If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Network Traffic Part3
What the heck is going on?
I shut down the WD CLoud by removing the drive letter assignment. Then I found high data volume being sent from the PC to another location. Turns out that it seems to be the Buffalo NAS that is being sent gigabytes of data and yet I am not doing any operations on the Buffalo NAS let alone previously the WD Cloud NAS. I can write code to shut down the .EXEs that are doing this but why are the NAS fiddling like this? The NAS high volume disrupts the more important LAN data transfers that I want making video and audio garbled. --- news://freenews.netfront.net/ - complaints: --- |
Ads |
#2
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
What the heck is going on? I shut down the WD CLoud by removing the drive letter assignment. Then I found high data volume being sent from the PC to another location. Turns out that it seems to be the Buffalo NAS that is being sent gigabytes of data and yet I am not doing any operations on the Buffalo NAS let alone previously the WD Cloud NAS. I can write code to shut down the .EXEs that are doing this but why are the NAS fiddling like this? The NAS high volume disrupts the more important LAN data transfers that I want making video and audio garbled. --- news://freenews.netfront.net/ - complaints: --- A number of us have replied to your prior posts about these problems. Have you done all that was suggested? |
#3
|
|||
|
|||
Network Traffic Part3
A number of us have replied to your prior posts about these problems. Have you done all that was suggested? Those previous suggestions have nothing to do with my recent question! So if you do not know an answer why are you wasting bits? --- news://freenews.netfront.net/ - complaints: --- |
#4
|
|||
|
|||
Network Traffic Part3
On Sun, 15 Nov 2015 12:19:12 -0800, OldGuy wrote:
What the heck is going on? Could you kindly refrain from starting new threads on the same topic? Those of us who are not interested or have nothing to contribute have to keep killing each new thread. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#5
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
A number of us have replied to your prior posts about these problems. Have you done all that was suggested? Those previous suggestions have nothing to do with my recent question! So if you do not know an answer why are you wasting bits? Sure sounds like the same problem to me. |
#6
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
What the heck is going on? I shut down the WD CLoud by removing the drive letter assignment. Then I found high data volume being sent from the PC to another location. Turns out that it seems to be the Buffalo NAS that is being sent gigabytes of data and yet I am not doing any operations on the Buffalo NAS let alone previously the WD Cloud NAS. I can write code to shut down the .EXEs that are doing this but why are the NAS fiddling like this? The NAS high volume disrupts the more important LAN data transfers that I want making video and audio garbled. So do you have some details you can share with us ? The possibilities a 1) Process involved is a "push" or a "pull" process. 2) In a client-server architecture, one end of the link is a client, the other end a server. One end is "guilty", the other end is "innocent". 3) In a peer-to-peer architecture, we can't really tell what is going on. Say you had BitTorrent running just on your LAN. Maybe a movie would be moving from A to B, at the same time as another movie is moving from B to A. Stopping all but one of the peers, stops the traffic. Try to fit what you're seeing, to some kind of model, and give us details. If you don't give details, the answer will be "well, fix it". In other words, a "reply-in-kind" devoid of any details you could use. I bet turning off the NAS would stop it, but I somehow doubt that's the answer you're looking for. Now, you were using TCPView at one point. What names does it show ? Are the names "clients" of something ? Paul |
#7
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
Those previous suggestions have nothing to do with my recent question! So if you do not know an answer why are you wasting bits? You know, for someone repeatedly asking for help, it might pay to sound grateful ... |
#8
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
What the heck is going on? I shut down the WD CLoud by removing the drive letter assignment. Then I found high data volume being sent from the PC to another location. Turns out that it seems to be the Buffalo NAS that is being sent gigabytes of data and yet I am not doing any operations on the Buffalo NAS let alone previously the WD Cloud NAS. I can write code to shut down the .EXEs that are doing this but why are the NAS fiddling like this? The NAS high volume disrupts the more important LAN data transfers that I want making video and audio garbled. So do you have some details you can share with us ? The possibilities a 1) Process involved is a "push" or a "pull" process. 2) In a client-server architecture, one end of the link is a client, the other end a server. One end is "guilty", the other end is "innocent". 