Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Constant network activity
- Thread starter SebZen
- Start date
- Sort by reaction score
Since Snow Leopard upgrade, I have also been getting unusual activity. With my router - wireless OFF, PC on LAN OFF (it just shares modem, MAC and PC have never talked to each other) the cable modem Send and Receive lights continuously flashed about every second. Without the router, modem only occasionally flashs.
Leopard didn't do this with the same settings.
My computer is now connected directly to the modem. All Sharing is OFF. Firewall is Block All Incoming Connections.
Did menu Finder > Go > Network and the window shows a varying assortment of things which I don't understand. The one consistent item is Bear's Time Capsule. Others come and go. I have had up to 46 items listed.
As far as I know I have the computer set to not share, connect or communicate with anything on her own. Open Mail or Camino and I expect activity. Open an application and I expect a little activity when it checks for updates.
All the stuff in Network is disquieting. I didn't put it there, it changes on its own and I don't recognize any of it. Doesn't give one a secure feeling.
Any of you smarties here know who and why my computer is trying to talk to these places?
Leopard didn't do this with the same settings.
My computer is now connected directly to the modem. All Sharing is OFF. Firewall is Block All Incoming Connections.
Did menu Finder > Go > Network and the window shows a varying assortment of things which I don't understand. The one consistent item is Bear's Time Capsule. Others come and go. I have had up to 46 items listed.
As far as I know I have the computer set to not share, connect or communicate with anything on her own. Open Mail or Camino and I expect activity. Open an application and I expect a little activity when it checks for updates.
All the stuff in Network is disquieting. I didn't put it there, it changes on its own and I don't recognize any of it. Doesn't give one a secure feeling.
Any of you smarties here know who and why my computer is trying to talk to these places?
I tried Sidekick but don't know enough to make use of what I see. My ISP seemed to be the major activity. Why are they messing in and out of my computer?
Really got scared when I put one IP address in WhoIs and it said African names registry or something like that. Nigeria is in Africa and I don't want them anywhere near my compter.
And who is Steve Rogoff's MacBook? This one shows in the Network items window. I don't know him and surely don't want him checking out my stuff.
Main thing is, Leopard didn't do this. What is Snow Leopard up to and how can I turn it off?
Really got scared when I put one IP address in WhoIs and it said African names registry or something like that. Nigeria is in Africa and I don't want them anywhere near my compter.
And who is Steve Rogoff's MacBook? This one shows in the Network items window. I don't know him and surely don't want him checking out my stuff.
Main thing is, Leopard didn't do this. What is Snow Leopard up to and how can I turn it off?
Which connection do you have ? Cable ? ADSL ? Is your mac directly connected to the modem or is it behind a router ?
Hmm that's a bit strange ...
It looks like you are on a network with other computers connected to it. Is this your connection ? Are you supposed to be sharing it with someone else ? Do you have a wifi connection ? If yes which security are you using ? WPA ? WEP ?
Tex
Cable modem. I had a router so my little PC could share the modem - Mac and PC did not talk to each other. Took the router out after the Snow Leopard upgrade because the Send Receive lights on the modem were flashing constantly. Less modem activity without the router but I still have all the odd and varying items in the Finder Network window.
Live in a single family home with my MAC connected directly to the modem. Don't have AirPort in the machine. No wireless, WiFi, LAN or any other connections.
I called Apple about this twice. Had me Trash system Caches and User (just me as Admin) Caches/Cookies. Trashed all Login Items. One comment from tech was SL checks the time more often. Can't see how that has anything to do with what I am seeing.
Bear's Time Capsule (always there) and Steve Rogoff's MacBook are the only clearly unidentifiable items in the Network window. Don't know what they might be but are full names. Rest come and go. When selected, they say not connected or connection failed.
Apple suggested I call my ISP and get an Activity Log. I called, they don't have such a thing and I thought that would be the end of contact with them. Got a call about an hour later from a tech who seemed very knowledgeable on MAC and their system. Nothing useful.
Another oddity, possibly related, is a SuperDuper backup. I mostly diddle on the computer so not too much changes. Under Leopard, I'd run Cocktail first and the SuperDuper Smart Copy would take less than 5 minutes. With Snow Leopard, same activity takes up to 20 minutes. The Progress window indicates there are 408k files and by the time it is done, SuperDuper has copied 288k files. I certainly did not cause all the changes.
Hope all this network activity is not messing with more than half of the files on my HD.
Very curious.
Live in a single family home with my MAC connected directly to the modem. Don't have AirPort in the machine. No wireless, WiFi, LAN or any other connections.
