Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Bandwidth overload - please help

  1. #1
    Join Date
    Jun 2008
    Location
    Norwich, UK
    Posts
    215

    Default Bandwidth overload - please help

    Basic system openSUSE 11.4, KDE 4.7

    All of a sudden my intenet usage has gone up to around a Gb/day and I don't
    know why.

    According to my ISP this seems to have started on Friday 13th April (well it
    would, wouldn't it)

    I've had a look in wireshark and one thing (of many) which I don't
    understand there is a whole bundle of MAC to MAC Ethernet II messages where
    the MAC addresses don't belong to any of my kit as far as I know and
    wireshark can't translate the MAC address to a company.

    Does this ring any bells with anyone?

    I'm fairly desperate here as I'm about to go over my monthly allowance (if I
    haven't done so already) and incur charges.

    FYI - I ran an upgrade on the day for the following packages & versions
    libfreetype6 2.4.4
    calligra-plan 2.5git.1333979292
    libpng14-14 1.4.4
    freetype2-devel 2.4.4
    calligra-words 2.5git.1333979292
    calligra-tools 2.5git.1333979292
    libtar1 1.2.11
    darkplaces rev20091001
    libthreadutil6 1.6.13
    calligra-kexi 2.5git.1333979292
    calligra-karbon 2.5git.1333979292
    taglib 1.6.2
    libkate1 0.4.1
    libopenssl-devel 1.0.0c
    calligra 2.5git.1333979292
    file 5.04
    libixml2 1.6.13
    openssl 1.0.0c
    libfluidsynth1 1.1.5
    calligra-kthesaurus 2.5git.1333979292
    libpng14-compat-devel 1.4.4
    kdelibs3-default-style 3.5.10
    libpq5 9.0.7
    libass4 0.9.12
    liblash1 0.5.4
    calligra-krita 2.5git.1333979292
    libopenssl1_0_0 1.0.0c
    libdvbpsi7 0.2.2
    libupnp6 1.6.13
    alienarena 7.51
    calligra-sheets 2.5git.1333979292
    libebml2 1.0.0
    libmatroska2 1.0.0
    libva1 1.0.15
    calligra-flow 2.5git.1333979292
    libpng12-0 1.2.49
    libcddb2 1.3.2
    calligra-stage 2.5git.1333979292
    libzvbi0 0.2.33
    libshout3 2.2.2
    libpng14-devel 1.4.4

    --
    Alan

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Bandwidth overload - please help

    On 2012-04-21 13:43, Fudokai wrote:
    > Basic system openSUSE 11.4, KDE 4.7
    >
    > All of a sudden my intenet usage has gone up to around a Gb/day and I don't
    > know why.
    >
    > According to my ISP this seems to have started on Friday 13th April (well it
    > would, wouldn't it)
    >
    > I've had a look in wireshark and one thing (of many) which I don't
    > understand there is a whole bundle of MAC to MAC Ethernet II messages where
    > the MAC addresses don't belong to any of my kit as far as I know and
    > wireshark can't translate the MAC address to a company.


    Do you have wifi?

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  3. #3
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,802
    Blog Entries
    14

    Default Re: Bandwidth overload - please help

    Kids in the house? Windows in VirtualBox?
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Bandwidth overload - please help

    On 2012-04-21 15:36, Knurpht wrote:
    >
    > Kids in the house? Windows in VirtualBox?


    Or vmware.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  5. #5
    Join Date
    Jun 2008
    Location
    Norwich, UK
    Posts
    215

    Default Re: Bandwidth overload - please help

    Carlos E. R. wrote:

    > On 2012-04-21 13:43, Fudokai wrote:
    >> Basic system openSUSE 11.4, KDE 4.7
    >>
    >> All of a sudden my intenet usage has gone up to around a Gb/day and I
    >> don't know why.
    >>
    >> According to my ISP this seems to have started on Friday 13th April (well
    >> it would, wouldn't it)
    >>
    >> I've had a look in wireshark and one thing (of many) which I don't
    >> understand there is a whole bundle of MAC to MAC Ethernet II messages
    >> where the MAC addresses don't belong to any of my kit as far as I know
    >> and wireshark can't translate the MAC address to a company.

    >
    > Do you have wifi?
    >


    We've got a wifi router but I've limited access to specific MAC addresses so
    it's not one of the neighbours hacking in :-)

    These MAC to MAC packets are going on even if the wifi boxes are shut down
    and the box I'm running wireshark on is on a wired connection.

    It's weird - watching packets go by on wireshark all looks Ok for a while
    and then a whole slew of these MAC|MAC packets go through. Most of them are
    quite small but there's just loads of them

    I've no idea if these are what's responsible for the increase in network
    traffic, I just don't know what they are or what's causing them.

    For instance ...
    Source Destination Protocol
    9a:d9:c3:c1:25:ed 23:a2:1d:a4:05:cc 0x6f4f
    b5:a3:3e:f2:a3:22 72:e5:ff:66:f0:91 0x0aff

    Can you thiink of any way I can find out what's generating them?

