Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?

My internet connection status shows millions of packets when I’m not doing anything; do I have a virus?

Maybe, maybe not.

Okay, that wasn’t very helpful. But to be frank I can’t give you a
definite yes or no. But we can do a little investigation to determine if
what you’re seeing is expected or a sign of a real problem.

Become a Patron of Ask Leo! and go ad-free!

I’ll start with the obvious: you are running anti-virus
software, right? And you do have the latest and greatest virus
signatures for it, right?

If the answer to either of those was “no”, then get thee to an
anti-virus tool immediately, get it up to date, and do that scan. 99% of
the time a good anti-virus tool will answer your “do I have a
virus” question properly.

If anti-virus tools say you’re clean then we start investigating.
First, understand what the numbers in your connection status mean. Have a
look at mine (from Start-> Settings-> Network Connections-> Local Area Network):

LAN Status Image

You’ll note that I have 2 million packets sent, and almost 4 million
received. That’s count of the number of packets since that
connection was made
. You can see that the connection has been
connected for almost three days. So the longer you stay connected the
larger those numbers will get.

What’s more interesting is how quickly they’re changing as you
do nothing. Chances are they’ll grow even if you’re doing nothing
simply because you may be running some internet aware software – say an
instant messaging program, mail program, or something else. But if they
seem to be growing quickly there’s activity that might be worth
investigating.

In a previous article, How can I tell
what internet activity is happening on my machine?
I discussed several
tools and techniques to see what’s transpiring over your internet
connection. I’ll jump right to the tool mentioned at the end of that
article, Sysinternals’ TDIMon. Run it, log the
output to a file, and then after running it for a minute or so turn it off
and view the file in notepad. You should see lots of internet activity.
Much of it you’ll recognize as your own or perhaps as discussed in
that article, expected standard windows tools. But if there’s a program
there that you don’t recognize that seems to be doing a lot then it’s
probably time to understand just what it is. For that I’ve outlined
several techniques in What’s This
DLL? that will work with .EXE files as well. That research should help
you determine if you have a problem or not.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

57 comments on “My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?”

  1. I am a user on a home network sharing printers, files, and an Internet connection with several computers in the house. The individual computers use the Internet using DSL via a hub connected to a server then through a firewall connected to the DSL, which is using a static IP address. We are not using a proxy server.

    Lately I have been having trouble receiving web pages. They would at some point all start showing up as not found. When this would happen I found that the only thing that would get it up and working again apart from rebooting or just waiting was to open the “Local Area Connection Status” window and disable the network connection and then enabling it again. Which got me noticing this:

    Logically, it seems to me, that when I am surfing the Internet the packets would be far grater on the “Received” side then on the “Sent”. Because I would be receiving web pages, images, sounds, movies, flash content, and so on, while sending, I would presume, just requests for that stuff. I seem to recall it once being that way when I would be monitoring the “Local Area Connection Status” window in the past. The “Received” would be a lot but the “Sent” would be very little. But now it seems that the “Sent” packets are nearly equal if not greater then the “Received” side. Why might that be? Dose the number of “Sent” packets correlate to the size of the files being “Received” in some way?
    It causes me to think that whatever is being viewed on the web browser is being echoed or bounced back to someone else on the Internet thus doubling the network traffic. Could this be causing our problems or are we simply over tasking the network all on our own by all using it at once?
    I notice your snapshot shows a similar ratio to what I am getting now. So perhaps it is normal and I am just remembering incorrectly.

    Which brings me to one more question.

    Would the program you mentioned “TDIMon” detect if a computer is being used as a Drone or Zombie in a Denial of Service (DoS) attack if that where the problem?

    Thanks in advance for any info you can give. Or for that matter even just reading all this.

    Reply
  2. Actually the real question to ask is “why would sent and receive ever be different?” For a normal transfer of information (like a web page, for example) each packet that is sent must be acknowledged with, you guessed it, another packet. So for each packet I send, I *should* recieve a packet saying that it was received.

