Constant Network Activity on Tray Icon with Wireless

[spacesurfer]

I've got annoying activity that's bugging me and I was wondering if you guys know why its happening.

I've got an Airlink-101 Super G router that I just installed. I set up a manual SSID, WEP 64bit encryption, not broadcasting.

On my laptop, the tray icon that tells me wireless is connected is persistently lit up telling me it's doing something, downloading something or transferring some information even when I'm not doing anything. I mean it doesn't turn off for even a millisecond.

When I have connect to other network access points, it doesn't do that. Only on this new router that I got. I have accidently connected to neighbors (because I wasn't broadcasting mine) and it didn't do this.

Should I be worried? Why is it doing that? Is it taking up my bandwidth? I did notice that my download speed is lower on the laptop compared to my desktop even though speed shouldn't matter since it connects at 54 Mbps and internet speed is only 3 Mbps.

If anyone can please shed light, let me know. If you need more info, let me know.

thanks.

[Woomera]

have you tried any network monitoring tool? like TCPView,Netlimiter

[spacesurfer]

No, are those freeware? I will search for them.

[Woomera]

tcpview is free and u can get it from microsoft.com but netlimiter pro is not free.though i dont know if it does have a free version too or not.

[spacesurfer]

Okay, I downloaded it and ran it. I'm not sure what to look for though.

What am I looking for?

When my network is idle, I've got the following that says they are LISTENING:

alg.exe:2280

svchost.exe - many of them but only one that says listening.

system:4 - many of them but only one that says listening.

Is svchost and system normal? And what the heck is alg.exe?

[cluberti]

Is svchost and system normal? And what the heck is alg.exe?

One svchost.exe process contains the server service, which listens for inbound connections (this is normal if the server service is running). They "SYSTEM" process isn't really a process at all (in user-mode terms, anyway) - it's a representation of user-mode threads with kernel-mode components (basically, it's things running in kernel) - if you have applications on the machine with kernel-mode drivers (like a firewall, antivirus / antispyware, or backup software), this could be normal as well. Alg.exe is the Application-Layer Gateway service, and provides an interface for plugins to the Internet Connection Sharing service (so if you aren't using ICS, this is probably your firewall - I've seen ZoneAlarm listen on this port via alg.exe before).

At this point, you don't seem to have anything nefarious on the box from what you've shown, so it would probably behove you to download something like wireshark and gather a network trace for 30 - 60 minutes, then save the network capture and open it up to see where all of your network packets seem to be going. That'll at least give you an idea of what's happening.

[Woomera]

I agree with cluberti.if tcpview doesnt show any stablished connections then you have to run packet capturing.though it might be an act of a trojan or something like that.do you have an up-to-dateAntiVirus?

[spacesurfer]

I don't have antivirus installed but I do have a firewall (COMODO firewall).

But here's the thing - when I connect to another access point at work, this doesn't happen. Only at home does this happen. I think it has to do with my Airlink router. It must be constantly sending some signals or something.

[cluberti]

I don't have antivirus installed but I do have a firewall (COMODO firewall).

But here's the thing - when I connect to another access point at work, this doesn't happen. Only at home does this happen. I think it has to do with my Airlink router. It must be constantly sending some signals or something.

Well, not to be repetitive, but a network trace would confirm or deny that. Instead of guessing .