My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

I am a user on a home network sharing printers, files, and an Internet connection with several computers in the house. The individual computers use the Internet using DSL via a hub connected to a server then through a firewall connected to the DSL, which is using a static IP address. We are not using a proxy server.

Lately I have been having trouble receiving web pages. They would at some point all start showing up as not found. When this would happen I found that the only thing that would get it up and working again apart from rebooting or just waiting was to open the "Local Area Connection Status" window and disable the network connection and then enabling it again. Which got me noticing this:

Logically, it seems to me, that when I am surfing the Internet the packets would be far grater on the "Received" side then on the "Sent". Because I would be receiving web pages, images, sounds, movies, flash content, and so on, while sending, I would presume, just requests for that stuff. I seem to recall it once being that way when I would be monitoring the "Local Area Connection Status" window in the past. The "Received" would be a lot but the "Sent" would be very little. But now it seems that the "Sent" packets are nearly equal if not greater then the "Received" side. Why might that be? Dose the number of "Sent" packets correlate to the size of the files being "Received" in some way?
It causes me to think that whatever is being viewed on the web browser is being echoed or bounced back to someone else on the Internet thus doubling the network traffic. Could this be causing our problems or are we simply over tasking the network all on our own by all using it at once?
I notice your snapshot shows a similar ratio to what I am getting now. So perhaps it is normal and I am just remembering incorrectly.

Which brings me to one more question.

Would the program you mentioned "TDIMon" detect if a computer is being used as a Drone or Zombie in a Denial of Service (DoS) attack if that where the problem?

Thanks in advance for any info you can give. Or for that matter even just reading all this.

Actually the real question to ask is "why would sent and receive ever be different?" For a normal transfer of information (like a web page, for example) each packet that is sent must be acknowledged with, you guessed it, another packet. So for each packet I send, I *should* recieve a packet saying that it was received.

That's *most* of the time. There are certain communications protocols (streaming audio and video come to mind) where an acknowledgement is not used. Depending on what machine you're looking at, viral probes that come in off of the internet may, or may not appear as recieved packets that your firewall probably will not respond to.

So the bottom line is that there's always a difference, and unless the difference is HUGE (or one of them is zero :-), it doesn't really tell you much.

TDIMon will probably tell you if your machine is being used as a drone, if you know what to look for. There's a lot of activity to wade through, even on a healthy system.

But really, the easier way is simply to look at your process list, or simply run good AV and SPyware scanners. That should not only to tell you, but fix it, if it is a problem.

Hope this helps.

Yes that does help and makes sense now. It's bit of a relief for me to hear that and narrows things down a bit for me.

Thank you!

check out for any trojans or worms in ur network

Hello Leo i need help My packets are sending out way more then normal infact its making my computer internet slow its sending out like 556,543,packets sent and 23,500,packets recieved and connect time is 12 mins/45 secs :( :( :( WHAT DO I DO NEED HELP

Follow the suggestions in the article: perform a virus scan immediately.

Hi Leo ...

me too having the same prob ... have tried latest AV and spyware scanner till my PC is "clean" ... is behind a firewall and a linksys router... still having the same prob...

funny thing here is , i resorted to format the PC and reinstall the OS .. still, the same thing happen even though i have not install anything else.

is formating enough ? or is there other steps i need to perform to totally cleanup my harddisk?

pls advise and thanks in advance!

Hi, for all who have this problem, i found solution! In my office was 2 PC with some problem, all you need clean yours PC with SpySweeper or any other soft and after that....
After that you need remove network card and install again!
Belive me its working, i think what some kind of spyware just corrupt network driver.
Have a good day and send thanks to me :)

Hi Leo, I was wondering what it means if one of the Packets Sent/Received values was zero... More specifically, what problem is denoted by the "Packets Received" being 0? :) Thanks for your help!
PS> Happy 4th of July

Ultimately it means that that network connection isn't operating. Now as to why, with just that one bit of information it's difficult to say - could be anything from the connection not being configured properly, to a bad cable, to a problem at the other end of the connection to any number of other things.

To post a comment on "My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?", please return to that article's main page.