    That’s *most* of the time. There are certain communications protocols (streaming audio and video come to mind) where an acknowledgement is not used. Depending on what machine you’re looking at, viral probes that come in off of the internet may, or may not appear as recieved packets that your firewall probably will not respond to.

    So the bottom line is that there’s always a difference, and unless the difference is HUGE (or one of them is zero :-), it doesn’t really tell you much.

    TDIMon will probably tell you if your machine is being used as a drone, if you know what to look for. There’s a lot of activity to wade through, even on a healthy system.

    But really, the easier way is simply to look at your process list, or simply run good AV and SPyware scanners. That should not only to tell you, but fix it, if it is a problem.

    Hope this helps.

    Reply
  3. Yes that does help and makes sense now. It’s bit of a relief for me to hear that and narrows things down a bit for me.

    Thank you!

    Reply
  4. Hello Leo i need help My packets are sending out way more then normal infact its making my computer internet slow its sending out like 556,543,packets sent and 23,500,packets recieved and connect time is 12 mins/45 secs 🙁 🙁 🙁 WHAT DO I DO NEED HELP

    Reply
  5. Hi Leo …

    me too having the same prob … have tried latest AV and spyware scanner till my PC is “clean” … is behind a firewall and a linksys router… still having the same prob…

    funny thing here is , i resorted to format the PC and reinstall the OS .. still, the same thing happen even though i have not install anything else.

    is formating enough ? or is there other steps i need to perform to totally cleanup my harddisk?

    pls advise and thanks in advance!

    Reply
  6. Hi, for all who have this problem, i found solution! In my office was 2 PC with some problem, all you need clean yours PC with SpySweeper or any other soft and after that….
    After that you need remove network card and install again!
    Belive me its working, i think what some kind of spyware just corrupt network driver.
    Have a good day and send thanks to me 🙂

    Reply
  7. Hi Leo, I was wondering what it means if one of the Packets Sent/Received values was zero… More specifically, what problem is denoted by the “Packets Received” being 0? 🙂 Thanks for your help!
    PS> Happy 4th of July

    Reply
  8. Ultimately it means that that network connection isn’t operating. Now as to why, with just that one bit of information it’s difficult to say – could be anything from the connection not being configured properly, to a bad cable, to a problem at the other end of the connection to any number of other things.

    Reply
  9. Hi Leo – Great site! I faithfully have Norton Antivirus running to check for any virus. I also do a once a week sweep. I also run Spybot Search & Destroy and Ad-aware.

    My packet sent are showing 4,294,968,512. Received is 6,458. During a workday the number can climb well over 24,000,000,000.

    Today I ran http://housecall.antivirus.com/housecall/start_frame.asp and found nothing.

    All of the programs are showing clean yet the packet sent go nuts every day. What should I do next?

    Reply
  10. I had a similar experience as Oki with one exception. I had to download and install the latest network card drivers from Intel’s (my laptop has an Intel Pro/100 VE network adatper) web site after removing the network adapter. After doing so, it solved the “trillion” send packet problem.

    Reply
  11. I was wondering about times when both send and recieve show as zero packets. We have a 169.254.x.x IP so I think its trying to connect but we still show zero. Clicking repair fails and the numbers are still zero.

    Does this mean the computer is not even trying to connect or can we not make such assumptions from that info?

    What would you recommend as the next step, reinstall drivers? Rebuild TCP/IP? Other?

    Reply
  12. A 169. IP address indicates that yoru machine doesn’t think it’s connected to the network, OR that there’s no DHCP server responding to assign it an IP address. (169. addresses are last-ditch, self generated addresses when everythign else fails). The computer is TRYING to connect, but either it’s not connected to the network, or there is some other kind of problem preventing communication. I’d start by removing as much as you can between the internet and the computer (like routers and such), and if that works, start putting them back until you can tell which one causes the problem.

