Announcement

Collapse
No announcement yet.

Strange Internet Issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Strange Internet Issue

    Okay so let me try to explain things as clearly as I can. Please don't read part of my explanation and think "Oh I know what it is already!" and reply without reading the entirety of my explanation.

    For the last 2 weeks or maybe even a month, my cable modem's "activity" light has been pretty much solid, which usually indicates heavy downloading or uploading. It has never remained solid like this without me actually downloading/uploading or playing a game.

    Let me give a little background of my network setup. I live alone in my apartment. I'm the only one that uses my internet connection. I connect my desktop to a Linksys router (not wirelessly...the router is wireless but i connect via a cable) which then connects to the cable modem.

    I have tried unplugging/replugging my router AND cable modem. I've also tried doing a hard reset (holding down the button for 20-30 secs) on the router. Now you may be thinking, "Who cares about a light on the cable modem?" Well, I would be thinking that too...except it is causing lag spikes in my gaming and it's getting on my nerves.

    Another thing you may be thinking is "Well maybe you just need to run anti-virus or anti-spyware" Are you ready for this? The activity light remains solid even AFTER I turn off my computer! That's right. It isn't until I unplug my router that the activity light on the cable modem goes off. I've tried disabling wireless in my router in case someone was cracking my 128-bit WEP key, but the activity light on the cable modem still remains solid.

    So I called my ISP (Comcast) to try and get some help. I gave them a summarized version of the explanation I just gave above. Do you know what the tech's solution was? "Open IE and delete temporary internet files and cookies." Yeah, so apparently now temporary internet files have the ability to use bandwidth even AFTER your computer is shut down! GENIUS! She asked "Is it faster now?" I just wanted to get off the phone at that point so I said "yeah thanks" and hung up. I hate tech support sometimes...

    Anyway, someone at my school suggested that maybe I am under some type of DoS attack, but my ping is good sometimes and then frequently spikes so I don't know if that is likely or not. Browsing the net and downloading files doesn't feel like it's being bogged down by used bandwidth, but it is VERY noticeable when gaming. I don't understand how my modem can be experiencing activity when nothing is connected to it other than the router.

    PLEASE HELP!!!
    Ahhh...the power of cheese!

    #2
    Ok wait a second here. Are you sure the light is a activity light?

    If yes it's time to get a bit dirty. First thing is find out who manufactured your cable modem (no it wasn't comcast). Look on line. there are tons of resources in wiki pages and such. Maybe it's not an activity light. Maybe the update the f/w of your cable modem remotely and the new firmware changed the function of the light? Is you cable STB hooked up to this to. could you STB be downloading stuff (channel guides, update etc...)

    Now if it is an activity light it could indicate port scanning, worms (code blue is still out there) or google, msn search or yahoo trying to spider your IP. All of those things are very valid. I doubt it's a DoS.

    So if you want to find out what is on the wire go and get a protocol analyzer. One of the best is open source and free. It's called wireshark. It runs on every platform out there. What it does is capture all of the data streaming across the wire and decodes it. The problem is it can be confusing. So limit your network topology.

    Download and install wireshark on your pc
    Wireshark: Go deep.

    Turn of the wireless stuff on the cable modem.

    Plug the cable modem to the comcast cable.

    Plug one cable to the cable modem and your PC Nothing else on the network.

    Leave the cable modem powered off for now.

    Boot your pc.

    Start the wireshark capture

    power on your cable modem

    Look at the capture. This is the data on the wire. You will see everything going between your modem and your pc. You can ignore ARP and DHCP stuff you see in the capture. If you want you can send me the capture and I'll analyze it. Just PM me when you get it.

    Stop the capture after you've seen the activity light stay on for 30 seconds.

    Comment


      #3
      Mapes idea is better than anything i would think of
      but you said you have lag spikes when you Game, but dl'ing and viewing web pages seem normal. I would guess to possible blame your steam connection or your connection to the server. Try a non-steam game.
      The light thing i dont know, period.