I called Apple about this twice. Had me Trash system Caches and User (just me as Admin) Caches/Cookies. Trashed all Login Items. One comment from tech was SL checks the time more often. Can't see how that has anything to do with what I am seeing.
Bear's Time Capsule (always there) and Steve Rogoff's MacBook are the only clearly unidentifiable items in the Network window. Don't know what they might be but are full names. Rest come and go. When selected, they say not connected or connection failed.
Apple suggested I call my ISP and get an Activity Log. I called, they don't have such a thing and I thought that would be the end of contact with them. Got a call about an hour later from a tech who seemed very knowledgeable on MAC and their system. Nothing useful.
Another oddity, possibly related, is a SuperDuper backup. I mostly diddle on the computer so not too much changes. Under Leopard, I'd run Cocktail first and the SuperDuper Smart Copy would take less than 5 minutes. With Snow Leopard, same activity takes up to 20 minutes. The Progress window indicates there are 408k files and by the time it is done, SuperDuper has copied 288k files. I certainly did not cause all the changes.
Hope all this network activity is not messing with more than half of the files on my HD.
Very curious.
You're under some kind of a network, must be because that would be the only way you would see those items under there. Maybe you're connected directly to your modem, but double check to see if you aren't also connected by wireless at the same time.
Shows up a TONNNNN of IPs and addresses. Using the geo location tool, most come up as unknown city. One I did manage to find was China.
This is really scary. The only programs I have open are Mail and Safari, and network activity starts right after bootup.
Just tried a few more, it's from all over the world.. Greece, Spain, California, Hong Kong... what the hell is going on it's like I have bittorrent going on.
This continues even after in Firewall, I set it to block all incoming connectinos except those required for basic internet services (DHCP, Bonjour, IPSec).
Is there a way I can find out what program all this activity is coming from?
OK I got it installed but it's not showing activity (aside from Mail and mDNSResponder for a couple of seconds after bootup), while Sidekick keeps rolling activity.
Looks like it isn't a program, since Little Snitch doesn't show it.
I'm looking at Activity Monitor and now it seems like it's mainly data received. What could this be? From Italy, France, China, etc?? Googeling their IPs doesn't come up with anything useful
Alright I figured it out: It's OpenDNS.
If you're paranoid about it like me and don't see it necessary to keep this activity going for no reason, remove 208.67.222.222 and 208.67.222.220 from your DNS server list.
If you don't know what OpenDNS is, then you must have a different problem because you had to sign up to OpenDNS (http://www.opendns.com/)
If you're paranoid about it like me and don't see it necessary to keep this activity going for no reason, remove 208.67.222.222 and 208.67.222.220 from your DNS server list.
If you don't know what OpenDNS is, then you must have a different problem because you had to sign up to OpenDNS (http://www.opendns.com/)
I would:
- disable any "login items" so that there are not progs started at login
- install LittleSnitch firewall as suggested (demo version for free)
- reboot OSX and see which apps are trying to connect
@APlus84
The names in your network places are really strange. Even with a cable modem connected directly on your mac, you should not see others computers.
I also have cable and the modem's LED is blinking like hell all the time. Once I started Wireshark to see what's going on the network and to my big surprise there were tons of ARP Requests/responses. This actually means that the Cable modem is on a ISP's LAN with other modems. It seems ok for a cable connection but as I said, you should not see others PC advertized via Samba or AFP.
Strange.
- disable any "login items" so that there are not progs started at login
- install LittleSnitch firewall as suggested (demo version for free)
- reboot OSX and see which apps are trying to connect
@APlus84
The names in your network places are really strange. Even with a cable modem connected directly on your mac, you should not see others computers.
I also have cable and the modem's LED is blinking like hell all the time. Once I started Wireshark to see what's going on the network and to my big surprise there were tons of ARP Requests/responses. This actually means that the Cable modem is on a ISP's LAN with other modems. It seems ok for a cable connection but as I said, you should not see others PC advertized via Samba or AFP.
Strange.
I don't have OpenDNS, server address not listed. Only servers listed for my connected Ethernet DNS tab are my ISPs servers.
With the exception of Bear's Time Capsule, all the items in the Network window are "Kind - PC Server" when I do a Get Info. I don't like it but guess Tex-Twil's mention of an ISP LAN could be the reason. The fact many have an Hawaiian flavor to them makes it more likely since I live on Molokai. Seems up to 46 of them is a bit much.
