Canadian TV, Computing and Home Theatre Forums banner

Network app of some type

5K views 43 replies 6 participants last post by  ExDilbert 
#1 ·
As I am typing this message, I can see one light on my switch going like crazy. I have tried to find visually where is the signal being streamed from at the moment. I can't find it anywhere.
Is there some kind of program that would let me see either by IP or even MAC code what is "sucking" my bandwidth at the moment?
 
#4 ·
Well, the light on the switch should tell you what device is getting all that traffic. Just see what's plugged into the port the light corresponds to. Also, the MAC address won't tell you anything, as MAC addresses are only relevant on the local network. Anything you see from the Internet will be carried in a frame containing your router's MAC address as the source. Wireshark, as mentioned, can be used to analyze traffic, but unless you're running it on the computer that's getting the traffic, you'll need some means to intercept it. I do this by using a managed switch configured for port mirroring. Port 2 is mirrored to port 1. I connect a computer running Wireshark to port 1 and pass the connection between port 2 and any other free port on the switch. Also, some firewalls, such as pfSense, can also capture traffic.
 
#5 ·
Network throughput can be seen by looking at Network Monitor in Windows. It's under the Performance > Ethernet tab on Win10. Forget where on Win7. The Network Activity tab in Windows Resource Monitor will show more details. On my Win10 it system lists network activity for each process with destination and number of bytes per second. That's not as good as Wireshark but will provide some info and uses existing software.

Is Windows Update downloading by any chance? Open Windows Update to see.

I can see one light on my switch going like crazy.
What is the label on that port and what is it connected to?
 
#6 ·
I should have added how my Frankenrouter setup is done:

It goes from Fibre-Router-switch-switch-switch. Not the best setup but it has always worked no problem. Until now. I have always chosen port 5 on my 8 ports as my connecting point between each switch. (why 5, no reason)

The idea was to see what was active on the switch just by looking at it. As I type this post, of 8 ports, 5 out of 8 are almost dormant except a blip here and there. Number 5 is flashing like crazy indicating me that it is one of the other 2 switches is being utilized big time.

Number 3 (this computer) only flashes when I hit send or what not.

Another thing that I noticed is that speed on my network has gone down immensely. If I moved a file from one computer to another, it would be around 70MB/s on average. Lately, down to 1.89MB and it struggles.
 
#7 ·
^^^^
I hope you don't have those switches connected in a loop. If so, and if the switches don't support spanning tree or equivalent, then you could have a broadcast storm, where Ethernet frames keep getting passed around the loop by the switches. This would match your description of the lights flashing so much and the reduced performance.
 
#8 ·
I would be checking the ports on the other switches to find the device(s) generating all the traffic. That could then be analyzed to see what is happening. It could be defective or have some software that is causing the issue. It could even be hacked. The first thing to do would be reboot it to see if it clears the issue.
 
#10 ·
Just for curiosity, I did a speed test on my Gigabit ISP server. I used to be in the 790Mbps and today, barely passing the 30Mbps mark download and 14Mbps upload.

I have the feeling my trusted Netgear switches has had enough and barely pushing the data on the network. They were the cheaper GS608.

I must also add that at Christmas time, I have my light display running E1.31 DMX over Ethernet protocol and the packets going through in one night, my switch will heat up more by almost 10 degrees Celsius as measured with heat gun thingy. Stop the display and the switch cools down. I'm sure running it for 40 days straight must weaken parts inside. Nothing lasts forever.

I do appreciate the ideas though. I'll keep you guys posted when I try the new ideas this afternoon. ;)

PS: I did reboot, nothing changed. I rebooted the ONT before my router and then the router. I also checked the status of my router to see if someone else not authorized was logged on either through the 5G access or the regular WiFi but nothing. This is just too weird. It has happened before but I can't recall what I had done. I think I ended up buying new switches. :(
 
#11 ·
Extra traffic over a switch should not affect its life. Depending on how it's designed, it could cause some extra heat but it shouldn't overheat. I ran several Trendnet Greennet switches for up to 10-12 years. Got them because they were cheap, in metal cases and low power. They run cool and never had a problem with them, unlike a previous product that ran hot and didn't last. Recently updated a couple of those to Zyxel managed switches that were on sale. They are in metal cases and run cool as well.

Most of my CAT6 cables are connected to a 16 port main switch in order to provide more bandwidth between devices. Hops though multiple switches can affect performance due to the bottleneck created in the cable that connects them. In the setup described in #6, it sounds like the cable connecting the switches is saturated, affecting throughput between devices that must also communicate through that cable. A 16 port Tb switch can handle up to 16Tb of data per second total on all ports. High rates of data between two devices does not affect other devices. A cable connecting two 8 port switches is limited to 1Tbps total between switches. This allows two devices with high transfer rates to affect speeds between other devices connected between the two switches.
 
#12 ·
^^^^
You have Terrabit switches??? I thought I was doing well with Gigabit.

However, normal traffic shouldn't cause the slowdown he's experiencing. I still suspect he has a lopp with all those switches and he really should try with just one switch to see what happens.
 
#14 ·
I found something weird. When I disconnect the port 5 going from one switch to another, the one that is connected after the one one my desk, the light stops flashing (since it is not connected) but there is no activity on the second switch. As soon as I put 5 in, hell breaks loose again and flashes. So somehow, something is tickling it to activity but I can't see what it is. That's driving me insane!!!