      Try hitting up computer tech forums thats what i do.

      Comment


        #4
        Ok, great suggestions mapes but, here's the kicker, he said it stays active even with his computer shut off. That means it not his computer that is the source of the activity.

        Ch33s3r, does wireless router have the capability to log the traffic IP coming in and going out. I have the linksys WRT54GS and it has the option on the Administration tab to select Log. If you have this option enable it and review the log while the heavy activity of going on and make sure your IP of your computer is the only one showing up. You can find out the IP of your computer by using the ipconfig -all command in a cmd window.

        Second, you say you are using WEP, but I suggest if you haven't and your router has the capability which most do, is enable the Wireless MAC Filter and make sure you set it to permit only allow MAC addresses listed and make sure there are NO MAC addresses in the list.

        Third, ensure you have Wireless SSID Broadcast DISABLED

        Fourth, If everything you try still is not stopping the activity, turn off your computer and disconnect the router on the WAN side and see if the activity light stops. If it doesn't, which I would be highly suspicious if it doesn't, then I have to ask if your cable modem is wireless capable.

        Post your exactly make and model numbers of your cable modem and router and I'll check out the online manual.

        The main thing is the activity has to be coming from somewhere and yes outside packets from the cable side can be causing the light to stay active but let's eliminate the inside as a cause first.
        [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
        Like the community? Donate here:
        [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

        Comment


          #5
          Mapes, thanks for all the info. I will probably try that on Sunday when I get a chance.

          DougBob, my router is a Linksys WRT160N. I actually did try checking the router logs and the only activity that I saw was my own.

          Anyways, thanks for the help everyone! I'll keep you guys up to date with what happens after I try Mapes' idea.
          Ahhh...the power of cheese!

          Comment


            #6
            Originally posted by DougBob View Post
            Ok, great suggestions mapes but, here's the kicker, he said it stays active even with his computer shut off. That means it not his computer that is the source of the activity.
            True in which case he'll see nothing on the wire with the sniffer.

            Originally posted by DougBob View Post
            Second, you say you are using WEP, but I suggest if you haven't and your router has the capability which most do, is enable the Wireless MAC Filter and make sure you set it to permit only allow MAC addresses listed and make sure there are NO MAC addresses in the list.

            Third, ensure you have Wireless SSID Broadcast DISABLED

            For the record MAC locking gets you nothing. Alls an attacker has to see is one transmitted packet to or from your laptop and your mac is revealed. It is trivial to spoof a mac address. Most unixes allow you to set the mac via a config file. Same applies for SSID broadcast. As soon as you laptop connects it's visible. You have to ask what your defending against. A determined attacker or your neighbors from freeloading off of you. If it's your neighbors WEP is fine.

            Originally posted by DougBob View Post
            Fourth, If everything you try still is not stopping the activity, turn off your computer and disconnect the router on the WAN side and see if the activity light stops. If it doesn't, which I would be highly suspicious if it doesn't, then I have to ask if your cable modem is wireless capable.

            Post your exactly make and model numbers of your cable modem and router and I'll check out the online manual.

            The main thing is the activity has to be coming from somewhere and yes outside packets from the cable side can be causing the light to stay active but let's eliminate the inside as a cause first.
            Yes great ideas. Try the disconnection thing first before doing anything. Also Dougs idea of posting your make and model info is great too.

            Comment


              #7
              Originally posted by mapes View Post
              For the record MAC locking gets you nothing. Alls an attacker has to see is one transmitted packet to or from your laptop and your mac is revealed. It is trivial to spoof a mac address. Most unixes allow you to set the mac via a config file. Same applies for SSID broadcast. As soon as you laptop connects it's visible. You have to ask what your defending against. A determined attacker or your neighbors from freeloading off of you. If it's your neighbors WEP is fine.
              I know, I was thinking neighbors. If he has a problem with a real pro, MAC or WEP won't stop them. The only real defense in that case would be a proxy/firewall between his cable modem and router as he first ring of defense. With CAT5/6 connections only and no wireless capability. Which if I had that problem I would have to also get away from the cheap linksys type routers and go with the real thing and put ACLs on it.
              [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
              Like the community? Donate here:
              [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