Wireless - I've removed the wireless router from my system. For grins, I opened AirPort Utility (I don't have an internal or external AirPort). It finds 5 base stations. One is the name of the private school a few miles father from town (down cable) I know uses MACs - I donate my replaced stuff to them.
Been diddling here for about 2 hours. Just opened Activity Monitor. Network activity is constant. Data Received: 39.2MB - increases 100kb a minute. Data sent: 4.4MB. I think that significant.
Activity Monitor adds smbclient to the list when it does a Data Sent indication.
I don't need a hobby, I need to find a way to stop this thing from talking out of turn.
With the exception of Bear's Time Capsule, all the items in the Network window are "Kind - PC Server" when I do a Get Info. I don't like it but guess Tex-Twil's mention of an ISP LAN could be the reason. The fact many have an Hawaiian flavor to them makes it more likely since I live on Molokai. Seems up to 46 of them is a bit much.
Wireless - I've removed the wireless router from my system. For grins, I opened AirPort Utility (I don't have an internal or external AirPort). It finds 5 base stations. One is the name of the private school a few miles father from town (down cable) I know uses MACs - I donate my replaced stuff to them.
Been diddling here for about 2 hours. Just opened Activity Monitor. Network activity is constant. Data Received: 39.2MB - increases 100kb a minute. Data sent: 4.4MB. I think that significant.
Activity Monitor adds smbclient to the list when it does a Data Sent indication.
I don't need a hobby, I need to find a way to stop this thing from talking out of turn.
As mentioned, download Sidekick and Little Snitch, they helped me figure out my culprit. Start with Little Snitch, there should be a little window that shows what programs are using the connection. If one of them uses it constantly, you know which program it is.
If no clues in Little Snitch, then start Sidekick and try to figure out where the IPs belong to (you can right click on each and you'll have various options), mess around with it and you should find the problem. If Sidekick is too complicated for you, then I don't think you'll be able to figure it out by yourself. Because these two tools give you all the info you need to figure it out =/
By the way, it's Macs, not MACs
Just letting you know!There is also a nice utility called Bonjour Browser. It allows you get more information about services advertised by Bonjour.
Tex
Tex
I thank both of you for the time taken with my paranoia. If you are Boy Scouts, one Gold Star for helping Senior Citizens.
Bonjour Browser:
Short line - can you turn this bloody feature (Bonjour) OFF?
It lists 5 AirPort base stations I don't have or want.
2 printers I don't have or want.
2 tivo_videos_tcp. - 1 I don't want.
2 iTunes (Control & Sharing) - iTunes has everything I could find disabled.
4 (so far) named Workgroup Manager listings - all are in our phone book. Molokai is a small, friendly island but I don't want my computer talking to folks I don't know. All are Macs (I am trainable, eh?) by the last word of the name.
A new Workgroup Manager popped up in Bonjour Browser and the open Network window. Slightly different icon so I clicked on it to Get Info. Said I connected as a Guest. It is a MAC Server.
Would seem disabling or ingnoring the 5 AirPort stations would be a good place to start. The AirPort Utilities has some stuff available for controlling access. I unchecked the Monitor for problems Preference without effect. I didn't find a disable or ignore option but, never having an AipPort installed, I've not used the utility before.
And Bear's Time Capsule is always listed as Apple File Sharing. In Sharing, nothing is ON. What?
Modem indicates very little activity so I doubt security is an issue. I had 40 incident free years based on the premise, "Never let the plane go somewhere you have not already been." I would like to apply the same to my computer.
Thanks again,
Doug
Bonjour Browser:
Short line - can you turn this bloody feature (Bonjour) OFF?
It lists 5 AirPort base stations I don't have or want.
2 printers I don't have or want.
2 tivo_videos_tcp. - 1 I don't want.
2 iTunes (Control & Sharing) - iTunes has everything I could find disabled.
4 (so far) named Workgroup Manager listings - all are in our phone book. Molokai is a small, friendly island but I don't want my computer talking to folks I don't know. All are Macs (I am trainable, eh?) by the last word of the name.
A new Workgroup Manager popped up in Bonjour Browser and the open Network window. Slightly different icon so I clicked on it to Get Info. Said I connected as a Guest. It is a MAC Server.
Would seem disabling or ingnoring the 5 AirPort stations would be a good place to start. The AirPort Utilities has some stuff available for controlling access. I unchecked the Monitor for problems Preference without effect. I didn't find a disable or ignore option but, never having an AipPort installed, I've not used the utility before.
And Bear's Time Capsule is always listed as Apple File Sharing. In Sharing, nothing is ON. What?
