If you doubt theat the connections you are receiving are from queries then capture some of the packets with a packet sniffer and check them out. Many MB of data could be just queries. The reason why is that most Gnutella clients allow you to be a super or ultrapeer which means you handle queries and file indexes for slower connections to shield them from the query storm. The file indexes and queries can add up to a lot of data.

As for the Netbios stuff ... some clients use random ports so unless you get a lot of hits on those ports I'd guess it's just random. On the other hand there are a lot of modified clients out there that collect and scan IPs for know weakness like filesharing being enabled by default over netbios. Then they can take your machine for use in DoS attacks etc. Lots of modified clients return fake results to get you to download bad programs too.

Use a good firewall like Zonealarm or Tiny Personal Firewall.
Use a good script control tool.
Use a registry protection tool.
Use a spyware detection tool.
Use anti-virus protection.

Get a packet sniffer and look closer before you freak out. Could be good .... could be bad.

-Peace-