    Reply
  13. Hey Leo,
    In my local area connection the packets are being sent but not recived. I recently was fooling around with settings and I guess I messed somthing up. I can connect to the internet but once I try to go to a new page a message comes up saying “the web page you requested is not avalable offline. to view this page press connect.” How do I reconfigure the connection?

    Reply
  14. I recently faced such a problem.Firstly i scanned the computer with the Mcafee’s Anti Virus,but it doesn’t detected any virus.
    Then i simply changed the Network card and it worked.

    Reply
  15. I just recently got a new HDD and i had to reinstall all my divers. Everything works fine but i have noticed that for all my NIC cards its saying zero pockets received. I tried uninstalling the cards and reinstalling them but that did not help. When i repair it fails. For status it says that its connected and for speed its 100.0 Mbps, also the IP begins with 169. what should i do?

    Reply
  16. Hi Leo
    i have been experiencing some “wierd” problems with my Cable High Speed Internet, i keep losing the signal and its really hard to get it back. The pic. on my Tv also gets really messt up all the white snow and stuff. I have also been calling the company to ask them 2 come and see what the problem is, but they cant do anything..Yea and the packets activity thing is really low its in 15s received and sent..so if you think you know the solution please let me know. THANK YOU.

    Reply
  17. Hi All,

    As per Scott and Petros, upgrading the Device Driver fixed my problem. My laptop has an Intel Pro/100 VE network adatper. Thanks a lot to everyone contributing towards this.

    Amit

    Reply
  18. k the problem that I have is that the sent and recieve is going at normal and then suddenly stops for no reason, during downloads during anything. So the 2 little computer screens go dark and the internet (while still connected) stops and everything from downloads to websites stop. I have the Ultrafast DSL from Look.ca and it didnt use to do this but for no real reason it does this now.

    Reply
  19. Like some others had mentioned previously, updating the device driver for my Intel PRO VE/100 adapter worked. Just go to the Intel website, then Network Adapters, then your NIC. I also freaked out, tried everything I could, and thought my ISP might kick me offline. But it didn’t seem to affect traffic at all. Very wierd. Thanks ask-leo.com!!!

    Reply
  20. i haf got a prob here. I am using a linksys router connected to an ADSL modem. I keep sending internet packets non-stop and receive veri little packets. I run all anti virus and spyware detect but found nutin. I can connect to the net for like a min or so and later it doesn’t work anymore. i notice a file call iexplorer.exe is access non stop and netbios seems to send non stop even i disable it.

    Reply
  21. SO i have opposite of everyone else… my recieved packets are dare i say normal however my sent packets suck.. they bounce around a couple of times a minute between 0 and 20ish.

    atm my laptop and my pc are hooked up to a switch which is hooked up to the ethernet port in my dorm room. laptop works fine pc doesnt, have same problem if i switch cables, dont use the switch, switch ports, switch nic cards in my computer, none of it makes a difference. all of my drivers are up to date, no viruses, no spyware.
    i went through network connections properties vs properties on my pc, they are all the same.

    neither i or the tech service here at school can figure it out. any advice?

    Reply
  22. I’ve had this problem like 3 times already, twice with dialup… first time with dsl. All my spyware definitions are updated. And my dial-up works fine now that my dsl is “Out of Order” Please, i need help

    Reply
  23. plz suggest me, my broadband dsl cable is conected through USB post..the received packets shows correctly..but sent always shows 0 (zero)..
    where might be the problem plz help me out..

    Reply
  24. I’ve been having a strange problem with my internet lately this only happens when I play 1 particular game Known as SWG. I have all of the games requirenments, 1.25 gigs of ram and a Radeon 9250 Video card.
    I noticed how everytime i play this game the Packets i recieve greatly increased constantly far more than what is sent. It’s not a normal lag either the game runs fine for the first 10 min. Then I here a strange sound coming from my hardware when the lag kicks in. Now I know my internet isn’t slow since I have a cable modem and I have anti-spyware and symantec anti-virus on constantly. Further more the lag isn’t constant it stops after about 20 min. after it started. then it just comes back again later. I have no clue what it might be I’ve tried every solution I could find so far none have worked. I am hoping this makes sense to you.