Modem indicates very little activity so I doubt security is an issue. I had 40 incident free years based on the premise, "Never let the plane go somewhere you have not already been." I would like to apply the same to my computer.
Thanks again,
Doug
Been diddling with Bonjour Browser and Little Snitch.
I called Apple Tech about the network listings and Bonjour activity I was seeing. Gad, mainlanders are intense folks. Not idle "Talking Story" with him.
I asked if Bonjour could be turned off. He said it was really slick and allowed easy establishment of local networks. Since I was directly connected to the modem, my local network included other folks on the cable. Told me to put my router back in and my local network would be just stuff my side of the router.
Did that and there are zero items on my network and Bonjour is not talking to anyone. Suppose my PC would show up if I turned it on but that I understand.
Little Snitch - activity was limited to things I expected (Mail, Camino). She does ask about allowing things to use Ports but I understand because they are in response to things I've initiated.
Another thread which might be of interest:
https://forums.macrumors.com/threads/779592/
This I don't understand -
With the router back in, there was very little modem activity. Nothing odd for about 45 minutes.
Then Time Machine did a scheduled backup. The modem lit up and Little Snitch reported constant activity on mDNSResponder, alternating between ns.oceanic.com and dns2.oceanic.net (Oceanic [Time Warner] is my ISP).
Can't see why my ISP needs know anything after a Time Machine backup.
Got to thinking that the modem activity which got me all excited about this after the SL upgrade never happened until some time had passed with the computer active. Might be coincidence but it had started right after Time Machine did its thing this time.
Did a Restart of the computer. Normal modem startup activity and then all quiet. Little modem, Activity Monitor or Little Snitch action. KUHL!
After a few minutes, I forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Turned Time Machine off, put the computer to sleep.
This morning I had no unexpected activity for about 3 hours. Finished what I need to do and did a test - forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Did a Restart of the computer. Normal modem startup activity and then all quiet. Little modem, Activity Monitor or Little Snitch action. After 10 minutes, I forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Did the above 3 times with same result. Bit of a stretch to think it is coincidence.
Curious, eh?
I called Apple Tech about the network listings and Bonjour activity I was seeing. Gad, mainlanders are intense folks. Not idle "Talking Story" with him.
I asked if Bonjour could be turned off. He said it was really slick and allowed easy establishment of local networks. Since I was directly connected to the modem, my local network included other folks on the cable. Told me to put my router back in and my local network would be just stuff my side of the router.
Did that and there are zero items on my network and Bonjour is not talking to anyone. Suppose my PC would show up if I turned it on but that I understand.
Little Snitch - activity was limited to things I expected (Mail, Camino). She does ask about allowing things to use Ports but I understand because they are in response to things I've initiated.
Another thread which might be of interest:
https://forums.macrumors.com/threads/779592/
This I don't understand -
With the router back in, there was very little modem activity. Nothing odd for about 45 minutes.
Then Time Machine did a scheduled backup. The modem lit up and Little Snitch reported constant activity on mDNSResponder, alternating between ns.oceanic.com and dns2.oceanic.net (Oceanic [Time Warner] is my ISP).
Can't see why my ISP needs know anything after a Time Machine backup.
Got to thinking that the modem activity which got me all excited about this after the SL upgrade never happened until some time had passed with the computer active. Might be coincidence but it had started right after Time Machine did its thing this time.
Did a Restart of the computer. Normal modem startup activity and then all quiet. Little modem, Activity Monitor or Little Snitch action. KUHL!
After a few minutes, I forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Turned Time Machine off, put the computer to sleep.
This morning I had no unexpected activity for about 3 hours. Finished what I need to do and did a test - forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Did a Restart of the computer. Normal modem startup activity and then all quiet. Little modem, Activity Monitor or Little Snitch action. After 10 minutes, I forced a Time Machine Back Up Now. My modem, Activity Monitor and Little Snitch (mDNSResponder Oceanic) began to party.
Did the above 3 times with same result. Bit of a stretch to think it is coincidence.
Curious, eh?
if you are that pedantic about it you should try a network packet sniffing tool. It will show you all packets going in/out and tell you where they are heading. That would tell you you might have a bit of sifting to do though, but its not too hard.
a side note: just because the little snitch is showing thime warner as the destination doesnt actually mean it is going to that place, maybe it's going to apple? Who knows..
you might have a bit of sifting to do though, but its not too hard.a side note: just because the little snitch is showing thime warner as the destination doesnt actually mean it is going to that place, maybe it's going to apple? Who knows..