"Chuck" wrote:

> On Tue, 15 Aug 2006 09:20:01 -0700, Jim D <J***@discussions.microsoft.com>
> wrote:
>
> >I have Windows XP Pro installed on my laptop and notice that I have
> >continuous network activity when I am logged into my work domain or using my
> >home network. I run SpyBots S&D and Norton Anti-virus, plus I run Ad-Aware
> >periodically. I removed several programs in ADD/REMOVE PROGRAMS, but I cannot
> >determine what all the activity is from. I am sure that our IT Staff would be
> >happy to reformat the hard drive for me, and reinstall MS applications, but
> >is there a way to monitor the actual network activity on my laptop to see
> >what is sending and receiving all that data?
>
> Jim,
>
> You can use TCPView (free from SysInternals) to identify programs active with
> network connections.
> <http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView>
> http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView
>
> But if you want to identify the volume producers, you'll need something like
> Port Explorer, which will track each network connection by bytes in and out, and
> let you sort the tracking list by either figure.  Port Explorer has a trial
> version that's free; the paid version even has a mini packet analyser.
> <http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
> http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS
>
> --
> Cheers,
> Chuck, MS-MVP [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My        email         is          AT         DOT
>    actual       address    pchuck       mvps        org.
>

>"Chuck" wrote:
>
>> On Tue, 15 Aug 2006 09:20:01 -0700, Jim D <J***@discussions.microsoft.com>
>> wrote:
>>
>> >I have Windows XP Pro installed on my laptop and notice that I have
>> >continuous network activity when I am logged into my work domain or using my
>> >home network. I run SpyBots S&D and Norton Anti-virus, plus I run Ad-Aware
>> >periodically. I removed several programs in ADD/REMOVE PROGRAMS, but I cannot
>> >determine what all the activity is from. I am sure that our IT Staff would be
>> >happy to reformat the hard drive for me, and reinstall MS applications, but
>> >is there a way to monitor the actual network activity on my laptop to see
>> >what is sending and receiving all that data?
>>
>> Jim,
>>
>> You can use TCPView (free from SysInternals) to identify programs active with
>> network connections.
>> <http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView>
>> http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView
>>
>> But if you want to identify the volume producers, you'll need something like
>> Port Explorer, which will track each network connection by bytes in and out, and
>> let you sort the tracking list by either figure.  Port Explorer has a trial
>> version that's free; the paid version even has a mini packet analyser.
>> <http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
>> http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS

>Hello Chuck. I think you meant Process Explorer. And I appreciate your reply.
>Since my original post, I have install ZoneAlarm, and although it is an
>uphill battle to get it set up in my domain-based environment here at the
>college, it has stopped the activity. It seems that one of the culprits was
>System mechanic which phones home a LOT. Also, since I am at a state
>university, I get scanned a lot, particularly from China and Korea. That is
>now also blocked.
>
>Thanks so much for your help. I also recommend going to Tom Coyote's help
>site and using Hijack this. But make sure that when it is used, you do NOT
>delete anything until someone more knowledgeable about the registry looks at
>the hijack this log first.