Odd network traffic - what is it

  • Thread starter Thread starter DavidM
  • Start date Start date
D

DavidM

I use Zone Alarm Pro as my firewall, and recently I've noticed that
it's icon in the system tray (the traffic bar meter thingy) has been
showing a continuous activity which I don't understand. I've tried
closing all programs (except firewall and virus checker - Avast) to no
avail.

I've now tried using Nirsofts Smartsniff utility, and this shows up
the traffic quite nicely, but I still can't work out what's causing
it.

Here's an extract from the log file (it just shows the header and then
the first packet, following packets are just a repeat of the first).
The IP addresses and Local Host have been grunged before posting this.
Any ideas what's causing this?

Packets Stream Report
Index 1
Protocol TCP
Local Address XXX.YYY.1.100
Remote Address XXX.YYY.1.2
Local Port 1052
Remote Port 5431
Local Host ZZZpc.cable.virginmedia.net
Remote Host
Service Name
Packets 736
Data Size 208,219 Bytes
Total Size 238,249 Bytes
Data Speed 3.7 KB/Sec
Capture Time 13/11/2010 13:47:31:500
Last Packet Time 13/11/2010 13:48:25:968
Local MAC Address
Remote MAC Address
Local IP Country
Remote IP Country

<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><m:GetStatusInfoResponse
xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewConnectionStatus>Connected</NewConnectionStatus><NewLastConnectionError></NewLastConnectionError><NewUptime>167207</NewUptime></m:GetStatusInfoResponse></s:Body></s:Envelope>

POST /uuid:0012-1716-1fa80100e1dc/WANCommonInterfaceConfig:1 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction:
"urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.1.2:5431
Content-Length: 309
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetTotalBytesSent
xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>

HTTP/1.1 200 OK
DATE: Sat, 13 Nov 2010 14:16:29 GMT
Connection: Keep-Alive
Server: LINUX/2.4 UPnP/1.0 BRCM400/1.0
Content-Length: 350
Content-Type: text/xml; charset="utf-8"
EXT:

<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><m:GetTotalBytesSentResponse
xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"><NewTotalBytesSent>9190502</NewTotalBytesSent></m:GetTotalBytesSentResponse></s:Body></s:Envelope>
 
I use Zone Alarm Pro as my firewall, and recently I've noticed that
it's icon in the system tray (the traffic bar meter thingy) has been
showing a continuous activity which I don't understand. I've tried
closing all programs (except firewall and virus checker - Avast) to no
avail.

I've now tried using Nirsofts Smartsniff utility, and this shows up
the traffic quite nicely, but I still can't work out what's causing
it.

Here's an extract from the log file (it just shows the header and then
the first packet, following packets are just a repeat of the first).
The IP addresses and Local Host have been grunged before posting this.
Any ideas what's causing this?

Packets Stream Report
Index 1
Protocol TCP
Local Address XXX.YYY.1.100
Remote Address XXX.YYY.1.2

I assume the "XXX.YYY" are actually "192.168", right? If so then that
means that you're constantly communicating with your own network router.
Nothing to worry about.

Yousuf Khan
 
Back
Top