    Reply
  25. Plz tell me what does a LOCK symbol stands for on my received (ing) side connection on Local area connection activity symbol & how to remove that?Plz reply

    rgds,
    joe

    Reply
  26. SOMEONE PLEASE HELP ME. i HAVE SEVERAL DIFFERNT TYPES OF POPUP BLOCKERS ALL OF THEM ARE WORKING. I AM GETTING POPUPS EVEN WHEN MY PC IS JUST SITTING STILL. WHEN I AM DOING WORK I AM INTERUPTED BY THESE CRAZY THINGS. SOMETIMES IT TELLS ME THERE IS A TROJAN DETECTED, I AM REALLY GETTING FREAKED OUT DO HAVE SOME KIND OF POPUP VIRUS? WHAT DO I DO?

    Reply
  27. i have a cable connection , use win xp .
    Whenever i see the LAN CONNECTION STATUS i find the number of packets sent is roughly the same as the number of packets received.
    E.g. AS OF NOW sent = 713 received = 698

    I did use NETSTAT and got the following result

    Active Connections

    Proto Local Address Foreign Address State
    TCP A:epmap A:0 LISTENING
    TCP A:microsoft-ds A:0 LISTENING
    TCP A:1032 A:0 LISTENING
    TCP A:netbios-ssn A:0 LISTENING
    TCP A:1028 173.26.250.250:http TIME_WAIT
    TCP A:1047 72.14.203.104:http ESTABLISHED
    TCP A:1055 216.239.57.147:http ESTABLISHED
    UDP A:microsoft-ds *:*
    UDP A:isakmp *:*
    UDP A:1025 *:*
    UDP A:1026 *:*
    UDP A:1027 *:*
    UDP A:4500 *:*
    UDP A:ntp *:*
    UDP A:1900 *:*
    UDP A:ntp *:*
    UDP A:netbios-ns *:*
    UDP A:netbios-dgm *:*
    UDP A:1900 *:*

    173.26.250.250 is the GATEWAY IP.
    Kindly advise if there is anything amiss.
    Thanking you in advance

    Reply
  28. Hi, my peer to peer wireless connection says that both the computers are connected but there is no data transfer between them.i checked the ip addresses , one is 192.168.0.1 subnet 255.255.255.0 , the second one is 192.168.0.2 , subnet 255.255.255.0 both manually assigned.What could be the problem? the network adapters show that packets are being sent but no packets are received.Do i have a hardware problem? Please Help

    Reply
  29. I have the reverse of everyone else. My recived bytes increase by about 4,000 to 6,000 per second even without any internet activity. Anti-virus and spyware do not detect anything. Any suggestions?

    Reply
  30. That was somewhat helpful, but what i found with the packets in my connection was that the Local Area Connection was fine, but when I look at my Internet Gateway, it shows many more packets received than sent. i hope html code works, cause this is what it looks like:

    I think this might be because some kid on Xbox Live got mad at me and got my IP address and discussed ways of how he was going to hack my computer. he mentioned that he was going to send a bunch of packets. TDIMon isn’t detecting anything unusual. this is now slowing down my computer. I believe McAfee blocked his attempts to hack, and i reported, traced, and banned the range of IPs from his host. I hope that all makes sense.
    Any help you can provide would be fantastic, and if you need clarification, emailing me would work great.
    Thank You.

    Reply
  31. If your internet status is showing lots activity while not using the internet, I would say maybe you have software that is updating or just someone is doing some port scans on your ip address, which would make your internet connection poor. If this is the case you may want to find out if you can renew your ip address, that is if it is possible for your type on connection. Visiting none trusted websites will normally result in port scans

    As for popups if you keep gettion popups even while having pop up stopers installed you more than likely have adware. Try buying some good anti spyware/adware

    Reply
  32. Hey i have the same tipe of problem. the number of my sent pakets allways drops down to zero about every 30 seconds. I would like to know if its normal? And if not, what should i do?

