DescentBB

What process/service sends and receives a few packets over the net like clockwork, every 20 seconds or so?

Windows 7 64 and 32 bit.

Any ideas?

You could try using resource monitor or process explorer to find out... Also do you have something like an email notification client or instant messenger program running (aka the usual suspects)?

While I don't know the answer to this off the top of my head, it's probably a pretty standard practice for something that is trying to keep a TCP connection open but isn't currently doing anything with it.

I don’t see any open TCP connections.

I think it’s one of these…

Command Line:
C:\Windows system32\svchost.exe -k netsvcs
Path:
C:\Windows system32\svchost.exe (netsvcs)
Services:
Application Information (Appinfo)
Background Inteligent Transfer Service (BITS)
Computer Browser (Browser)
Group Policy Client (gpsvc)
IP Helper (iphlpsvr)
IKE and AuthIP IPsec Keying Modules (IKEEXT)
Multimedia Class Scheduler (MMCSS)
Shell Hardware Dection (ShellHWDetection)
System Event Notification (SENS)
Server (Lanman Server)
Task Scheduler (Schedule)
Themes (Themes)
User Profile Service (ProfSvc)
Windows Update (wuauserv)
Windows Management Instrumentation (Winmgmt)

I used process explorer to narrow it down to those using the PID, but I don’t know how to get any further in narrowing it down.

Whatever it is it’s raising hell with WMP on a machine dedicated to music, so you can see how important it is.

Whatever it is, I’m sure anybody can see it in task manager…it’s the tiny little blip….every 20 seconds or so. I don’t have anything installed on that machine that didn’t come with it, except Office, and I don’t use messenger. (except the usual security suites and MBam) oh, and Net Magic, but I pretty much eliminated those.

I can see it on my other Windows box, but it’s not causing any problems there.

You can also view all active network connections with the netstat command in an administrator command prompt. If you want a full blown list of what is connected right down to the individual service level, use netstat -a -b. The -f switch is also handy since it will show the fully qualified domain name of the foreign address.

Also process explorer can show quite a bit of information about network usage (if you run it as administrator that is, at the normal user level it cannot display network info).

Thanks for that, but I’m pretty much out of my league here.

If someone can’t tell me what it is based on their knowledge, then I’m SOL.

I do know a way you can find out, although it's usually extremely spammy... there is a tool called Network Monitor (http://www.microsoft.com/en-us/download ... px?id=4865) that can be used to show you all the network traffic going through your network adapter, including what process is sending it. The UI is a little complicated, but hopefully not way too hard to figure out.

Thanks, I’ll take a look at that.

I'll take it that you are using home sharing .... But in reality are really not( iow you just ran through the connection wizard) and did not care about the photos and music and video and the home sharing key.... Just thinking it was a new annoyance of microsofts.....

Go to your network connections Change your network from "home" to "work"

Work network - you Still have access to printer and file sharing
*without the media sharing(aka DLNA - no Xbox streams)
*without a service (WMP) scanning your network and also advertising your files

Once its off you can then check that "windows media player network service" is not spooling up 24/7 like it does when media sharing is active and also hitting your CPU with 100% usage spikes

You can also run/services.msc and disable it



Good place to actually start, off the top of my head

One of the first things I did when I started to troubleshoot was turn off the Homegroup.

Turning off the media sharing service was next.

Then indexing (music files are on a second internal drive) virus scans…etc…

No, this is something that does not involve my LAN. (packets are coming in from the web)

This problem is being caused, where the CPU never goes over a few percent, and internet usage only spikes to like .05%...every 20 seconds.

But every exchange causes WMP to skip, or be distorted, and it just started recently, this machine played music flawlessly for years. I have also narrowed it down to only the shared sound drivers “exclusive” mode is unaffected.

I think something may have been farked up with that last platform update.

Thanks anyway.

Try getting and using Process Monitor. It's a complicated little booger, definitely a power user tool, but it logs everything that's going on, when it happens, who's responsible and you can turn it on or off whenever you want if you don't need it running all the time. I only use it when I want to find some errant culprit, because it generates a HUGE log file that's hard to scan through quickly.

http://technet.microsoft.com/en-us/sysi ... 96645.aspx

Thanks for that, at this point I’m convinced that all of the processes are perfectly normal, and have moved on to looking into other things.

Process monitor starts to make a lot more sense once you start using filters to get rid of most of the noise. Otherwise there is just too much stuff going on to spot anything relevant.

Yeah, I'm using it to try and find out which program or service is not unhooking from the registry upon system shutdown, causing my occasional temp account problem. I set the filters to monitor only registry events for RegLoadKey and RegUnloadKey. Haven't caught it yet because it hasn't reoccurred lately. Figures. But I have a suspicion it's something that kicks off in the evening, so when I'm on my one system at night, I'll try to catch it. Been to busy to try it yet though.

I think I stopped That by disabling IPV6 in nic settings.

So it turned out to be Malwarebytes (nothing to do with the recent thing) weird because I have had NIS and Mbam running on this machine for years without a problem.

And I kind of feel stupid, because I didn’t think to check that in the first place.

I pretty much ripped this machine to shreds trying to solve the problem, in fact its total performance is not the same.

Can’t even get the damn thing back to the original sound drivers now.

I hate to say this after all that, but why didn't you just use wireshark and see what was coming and going?

Maybe cause nobody suggested it?

Wireshark doesn't identify the process. From the description, it sounded like he knew what was being sent but needed to know who was sending it.