- two routers, one gets contacted continuously
- Posted by Peterken on May 11th, 2005
I think this is one for the experts here:
I'm running XP SP2.
I've got two routers DLink DI604 rev D1 with firmware 3.09b1 and I obtain 2
IP addresses from ISP automatically through DHCP.
Both routers are identically configured (but with different LAN IP addresses
of course), and only 192.168.0.1 is DHCP server enabled for the LAN.
Both routers are bridged at LAN side using a switch DLink DES1008D.
Both routers are bridged at WAN side using a switch Eminent towards ISP
modem .
The two goups of PC's in LAN have different gateways configured, one group
has 192.168.0.1 and the other has 192.168.0.2
My own PC has both gateways configured, it takes default 192.168.0.1 as
gateway.
Now: When I look at the log of my firewall (Sygate Pro) I see the service
"svchost.exe" contacting router 192.168.0.1 for say once every 20-30min, but
"svchost.exe" contacts router 192.168.0.2 about 30-40 times per minute
almost continuously.
I already tried setting interface metric to different values on my PC.
Any ideas what's happening here anybody ??
The connection log of my firewall shows that contacting the 192.168.0.2 is
always done towards port 80 of the router, but from incrementing ports
(1025-5000) of my PC.
Part of the Sygate log:
Date/time: 05/10/2005 08:52:47
Action: Allowed
Severity: 3
Direction: Outgoing
Protocol: TCP
Remote host: 192.168.0.2
Remote MAC: 00-0F-3D-12-EC-ED
Remote Port: 80
Local host: 192.168.0.186
Local MAC: 00-40-F4-90-54-B4
Local port: 1431 (increments for every attempt)
Process: C:\WINDOWS\system32\svchost.exe
Owner: peter
Workstation: WXP_MAINOFFICE
Security: Normal
Occurrences: 1
Start time: 05/10/2005 08:52:44
End time: 05/10/2005 08:52:44
Rule: GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100
When I list ipconfig /all I get:
Den ipconfig /all gibt mir:
Windows IP Configuration
Host Name . . . . . . . . . . . . : WXP_MAINOFFICE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : telenet.be
Ethernet adapter Local Area Connection LAN:
Connection-specific DNS Suffix . : telenet.be
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-40-F4-90-54-B4
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.186
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::240:f4ff:fe90:54b4%4
Default Gateway . . . . . . . . . : 192.168.0.1
192.168.0.2
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 195.130.130.4
195.130.130.132
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Tuesday, May 10, 2005 8:49:24 AM
Lease Expires . . . . . . . . . . : Wednesday, May 11, 2005 8:49:24 AM
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 80-00-E4-3B-AE-AD-CE-C3
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : telenet.be
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-00-BA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.186%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
- Posted by David H. Lipman on May 12th, 2005
From: "Peterken" <peter273@hotmail.com>
| I think this is one for the experts here:
|
| I'm running XP SP2.
| I've got two routers DLink DI604 rev D1 with firmware 3.09b1 and I obtain 2
| IP addresses from ISP automatically through DHCP.
| Both routers are identically configured (but with different LAN IP addresses
| of course), and only 192.168.0.1 is DHCP server enabled for the LAN.
| Both routers are bridged at LAN side using a switch DLink DES1008D.
| Both routers are bridged at WAN side using a switch Eminent towards ISP
| modem .
|
| The two goups of PC's in LAN have different gateways configured, one group
| has 192.168.0.1 and the other has 192.168.0.2
|
| My own PC has both gateways configured, it takes default 192.168.0.1 as
| gateway.
|
| Now: When I look at the log of my firewall (Sygate Pro) I see the service
| "svchost.exe" contacting router 192.168.0.1 for say once every 20-30min, but
| "svchost.exe" contacts router 192.168.0.2 about 30-40 times per minute
| almost continuously.
|
| I already tried setting interface metric to different values on my PC.
|
| Any ideas what's happening here anybody ??
|
| The connection log of my firewall shows that contacting the 192.168.0.2 is
| always done towards port 80 of the router, but from incrementing ports
| (1025-5000) of my PC.