    Reply
  33. my internet connection shows sent packets are 2,3 times more than recieved and that caues bad effect on my speed,specially when i want to play online,high ping i mean.
    I used mcafee antivirus,norton 2006 antivirus,zone alarm antivirus,nod23,pc cilin and also many other spyremover programs,they almost found nothing and i still have problem.
    i even installed a new version of windows xp but that also did nothing.
    what else should i do?

    Reply
  34. Can someone show me how to change it to show how many bytes transfered, not how many packets, in the “internet connection status”?

    Or, 1 packet = ?? bytes, anyway?

    Reply
  35. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    No. That’s apparently information provided by the driver, and it’s not
    configrable. Ditto for the size of the packets, as I understand it.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFGXIAfCMEe9B/8oqERAkDqAJ9wc0UNbeT7YrakcenTmfhQ2DNl+gCfSeQA
    y8Cgyf/XrCwG8t5Y7BIOaIk=
    =0Nma
    —–END PGP SIGNATURE—–

    Reply
  36. I thought finally I have found someone with the same problem, but reading all comments I am not sure anymore.
    When I START up my computer I don’t have millions of packets I have BILLIONs of packets. Connected since 5 Minutes (34,359,739,466 – sent / 1,455 received).

    After a while using the computer I can’t start or use any internet application. I still can use other programms but as soon as anything is using the network, the application is frozen.
    I can not even start the taskmanager to kill application or shut down. All I can do is close all not frozen applications and switch off.

    I ASSUME it has to do with the packages, but I am not sure. Is there any way how I can clean them up.
    Repairing the network connection while it is working is possible, but does not solve the problem.

    Yes – I have AVG Antivirus with latest pattern file.

    Thanks
    CHS

    Reply
  37. I had a similar problem as CHS.
    Connected for 12 minutes: 841,813,598,384 Sent / 9,563 Received.
    I’ve since rebuilt this (very jacked up) system, but I would be curious as to the bytes vs. packets equation, as Lipton asked. I’d like to know the theoretical speed it claims.

    Reply
  38. You rock Leo! I’ve easily solved my slow internet virus problem with the super combo of TDImon & TCPView, weeding out what’s causing the problem. The problem was in C: Windows\Prefetch, where the virus made tones of .pf or something like that files, which caused my laptop to become an email sending bot.

    Thanks Leo!

    Reply
  39. Hi Leo,
    I have a problem with my Internet connection after accessing the Internet after about 1/2 hr or so. The Local Area Connection Status showed zero packets sent whenever I encounter this problem and I have to reboot my pc to get it started again. I’ve been trying to troubleshoot for a very long time and still can’t find the root cause. I’ve changed my network card, rebooted my cable modem, etc and still encountered the same problem. Can I check if the problem is related to the motherboard or is it related to the network card driver? I had 2 network cards (1 DLink & 1 Linksys) and both gave me the same problem.. What else can I do to nail down the culprit? Thanks a lot, Leo..

    Reply
  40. I was sending “billions and billions” of packets until I updated the network card driver. Now the packets sent and received balance out nicely. In my case I went directly to the Intel website which had more recent drivers than the computer manufacturer. Of course first check for viruses, etc.

    Reply
  41. Hi, when I start my PC in Local Area Connection Status shows what I have 200000 send and 423000 received. Can u tell me what`s the problem? Couze I can`t play on-line games. They frozen all the time.But when I restart my PC LACS shows for example 400000 send and 200000 received and games works fine (but that happen not all the time) please HELP

    Reply
  42. when i starts internet connection automatically received byte are increasing without opening any sites.even i stopped antivirus updating automatically.

    Reply
  43. my internet connection 200k sent 27k recieved is this a virus? could you help me fix this its not normal cause im using broadband and its the first time it showed like this what should i do?

    Reply
  44. I have sent 43,843,217,918 and received 11,034,474,329. Is there something wrong, the connection is less than a day.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.