              Comment


                #8
                Keep in mind that if it was his neighbors then having the wireless off would stop that in it's tracks... Gotta be something else if his wireless is off, computer is off, and is still getting a solid activity light.
                [IMG]http://img.photobucket.com/albums/v491/echosofbliss/seiko8wy.gif[/IMG]

                Comment


                  #9
                  Does your modem have wireless built-in? I've seen some of the newer Telus modems with built-in wireless.... Maybe that's what's causing the strange traffic?

                  Comment


                    #10
                    Originally posted by DougBob View Post
                    I know, I was thinking neighbors. If he has a problem with a real pro, MAC or WEP won't stop them. The only real defense in that case would be a proxy/firewall between his cable modem and router as he first ring of defense. With CAT5/6 connections only and no wireless capability. Which if I had that problem I would have to also get away from the cheap linksys type routers and go with the real thing and put ACLs on it.
                    Won't using PSK eliminate this possibility also?
                    [url=http://www.enjin.com/bf3-signature-generator][img]http://sigs.enjin.com/sig-bf3/1fad512dc784c11c.png[/img][/url]

                    Comment


                      #11
                      Originally posted by Dead...Again View Post
                      Won't using PSK eliminate this possibility also?

                      PSK actually means pre shared key. You mean WPA PSK. To just put off the nieghbors use anything WEP, TKIP, WPA or WPA2

                      Comment


                        #12
                        Well man did you figure it out?

                        Comment


                          #13
                          Sorry, I was studyin super hard for a calc 3 exam that I just took. I honestly don't feel like messing with it right now though because I was studying from 8am this morning til 6pm. I have class pretty much all day tomorrow. Anyway, I should be trying it tomorrow night or on Friday. I'll let ya know
                          Ahhh...the power of cheese!

                          Comment


                            #14
                            Hope you get it fixed Cheeser.

                            Comment


                              #15
                              Originally posted by ch33s3r View Post
                              Sorry, I was studyin super hard for a calc 3 exam that I just took. I honestly don't feel like messing with it right now though because I was studying from 8am this morning til 6pm. I have class pretty much all day tomorrow. Anyway, I should be trying it tomorrow night or on Friday. I'll let ya know
                              Eww Calc 3!

                              I'm in Calc 2 now, but if I had progressed at the real rate I should have I'd be in it...wait...calc 1 junior, calc 2 should've been senior... nevermind

                              Either way I'll be getting there, but I've heard it's easier than 2

                              And no, I don't know anything about your internet problems, just calculus

                              Comment

                              Cain's Lair Forums Statistics

                              Collapse

                              Topics: 26,187   Posts: 269,850   Members: 6,183   Active Members: 6
                              Welcome to our newest member, Fermin13Q.

                              Today's Birthdays

                              Collapse

                              There are no members with birthdays today.

                              Top Active Users

                              Collapse

                              There are no top active users.

                              More Posts

                              Collapse

                              • Reply to Hi guys!
                                by Evil_T0NY {CLR}
                                I've been Alpha and will be Beta testing the Delta Force game. It's been really getting good reviews! Definitely a good Battlefield feel to it like the...
                                14 Nov 2024, 08:50 PM
                              • Reply to Hope your all OK over there
                                by Apache Warrior
                                We had 17 inches of rain from the storm on November 7, 2024.
                                Apache
                                11 Nov 2024, 07:55 AM
                              • Reply to Hope your all OK over there
                                by Sirex
                                Aye, I'm inclined to agree with that lmao
                                Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
                                10 Nov 2024, 08:53 PM
                              • Reply to Hope your all OK over there
                                by Apache Warrior
                                Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
                                ...
                                8 Nov 2024, 09:23 AM
                              Working...
                              X