| Part of the Sygate log:
| Date/time: 05/10/2005 08:52:47
| Action: Allowed
| Severity: 3
| Direction: Outgoing
| Protocol: TCP
| Remote host: 192.168.0.2
| Remote MAC: 00-0F-3D-12-EC-ED
| Remote Port: 80
| Local host: 192.168.0.186
| Local MAC: 00-40-F4-90-54-B4
| Local port: 1431 (increments for every attempt)
| Process: C:\WINDOWS\system32\svchost.exe
| Owner: peter
| Workstation: WXP_MAINOFFICE
| Security: Normal
| Occurrences: 1
| Start time: 05/10/2005 08:52:44
| End time: 05/10/2005 08:52:44
| Rule: GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100
|
| When I list ipconfig /all I get:
|
| Den ipconfig /all gibt mir:
| Windows IP Configuration
|
| Host Name . . . . . . . . . . . . : WXP_MAINOFFICE
| Primary Dns Suffix . . . . . . . :
| Node Type . . . . . . . . . . . . : Unknown
| IP Routing Enabled. . . . . . . . : No
| WINS Proxy Enabled. . . . . . . . : No
| DNS Suffix Search List. . . . . . : telenet.be
|
| Ethernet adapter Local Area Connection LAN:
| Connection-specific DNS Suffix . : telenet.be
| Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
| Ethernet NIC
| Physical Address. . . . . . . . . : 00-40-F4-90-54-B4
| Dhcp Enabled. . . . . . . . . . . : Yes
| Autoconfiguration Enabled . . . . : Yes
| IP Address. . . . . . . . . . . . : 192.168.0.186
| Subnet Mask . . . . . . . . . . . : 255.255.255.0
| IP Address. . . . . . . . . . . . : fe80::240:f4ff:fe90:54b4%4
| Default Gateway . . . . . . . . . : 192.168.0.1
| 192.168.0.2
| DHCP Server . . . . . . . . . . . : 192.168.0.1
| DNS Servers . . . . . . . . . . . : 195.130.130.4
| 195.130.130.132
| fec0:0:0:ffff::1%1
| fec0:0:0:ffff::2%1
| fec0:0:0:ffff::3%1
| Lease Obtained. . . . . . . . . . : Tuesday, May 10, 2005 8:49:24 AM
| Lease Expires . . . . . . . . . . : Wednesday, May 11, 2005 8:49:24 AM
|
| Tunnel adapter Teredo Tunneling Pseudo-Interface:
| Connection-specific DNS Suffix . :
| Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
| Physical Address. . . . . . . . . : 80-00-E4-3B-AE-AD-CE-C3
| Dhcp Enabled. . . . . . . . . . . : No
| IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
| Default Gateway . . . . . . . . . :
| NetBIOS over Tcpip. . . . . . . . : Disabled
|
| Tunnel adapter Automatic Tunneling Pseudo-Interface:
| Connection-specific DNS Suffix . : telenet.be
| Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
| Physical Address. . . . . . . . . : C0-A8-00-BA
| Dhcp Enabled. . . . . . . . . . . : No
| IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.186%2
| Default Gateway . . . . . . . . . :
| DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
| fec0:0:0:ffff::2%1
| fec0:0:0:ffff::3%1
| NetBIOS over Tcpip. . . . . . . . : Disabled
|
My suggestion. Get a Router with two WAN ports.
The Edimax PermaLink PRI-682
http://www.edimax.com/html/english/products/PRI682.htm
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by Peterken on May 12th, 2005
That's not an option, and the actual question was why svchost.exe keeps
contacting one of both continuously and not the other....
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:z9xge.25609$dw1.2849@trnddc02...
- Posted by David H. Lipman on May 12th, 2005
From: "Peterken" <peter273@hotmail.com>
| That's not an option, and the actual question was why svchost.exe keeps
| contacting one of both continuously and not the other....
|
It is an option because you are playing games with IP and creating confusion in network
Routing. If you got a Router with two WAN ports the Router will properly handle the Routing
issue and thus will mitigate SVCHOST issues and overly used CPU utilization.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by Quaoar on May 12th, 2005
Peterken wrote:
Check that UPnP is not enabled in the subject router.
Q
- Posted by Peterken on May 14th, 2005
found it....
It was the icon in the taskbar contacting the router on a continuous base.
Most likely to interrogate the router on sent and received packets.
Looks like a bug in windows to me, since it's more relevant to contact the
router if real traffic has happened.
"Peterken" <peter273@hotmail.com> wrote in message
news:kvjge.87855$sc6.5430302@phobos.telenet-ops.be...