3) In a peer-to-peer architecture, we can't really tell what is going on. Say you had BitTorrent running just on your LAN. Maybe a movie would be moving from A to B, at the same time as another movie is moving from B to A. Stopping all but one of the peers, stops the traffic. Try to fit what you're seeing, to some kind of model, and give us details. If you don't give details, the answer will be "well, fix it". In other words, a "reply-in-kind" devoid of any details you could use. I bet turning off the NAS would stop it, but I somehow doubt that's the answer you're looking for. Now, you were using TCPView at one point. What names does it show ? Are the names "clients" of something ? Paul I do not know much about this stuff. The scenario is very complex. I have two routers, one master the other a slave. I have several PCs connected via CAT5. I have several NAS on the LAN, one is the WD Cloud and another is a Buffalo. The TV PC, call it TVPC has a tuner and records TV to disk. I never look at it live just look at the files on PC2. Both are running Win 7 Pro Media Center. The files are stored on TVPC and also on a USB drive connected to TVPC. So I get an index of recorded stuff on PC2, select it and play it through PC2 Media Center. THerefore all TV file data is on the LAN coming from TVPC to PC2. This additional disrupting data comes in bursts so most things like Process Explorer do not register it. The exception was the WD Cloud where bursts were both large and long. So there I was able to see better on my network meters. I have two network meters that both register the bursts as they happen but neither has the capability to indicate where it is coming from. I used TCPView and was able to see large abounts of data flowing but again in bursts so it took a long time to determine what was really happening. The TCPView info is not revealing in itself but it did give me a clue or two. The big IP Addresses xx::xx: ... were found from a WhoIs of the properties shown in TCPView. But I do not think that this is relevant. The resolved remote addresses did give me a starting point. I pasted the remote address into a browser and found myself looking at a Buffalo NAS login. Surprise. Remote addresses look like name.attlocal.net Where name is the name of a device. In the case of a NAS it is assigned by the NAS manufacturer so it was not obvious to me. Now I think I have decyphered some of them. Previously I determined that the majority of data was flowing via the WD Cloud and I could only disable that data flow by removing the Drive Letter reference to that WD NAS. Nothing would kill the process. THe drive still shows up in the Network area in Win Explorer. SO it seems that Windows is also in cohoots with Buffalo NAS somehow. The Buffalo NAS .EXE I was able to kill its app and it stayed killed at least for now. With all that I know I still do not know what all that data, 50GBytes during a day is being pushed or pulled around. I have no auto backup running. I was not even looking at those drives. So I cannot fathom what process was running to do this disrupted data movement. I have other things like WiFi cams that behave properly and can be turned on or off data wise. I run all the malware apps I know about and none tell me anything other than all is well. Please ask specific questions if I did not explain well enough. I have a 1G network I think and that was being disrupted by the WD and less by the Buffalo NAS. I'll have to check on the ATTUvers WiFI router to be sure it supports 1G. I am sure if I boot, the Buffalo NAS will start data movement again and I will have to kill thoise .EXEs again. With both NAS off I see only about 12KBps. But this is only one PC, at PC2. I'll bet that when I go look at TVPC I will see lots of data flowing there since I have not disable the NAS there. With several PCs I can see how the LAN would be swamped by those NAS data bursts since thos other PCs are "attached" to the NAS. --- news://freenews.netfront.net/ - complaints: --- |
#9
|
|||
|
|||
Network Traffic Part3
OldGuy wrote:
I do not know much about this stuff. The scenario is very complex. I have two routers, one master the other a slave. I have several PCs connected via CAT5. I have several NAS on the LAN, one is the WD Cloud and another is a Buffalo. The TV PC, call it TVPC has a tuner and records TV to disk. I never look at it live just look at the files on PC2. Both are running Win 7 Pro Media Center. The files are stored on TVPC and also on a USB drive connected to TVPC. So I get an index of recorded stuff on PC2, select it and play it through PC2 Media Center. THerefore all TV file data is on the LAN coming from TVPC to PC2. This additional disrupting data comes in bursts so most things like Process Explorer do not register it. The exception was the WD Cloud where bursts were both large and long. So there I was able to see better on my network meters. I have two network meters that both register the bursts as they happen but neither has the capability to indicate where it is coming from. I used TCPView and was able to see large abounts of data flowing but again in bursts so it took a long time to determine what was really happening. The TCPView info is not revealing in itself but it did give me a clue or two. The big IP Addresses xx::xx: ... were found from a WhoIs of the properties shown in TCPView. But I do not think that this is relevant. The resolved remote addresses did give me a starting point. I pasted the remote address into a browser and found myself looking at a Buffalo NAS login. Surprise. Remote addresses look like name.attlocal.net Where name is the name of a device. In the