Is this Normal or Malware ? Large amounts of Out Data ?

[sub101uk]

I was wondering if this is normal I have noticed over the past month a very large amount of data being sent via me when I use Yahoo Mail or Ebay , I am using TCPView , When I just turn the computer on with no internet connect I see : 20 Endpoints , Estabished 0 , Listening 15 , Time Wait 0 , Close Wait 0

When I connect to the internet I then see Endpoints 47 , Estabished 4 , Listening 15 , Time Wait 0 , Close wait 0 ,

I can connect to Google mail page or Facebook and there is very little change : Endpoints 54 , Estabished 10 , Listening 24 , Time Wait 1 , Close wait 0 .

All seems well untill I conect to Yahoo https://us-mg42.mail.yahoo.com/ or Ebay https://www.ebay.co.uk/
connected to any of the above I then get : Endpoints 442 , Estabished 144 , Listening 22 , Time Wait 225 , Close Wait 0 .

I have tried all 3 browsers and its the same on all 3 Firefox ,Chrome and Internet Explorer . I have also tried 4 other computers using OS 7 ,OS 8 and OS 10 all using TCPView v3.05 and its the same .
All computers are using Eset Ver 11.0.159.5 .

Have I caught some type of Malware if so do I have to a total install as I have ran all Malware tools but it still remains the same and only seems to when happen connected to Yahoo or Ebay ?
Many Thanks and hope someone knows if this is normal .


You may think the problem maybe in the router however I have tried a spare route and thats the same , Plus I did use neighbours wifi which is using virgin and its the same my ISP is BTinternet .
So if your living in the UK and your ISP is Btinternet please load a copy of TCPview and see if you have got the same : When your doing general browsing are you getting around 79 Endpoints , 28 Established , Listening 33 , Time Wait 1 , Close Wait 0 . If you connect to Yahoo or Ebay Endpoints go up to 400 - 700 , Established 180 , Listening 30 , Time Wait 220 , Close Wait 1


Any thoughts ?

 

[Alejandro85]

Short asnwer, yes, it's normal, there is no evidence of malware or any other malfunction in the system. I can even reproduce the very same behavior in those websites.

It's due to the nature of how the web (and most important the underlying HTTP protocol) works. Basically, each website loads every page, every image, every script, every style sheet in a separate, new network connection. Some websites have more content, others are pretty slim. Many websites are infected with advertisements that spawn additional network connections. While browsers try to reuse connections as much as possible, it doesn't always work or is possible for performance reasons.

The vast amount of connections you're seeing is the result of this broken design of the web. It could happen more with some pages than with others, but it does happen all the time. It doesn't means that there are large amounts of data going in/out of your computer, it just means that there are a large number of open connections, each one likely transfering a tiny amount of data.

From the screenshot, one could see that the site's you've recently opened have a large amount of external dependencies (most likely ad servers) as there are many different target hosts.
It also shows the interference of an antivirus, as all connections come from "system" instead of your browser's process.

 

[sub101uk]

Many thanks for your reply I fully understand what your saying but one minute my lap top is just running at 60 connections and I connect to Yahoo or Ebay and 60 goes up to over 700 + when this happens my fan goes to working flat out .

I am going to installing a new 1Tb Hd soon so I will see if its still doing it after that but its only been doing this for the past 6 weeks .

Many Thanks for your reply

 

[Alejandro85]

The number of connections is expected to grow with each website you open, they'll be left open for a while, then closed, that's how the web works. I'm pretty sure that's normal. But if you want confirmation, take a look at the developer tools on your browser, on the network tab, and count how many connections the browser opens.

About the fans, I can think that the site has some big piece of JavaScript or tons of advertisements that put a load on your CPU (you can confirm this in task manager by looking at the CPU % of the browser process).
If that only happened since some time ago and not always, I would think that there is something else going on that causes heavy CPU. Most likely offender that I can think of are antiviruses doing their typical scans on every content you download.

Opening tons of network connections is a low process and consume mostly RAM, but CPU shouldn't be used too much. Changing the hard disk has no influence on either things.