|
|
receiving large amounts of data for no reason...
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
i use menu meters and when im at home and connected the internet it is showing that i am receiving anywhere from 40 - 80 KB/s, and nothing will be running, i have shut down all applications, checked the activity monitor for any "wierd processes" it has been going on for about 3 days.....but it never shows me transferring anything, so im conufsed about what is getting sent to my powerbook...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Are you sure it's "KB" and not bytes?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2004
Location: Nagoya, Japan • 日本 名古屋市
Status:
Offline
|
|
If it's just a few kilobits, that's normal. Your Mac will be constantly listening on the network for other machines and the network status. Also keep in mind, the Internet is full of zombied Windows machines that flood random IP addresses with attempted worm and trojan break-ins.
If you're really concerned, there's probably a program that can take a snapshot of network traffic and identify the computers/programs involved. You could also open up Terminal and type "sudo fs_usage" to see if any rogue processes are going crazy.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
ok, i just got to campus and connected to the wireless network, and its doing the same thing! i restarted my computer and took this snap shot, keep in mind nothing is running
and im receiving roughly 16-11KB/s constantly.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
Originally posted by CaptainHaddock:
If it's just a few kilobits, that's normal. Your Mac will be constantly listening on the network for other machines and the network status. Also keep in mind, the Internet is full of zombied Windows machines that flood random IP addresses with attempted worm and trojan break-ins.
If you're really concerned, there's probably a program that can take a snapshot of network traffic and identify the computers/programs involved. You could also open up Terminal and type "sudo fs_usage" to see if any rogue processes are going crazy.
ok i typed that and i get this like 8943348934483 times, actually it wont stop
13:29:06 CACHE_HIT 0.000008 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000005 WindowServer
13:29:06 CACHE_HIT 0.000041 WindowServer
plus there is some random stuff that is also showing up....but it goes by so quick i cant read it, and its still going as i type...
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Location: Trafalmadore
Status:
Offline
|
|
Try sudo tcpdump -v to see what is being heard on your ethernet port. fs_usage is showing file system activity. What you see with the WindowServer is normal.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
tcpdump: (no devices found) /dev/bpf0: Permission denied
?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Location: Trafalmadore
Status:
Offline
|
|
It should work, if you use sudo first. The -v is for a more verbose listing. You might try it without it too.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: in front of the keyboard
Status:
Offline
|
|
|
signatures are a waste of bandwidth
especially ones with political tripe in them.
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Location: Trafalmadore
Status:
Offline
|
|
What's up with the NO IP address assigned? You should be getting a listing, similar to this :
15:54:11.184787 IP 10.0.0.11.apc-3052 > 10.0.0.255.apc-3052: UDP, length: 475
15:54:13.313077 IP dax.xxxxx.com.netbios-ns > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:54:13.526547 arp who-has 10.0.0.31 tell dax. xxxxx.com
15:54:15.181041 arp who-has odo. xxxxx.com tell easkins-vm1. xxxxx.com
15:54:15.363801 IP 10.0.0.1 > igrp-routers.mcast.net: igrp: request V0 edit=5 AS=61133 (0/0/0) [extra bytes 28]
15:54:15.625561 IP dax. xxxxx.com.netbios-ns > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:54:16.545844 arp who-has 10.0.0.1 tell bmcmahon. xxxxx.com
15:54:18.469853 arp who-has 10.0.0.1 tell odo. xxxxx.com
netstat is also a good tool for monitoring connections, but it won't be as informative as to where the particular packets are coming from.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
well i tried sudo tcpdump -v again and it said the same thing, this is kind of odd, ive been trying to remember what i was doing when all this started and it was around the same time i tried to install vpc 7, but i have no clue if they have any correlation.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 1999
Location: :ИOITAↃO⅃
Status:
Offline
|
|
Your Airport connection is usually en1 -- if you're connected via Airport use en1 in place of en0. Type ifconfig -a to see a full list of network ports; look for one that says "status: active".
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: in front of the keyboard
Status:
Offline
|
|
or, like I said, just type netstat and it will show what you want to see
I mean, you're not really trying to capture the packets for analysis...you just want to see what's sending you crap, right?
|
signatures are a waste of bandwidth
especially ones with political tripe in them.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Location: Trafalmadore
Status:
Offline
|
|
Originally posted by Kristoff:
or, like I said, just type netstat and it will show what you want to see
I mean, you're not really trying to capture the packets for analysis...you just want to see what's sending you crap, right?
The combination of both commands will lend evidence of what may be the source. But netstat won't show how active the connection is, just the IP you have established a connection too.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Location: Trafalmadore
Status:
Offline
|
|
Originally posted by whop:
well i tried sudo tcpdump -v again and it said the same thing, this is kind of odd, ive been trying to remember what i was doing when all this started and it was around the same time i tried to install vpc 7, but i have no clue if they have any correlation.
What OS version are you running, and did you apply the latest security updates? I had similar problems with netstat after the 1st Security update 2004-09-07 and it was fixed in v1.1 of that update.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Nov 2002
Location: Rockville, MD
Status:
Offline
|
|
I had a similar problem once:
http://forums.macnn.com/showthread.p...hreadid=176407
geekwagon helpfully analyzed my tcpdump and told me it was a UPS somewhere on comcast's network going nuts (nothing to worry about). It stopped a week or so later and never came back.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2002
Location: Central Texas
Status:
Offline
|
|
This happened to me last week. It was our Samba service running causing it.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2003
Status:
Offline
|
|
i also have noticed ever since this proble has come around that my dock will disappear at random times and then appear again after a couple of seconds.....ive never had this problem before.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status:
Offline
|
|
Get a router with a firewall...
it blocks 99% of these zombies...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|