case of a NAS it is assigned by the NAS manufacturer so it was not obvious to me. Now I think I have decyphered some of them. Previously I determined that the majority of data was flowing via the WD Cloud and I could only disable that data flow by removing the Drive Letter reference to that WD NAS. Nothing would kill the process. THe drive still shows up in the Network area in Win Explorer. SO it seems that Windows is also in cohoots with Buffalo NAS somehow. The Buffalo NAS .EXE I was able to kill its app and it stayed killed at least for now. With all that I know I still do not know what all that data, 50GBytes during a day is being pushed or pulled around. I have no auto backup running. I was not even looking at those drives. So I cannot fathom what process was running to do this disrupted data movement. I have other things like WiFi cams that behave properly and can be turned on or off data wise. I run all the malware apps I know about and none tell me anything other than all is well. Please ask specific questions if I did not explain well enough. I have a 1G network I think and that was being disrupted by the WD and less by the Buffalo NAS. I'll have to check on the ATTUvers WiFI router to be sure it supports 1G. I am sure if I boot, the Buffalo NAS will start data movement again and I will have to kill thoise .EXEs again. With both NAS off I see only about 12KBps. But this is only one PC, at PC2. I'll bet that when I go look at TVPC I will see lots of data flowing there since I have not disable the NAS there. With several PCs I can see how the LAN would be swamped by those NAS data bursts since thos other PCs are "attached" to the NAS. --- FIOS_Router --x --X (WAN) (LAN) ---------- Downstream_Router ---- PCTV (WMC server) (GbE) ---- PC2 (WMC client) ---- Buffalo NAS ---- WD Cloud Home routers are generally not "managed" and don't give the particulars of what is going on, on each port. My $40 router for example, gives a total byte count for the WAN connection, and that is all. If you run TCPView on PCTV or PC2, it will be able to view connections between PCTV and PC2 PCTV to some NAS \___ Potential for Cloud backup, orchestrated by PCTV or PC2 PCTV to Internet / The Cloud activity, could be to a Buffalo Cloud provider, a Western Digital Cloud provider, or to Microsoft OneDrive. It could even be to DropBox, but you'd remember setting that up. An Internet-side device, would attempt to "Pull" data. To gain access to your LAN, you would need to do Port Forwarding on the routers. An IPV4 router has a NAT (network address translation) style of firewall, which helps to prevent accidental network connectivity of that type. However, it's a lot easier to "push" data from the LAN side to the Internet. Using TCPView, gives you the ability to monitor "push" from PCTV ot PC2. What you cannot monitor, is Buffalo NAS "push" to Internet. Or WD Cloud "push" to Internet. While you may be able to view aggregate WAN byte count on a router, it may not give you a breakdown as to which port produces the traffic. Similarly, if you wanted to do traffic analysis, you may need a "sniffer" stuffed between the NAS and the router. A "sniffer" would be a PC with two NIC ports, one facing the device, one facing the router. Such a box can run Wireshark, and trace traffic on either port of your choosing. I've never set one of these up, although I swore many times I would do so... One of my problems, is I have no table space left, to set up another computer :-) --- FIOS_Router --x --X (WAN) ---------- Downstream_Router ---- PCTV (WMC server) (GbE) ---- PC2 (WMC client) ---- sniffer ---- Buffalo NAS ---- WD Cloud So when it comes to NAS devices, you will need to do additional work, to "catch" them. The Buffalo NAS and WD Cloud could be running Linux. If you could fire up a remote terminal into either NAS box, it may be possible to trace activity in there. But that only helps, if the process in Linux doing the transfer, has an obvious name like "CloudBackupJob" or similar. Then you would have some idea what is going on. So on the incoming side, at least with IPV4, the NAT feature provides a measure of protection. On the outgoing side, the Windows firewall *can* occasionally flag a goofy port choice by some program abusing the network. But that sort of notification has only happened once here, and my guess is, the typical outgoing firewall isn't going to provide any hints as to what is going on. And in any case, TCPView should tell you something about it. So when PCTV or PC2 is "pushing" stuff, you will be able to easily log the activity. Not necessarily explain it, but you should be able to observe it. For NAS boxes, you're going to either need a much better router (like use a separate computer as a router, complete with LCD monitor and OS of your choice), or you can add a PC set up as a sniffer for the analysis. Both amount to the same thing. Even the PC set up as a sniffer is a router. The advantage of making it a sniffer, is to not disrupt the rest of the setup. If you have details to add to the diagram, modify it and post it, so other readers here can have a look. Paul |
#10
|
|||
|
|||
Network Traffic Part3
THat is a lot to take in right now.
Give me a day or two to try to digest it. See my new post on single point internet and see if that makes sense to do. --- news://freenews.netfront.net/ - complaints: --- |
Thread Tools | |
Display Modes | Rate This Thread |
|
|