Oh and the switch I have in front of me where I connect all my light show, it is laying flat on its side and the top middle portion of it is not beige color anymore but more like "brown-ish" so to speak. It has over heated I think.

I ordered 3 new Prosafe switches (lifetime warranty) and will be redoing the whole network, AGAIN, for the umpth time. Networking is fun....when it runs alright! LOL
 
#16 ·
@Danster I don't think you ever said if you checked the other switches when they were all connected.

If I understand your configuration correctly, you have:
Router---Switch1---Switch2---Switch3

Port 5 on switch 1 is flashing indicating the traffic is coming from switch 2 or 3. You should see lights constantly flashing on one of those switches and you should be able to track the device.

You disconnected the cable between switch 1 and switch 2 and the flashing stopped - correct?

Have you tried a speed test with the extra switches disconnected and better yet, with you PC connected directly to the router?

Does your physical layout allow you to reconfigure your network to remove some of the layers?
eg.
Router port1---Switch1
Router port2---Switch2
Router port3---Switch3

or next best: connect switch 1 port 5 to switch 2 and switch 1 port 6 to switch 3 to remove one layer.
 
#20 ·
@Danster I don't think you ever said if you checked the other switches when they were all connected.

#1 If I understand your configuration correctly, you have:
Router---Switch1---Switch2---Switch3

#2 Port 5 on switch 1 is flashing indicating the traffic is coming from switch 2 or 3. You should see lights constantly flashing on one of those switches and you should be able to track the device.

#3 You disconnected the cable between switch 1 and switch 2 and the flashing stopped - correct?

#4 Have you tried a speed test with the extra switches disconnected and better yet, with you PC connected directly to the router?

#5 Does your physical layout allow you to reconfigure your network to remove some of the layers?
eg.
Router port1---Switch1
Router port2---Switch2
Router port3---Switch3

or next best: connect switch 1 port 5 to switch 2 and switch 1 port 6 to switch 3 to remove one layer.
#1 Yes
#2 I did but I have sooo many cables, I am lost as to what is causing it!
#3 Yes
#4 Have not tried yet as I have too many things on the go.
#5 It is in my plan to reroute it that way instead of one feeding another.
@ExDilbert, yes I have bought metal ones now. I like Netgear, I know not the top of the line but for what I do, it is perfectly suited for me. I'll be getting them Friday.
 
#19 ·
My own first modem was also 300B, but it was direct connect. The phone line plugged into one jack and the phone in the other. I'd use the phone to dial and then, upon hearing carrier, switch the modem in to originate mode. There were several BBS systems back then.

Incidentally, there's a bit of a story as to how I got that modem. My wife dropped into my office and I showed her the Adventure game, on a VAX 11/780 computer. She asked if she could play that game on my computer (an IMSAI 8080). I said no, but if we had a modem... I was soon a proud owner of a 300B modem! :)
 
#21 ·
#2 I did but I have sooo many cables, I am lost as to what is causing it!
Probably a loop. Try with just 1 switch and see how that is. Then if you connect so many switches, make sure you don't create a loop.

BTW, is there some reason you need so many switches? If you need a lot of ports, then perhaps a larger switch would be better.
 
#22 ·
@Danster I had second thoughts about my suggestion because of the unique nature of your network. You have an immense number of local packets for your Christmas light show that you probably want to keep off the router. You could connect switch 1 port 5 to switch 2 and switch 1 port 6 to switch 3. Ideally, you should confine all your Christmas light activity to one switch. If that isn't possible, you should put any "control" devices on switch 1 to minimize the path the packets go through. You don't want the majority of your traffic to travel through all 3 switches.

EDIT: getting back to your current problem. If one of the lights on switch 3 is flashing constantly, then that relates to a specific device and you should be able to unplug it. Or it could be one of the lights on switch 2 (besides port 5.)
 
#24 ·
I have too many things on the go. That's what happens when you are retired but the brain thinks I'm going back to work the next day!

Anyway, I screwed up in my order so instead of today, I'm getting my switches Monday.

I will be cleaning the wire mess and try to keep my setup as clean and tidy to minimize any problems or at least, make them easier to spot.

As for speed being robbed so to speak, I noticed that in my Router log, I have many of these :[DoS attack: ACK Scan] attack packets in last 20 sec from ip [46.166.148.205], Friday, Aug 18,2017

The IP is from the Netherlands but why would I be a target? I mean my router is getting bombarded by these messages. I really don't like this. :(
 
#25 ·
^^^^
It's unlikely a DDOS attack would have much effect on the switch. Those attacks first have to get through the firewall to reach something on the local network. Given that those attacks have to come over your Internet connection, it's very likely to be nowhere near enough to overwhelm a switch.
 
#26 ·
There are lots of scans from malware and hacked devices. They scan all IPV4 internet addresses to find vulnerable devices, such as routers or webcams, with default passwords or other vulnerabilities. It's been going on for the past 20 years or more and keeps getting worse. It's nothing to worry about as long as all devices exposed to the internet are kept secure.

The IP is from the Netherlands
I see stuff like that occasionally as well. Could be packets getting through the firewall with UPNP. Sometimes it's from companies that I have visited on the web or who use tracking of some type.
 
#27 ·
There are lots of scans from malware and hacked devices.
Yes, I know there are. However, they have to come in over the Internet, which will limit the amount of traffic they generate. Any decent switch should not be swamped by the traffic on one port, to the point is drags down other traffic passing through the switch. If you look at the specs for modern switch, you'll find the aggregate bandwidth is essentially the single port bandwidth times the number of ports.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top