“Simple TCP/IP Services” – Network Utilization

Background

My ISP has been charging us extra since they started metering our Network Usage.

A couple of weeks ago installed Glass-wire & Net Balancer.

Let us see how well they help us identify which hosts and processes are victimizing us.

 

Trouble Shooting

GlassWire

Image

Explanation

  1. Time Span
    • Weekly
      • Graph
        • Application :- Other
          • Download :- 26.4 Mb
          • Upload :- 30.1 GB
        • Microsoft One Drive
          • Download :- 20.7 Mb
          • Upload :- 284 MB
        • IIS Worker Process
          • Download :- 2.3 Mb
          • Upload :- 19 KB

 

Microsoft

Resource Monitor

Images

Image #1

Explanation
  1. Address
    • IP Address :- 71-47-51-11.res.bhn.net
      • 294KB
    • 153-46.vf.cgocable.ca
      • 204KB
    • ns2.teleturbo.net.br
      • 185 KB
    • r75-110-95-142.kntnccmtc01*suddenlink.net
      • 103 KB
    • 128.199.81.122
      • 42 KB
    • 109.95.233.71
      • 21 KB
    • 217-210-7-122-no149.tbcn.telia.com
      • 19 KB
    • ip-176-198-97-236.hsi05.unitymediagroup.de
      • 13 KB
  2. Listening Port
    • TCPSVCS.EXE
      • Port 19

 

Image #2

Explanation
  1. Processes with Network Activity
    • TCPSVCS.EXE
      • Send
        • 1.4 MB/sec
      • Receive
        • 375 Bytes/sec
  2. Listening Port
    • TCPSVCS.EXE
      • Port 7
      • Port 9
      • Port 13

NetBalancer

Image

Explanation

  1. TCPSVCS.EXE
    • Down Rate
      • 30.4 KB/sec
    • Up Rate
      • 767,6 KB/sec
    • Connections
      • 24
    • Downloaded
      • 14.0 MB
    • Uploaded
      • 318.3 MB
    • User
      • SYSTEM

 

Remediation

Microsoft

Services Applet

We will stop and disable the following services:

  1. Simple TCP/IP Services
    • simptcp
    • Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of Day
    • C:\Windows\System32\tcpsvcs.exe

Image

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s