Running Windows 2000 Adv server, constantly "sending" packets

[fleabag]

I'm running 2000 Adv server as a domain controller and while I'm sure it's suppose to be sending packets out, it seems to be sending far too much data. On a 100Mbps connection, for a duration of 1 minute, it will go from 16,974 Sent packets to 17,102 sent packets. For the received side, for the duration of 1 minute, it will go from 8,099 to 8,101 recieved packets. Just two packets at 100Mbps is quite reasonable if you're not doing anything but 128 packets at 100Mbps is quite a lot for not "doing anything". I've used process explorer but it doesn't say network utilization and neither does taskmanager since it's Windows 2000. So I'm wondering, how am I suppose to pinpoint what exactly is sending out all of these packets on this machine. I've tried closing as many services as I could and it still does not stop, I have a bad feeling data is being siphoned from my machine with out my permission. I have AVG installed but disabling it has had no affect on the # of packets sent either.


Is there some sort of network monitoring software that'll say what is sending the packets?

 

[TheKub]

125 packets over the course of a min is not alot. Odds are its just the network services working on the network (broadcasts and such).

 

[fleabag]

It's constantly sending packets, the icon for networking, one of the computers is constantly illuminated and while I know why, I also don't know why. I used Microsoft network monitoring and while it does appear to be aware of the computer sending SOME packets at random intervals and a low rate, what it isn't aware of is the stream of packets that are constantly being sent from my machine at a high rate.

 

[TheKub]

I can only suggest that you look into the logs further. Make sure you are not filtering anything out (odds are you are not logging all packet types). You could also use a packet sniffer like ethereal\wireshark to look at the packets. I dont believe either will tell you what app\service is generating the packets it will just let you see the type and payload of what was sent. You will have to investigate further as to what utilizes those types of packets.

I doubt its malicious.

 

[spidey07]

There's nothing really abnormal about that. Load up wireshark and see what it is. It's most likely normal windows being "chatty".