The sent and received packets on my machine have crossed more than 3,00,000 within 15 mins of the system being booted. Is this an indication of virus in the machine? If so wat is the best possible solution to this problem. Is it something to do with the network card?
2007-03-22 20:18:01 · 3 answers · asked by ask sammy 2 in Computers & Internet ➔ Computer Networking
Okay lets do some math for some statistical purposes :)
A typical packet contains perhaps 1,000 or 1,500 bytes therefore if your saying 300,000 packets in 15 minutes, that is equivalent to 450,000,000 bytes which is equivalent to about ~ 429 MB.
Now 15min is 900sec so 429 / 900 = 0.476MB/s which is equivalent to 488 KB/s
Now the reason why I did this is to find out how fast data is incoming to your system, and from the data I have calculated above, around 500kb/s is being transmitted to your machine.
Since I don't know your connection speed I am assuming you ordered a 3.5mbit or 4mbit downstream and > 1mbit upstream.
Now the thing you have to realize is the following, is it the packets SENT or packets RECEIVED. If it is Packets SENT, then I am more than certain it is a VIRUS, ROOT KIT , ETC. There is no way that I can think of that could explain 500kb/s being sent OUT from boot other than someone rooted you to be a server or some sort. ( Scan your computer with your network off to find that issue ) . Since I assume you don't have 4mbit upstream this possibility is more than unlikely.
Now, if those are PACKETS RECEIVED, then that might be a different story... Either you have some sort of program installed to download stuff like P2p (bitorrent, ftp, etc), or Windows Update is updating, or any other programs is updating.
If this still persists, after booting by 5 minutes :
1) goto START > RUN > type in "cmd"
2) A Black Screen will show, type in "netstat"
3) The list should be small, if you see it big, then some activity outside world is happening, if you see it small and this stuff still happens, it seems that you got root kitted and some person replaced your netstat functionality, or windwos update, but do it again and again to find out if it is really windows update.
Please do this many trials to find out if many outsiders are connected, turn off all p2p, bitorrent, irc, newsgroups. and see if this persists. If it still, you have a virus, and need to take alternative measurements.
Good Luck :p
2007-03-22 22:07:25 · answer #1 · answered by ? 6 · 0⤊ 0⤋
disconnect it from network, and then check for virus and trojan
looks like some one is using your machine to launch attack on other machines
2007-03-22 21:48:24 · answer #2 · answered by Anonymous · 0⤊ 1⤋
Please check if you have any download manager installed and have resume download enabled first, before kicking urself
bhaskar
2007-03-23 03:20:23 · answer #3 · answered by Bhaskar 3 · 0⤊ 0⤋