torrent on an old machine. I used all kind of packed sniffers, spy/malware, rootkit detectors but they all told me my main pc was clean. Eventually I just formatted my pc and solved the problem. I know I’m not being helpful but advice you start making backups of your data… :roll: It could be a network driver issue but I only thought about that after formatting, so I never tried that out
swoosh
 
Posts: 73
Joined: Mon Jan 31, 2005 9:05 am

Postby majinsoftware » Thu May 24, 2007 6:44 am

You firewall should tell you whats using the net, What I use to do is block everything apart from the things I was currently using such as Firefox and bittorrent.
majinsoftware
 
Posts: 52
Joined: Fri Mar 23, 2007 5:02 am

Postby Asuran » Thu May 24, 2007 7:02 am

You can also see your main computers network traffic amount simply from the task manager's network tab. Easy way to check if there's traffic when there shouldn't be. Doesn't really help you trace the source though.
Asuran
 
Posts: 1121
Joined: Tue Mar 16, 2004 6:40 am
Location: Finland

Postby blargh » Thu May 24, 2007 7:17 am

Try shutting down all applications that you can shut down, then nuke your firewall and antiviral solutions and run wireshark on your computer. Just let it sit for a few minutes collecting packets, if it doesn't pick up any packets going out, you've probably got a config problem on your hands. If it does, check out what's inside the packets. (if I were you, I'd suspect norton security and throw that out first)

Also, check if your firewall is doing reverse dns resolution on all incoming connections, that's a HUGE resource hog aswell. (if the above doesn't help I mean)
This text makes my post look better.
blargh
 
Posts: 425
Joined: Sat Apr 08, 2006 9:44 pm

Postby HouseCrowd » Thu May 24, 2007 8:19 am

Try What's Running using the IP View and also check for any unusual services, processes and startup entries.
There are 10 types of people in the World; those who understand binary, and those who do not.
User avatar
HouseCrowd
 
Posts: 33862
Joined: Mon Oct 13, 2003 4:18 am
Location: UK

Postby IneptVagrant » Thu May 24, 2007 9:20 am

Most commonly, "slowness" is caused by too many packets, too many open connections, or too high upload. Which could be just that one PC, or a combination of all the PC on the LAN. You can try running w/o a router, to see if there is a limitation with the intermediant devices -- thats not my first suggestion, but its the simplest.

Start with a small and simple prog, that just tracks bandwidth. With everything shutdown you can expect, very minimal traffic < 1KB/s, there will always be some traffic. bandmon or dumeter. I use a widget for my shell replacement that does the same thing.

Do a couple pings by both host name and IPs. Ping your DNS server, try using a different DNS server.

These are all verison, public DNS servers.
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

From a cold start, (comp has been off for awhile, so echo emule/torrent traffic has died off) run > "netstat -an". Ignore all the loopback tunnels, and port 139. Look for listening ports that shouldn't be there. "netstat -b" will tell you what prog is in control of the tunnel, this can take several minutes to process, "netstat -bv" will tell you the prog, and what dlls or components are involved. netstat is pretty much useless with emule or torrents running, cause you'll have hundreds of open connections.

Add back one prog at a time, till you notice a difference in pings or DNS resolution latency.

Perhaps you just generally have more bandwidth usage then before. Set emule to a 'low' upload rate, then slowly turn it up till the pink line on the performance graph (its in emule its been along time, I forget the correct place for it) starts to spike around, then you know your max upload. Back off a few Kps, so download has breathing room. Remember to back off to give room for any other prog uploading.

A packet sniffer really isn't much help, but if you want to try one, I recommend ethereal

Finally a long shot, and I only mention it because I just figured it out at my own house recently. Make sure the modem isn't dropping connection. My modem was overheating and crashing, silly me.
IneptVagrant
 
Posts: 1247
Joined: Tue Nov 15, 2005 5:07 am
Location: close the world . . . . . . . . . . . . . . txEn eht nepO

Postby IceCube » Thu May 24, 2007 4:56 pm

I fired up eMule to see if the problem persists.

I cap it specifically at 45kbps because I know nothing else should be interrupted at that rate. So far, so good, but if the problems return, I'll definitely look in to these solutions. Thanks a million for the help :D
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?


Return to Tech/Software Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

© 2001-2008 Slyck.com