    --
    Alan

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Bandwidth overload - please help

    On 2012-04-21 16:09, Fudokai wrote:

    >> Do you have wifi?

    >
    > We've got a wifi router but I've limited access to specific MAC addresses so
    > it's not one of the neighbours hacking in :-)


    Try disabling it completely. MAC address filtering is known to be non
    reliable. Disable it for some time to learn if it is the cause.

    > Can you thiink of any way I can find out what's generating them?


    arp should dump the table of addresses known.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  7. #7
    Join Date
    Jun 2008
    Location
    Norwich, UK
    Posts
    215

    Default Re: Bandwidth overload - please help

    Carlos E. R. wrote:

    > On 2012-04-21 15:36, Knurpht wrote:
    >>
    >> Kids in the house? Windows in VirtualBox?

    >
    > Or vmware.
    >


    No VMs running (Windoze or other). SWMBO has XP on her box (to match her
    system at work) but it's turned off ATM.

    The only working boxes on the LAN are this workstation (openSUSE 11.4) a
    server (openSUSE 11,3, pending a rebuild to add SSD and upgrade), the ADSL
    router (Linksys AM200) and a Wifi router (Linksys WRT 54GL) not directly
    connected to the internet.

    --
    Alan

  8. #8

    Default Re: Bandwidth overload - please help

    On 04/21/2012 07:17 AM, Fudokai wrote:
    > The only working boxes on the LAN are this workstation (openSUSE 11.4) a
    > server (openSUSE 11,3, pending a rebuild to add SSD and upgrade), the ADSL
    > router (Linksys AM200) and a Wifi router (Linksys WRT 54GL) not directly
    > connected to the internet.


    Gotta go with a process of elimination.

    Turn off the server,
    1: Make sure your firewall is on on the 11.4 box and plug it directly
    into the AM200.
    2: Turn off the wifi router.
    3: No printers or anything on? If so, kill 'em.
    4: Fire up Wireshark

    If the packets are gone, bring things up one at a time to see when they
    start again. I'd start with the wifi router, but plug into it directly,
    not via the radio.

    If the packets start up, kill the 11.4 and get on the 11.3 and run
    wireshark from there. Or leave the 11.3 off and run Wireshark on your
    wife's XP box. What's the result?

    Perhaps turn off DHCP on which ever router it's on, and just using
    static addresses. Or set the DHCP scope really tight via the subnet
    mask - say 4 addresses and fill those with your MAC addresses. If there
    are any left over, fill them with bogus mac addresses.

    Any chance that DHCP is running on both the AM200 and on the WRT 54GL?

    Have you replaced the WRT 54GL firmware with Linux? Might consider
    that. If not, is the flash image current?

    Change the password on the routers. Make them long.

    Can you post a .pcap somewhere that others could look at?

    ....Kevin
    --
    Kevin Miller - http://www.alaska.net/~atftb
    Juneau, Alaska
    In a recent survey, 7 out of 10 hard drives preferred Linux
    Registered Linux User No: 307357, http://linuxcounter.net

  9. #9
    Join Date
    Jun 2008
    Location
    Norwich, UK
    Posts
    215

    Default Re: Bandwidth overload - RESOLVED (or at least gone away)

    Fudokai wrote:

    > Basic system openSUSE 11.4, KDE 4.7
    >
    > All of a sudden my intenet usage has gone up to around a Gb/day and I
    > don't know why.
    >
    > According to my ISP this seems to have started on Friday 13th April (well
    > it would, wouldn't it)
    >
    > I've had a look in wireshark and one thing (of many) which I don't
    > understand there is a whole bundle of MAC to MAC Ethernet II messages
    > where the MAC addresses don't belong to any of my kit as far as I know and
    > wireshark can't translate the MAC address to a company.
    >
    > Does this ring any bells with anyone?
    >
    > I'm fairly desperate here as I'm about to go over my monthly allowance (if
    > I haven't done so already) and incur charges.


    In the process of looking at things a reboot of the ADSL router (not the
    first reboot since the inception BTW) got me linked to a different gateway
    box.

    I've been sitting here watching wireshark for some time now and these odd
    ethernet packets have just disappeared :-)

    It's good that they've gone but I'd really like to know why they were there
    in the first place.
    I've put in a support request to my ISP (Plusnet) in case they had a known
    problem with a gateway box - plus I'd like a rebate if it /was/ their fault.

    I've found Plusnet pretty good on sorting out problems in the past (and they
    treat Linux geeks as real people too) so we'll see if they can help.

    Thanks to all who contributed :-)

    --
    Alan

  10. #10
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Bandwidth overload - RESOLVED (or at least gone away)

    On 2012-04-21 21:01, Fudokai wrote:
    > I've been sitting here watching wireshark for some time now and these odd
    > ethernet packets have just disappeared :-)


    Perhaps you were under bombardment. Your IP changed, so it stopped.
    Difficult to say without a capture.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •