Network Traffic Part3

What the heck is going on?

I shut down the WD CLoud by removing the drive letter assignment.

Then I found high data volume being sent from the PC to another
location.

Turns out that it seems to be the Buffalo NAS that is being sent
gigabytes of data and yet I am not doing any operations on the Buffalo
NAS let alone previously the WD Cloud NAS.

I can write code to shut down the .EXEs that are doing this but why are
the NAS fiddling like this?

The NAS high volume disrupts the more important LAN data transfers that
I want making video and audio garbled.

--- news://freenews.netfront.net/ - complaints: ---

OldGuy wrote:
What the heck is going on?

I shut down the WD CLoud by removing the drive letter assignment.

Then I found high data volume being sent from the PC to another location.

Turns out that it seems to be the Buffalo NAS that is being sent gigabytes of data and yet
I am not doing any operations on the Buffalo NAS let alone previously the WD Cloud NAS.

I can write code to shut down the .EXEs that are doing this but why are the NAS fiddling
like this?

The NAS high volume disrupts the more important LAN data transfers that I want making
video and audio garbled.

--- news://freenews.netfront.net/ - complaints: ---

A number of us have replied to your prior posts about these problems.
Have you done all that was suggested?

A number of us have replied to your prior posts about these problems.
Have you done all that was suggested?

Those previous suggestions have nothing to do with my recent question!

So if you do not know an answer why are you wasting bits?

--- news://freenews.netfront.net/ - complaints: ---

On Sun, 15 Nov 2015 12:19:12 -0800, OldGuy wrote:

What the heck is going on?



Could you kindly refrain from starting new threads on the same topic?
Those of us who are not interested or have nothing to contribute have
to keep killing each new thread.


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

OldGuy wrote:

A number of us have replied to your prior posts about these problems.
Have you done all that was suggested?

Those previous suggestions have nothing to do with my recent question!

So if you do not know an answer why are you wasting bits?

Sure sounds like the same problem to me.

OldGuy wrote:
What the heck is going on?

I shut down the WD CLoud by removing the drive letter assignment.

Then I found high data volume being sent from the PC to another location.

Turns out that it seems to be the Buffalo NAS that is being sent
gigabytes of data and yet I am not doing any operations on the Buffalo
NAS let alone previously the WD Cloud NAS.

I can write code to shut down the .EXEs that are doing this but why are
the NAS fiddling like this?

The NAS high volume disrupts the more important LAN data transfers that
I want making video and audio garbled.

So do you have some details you can share with us ?

The possibilities a

1) Process involved is a "push" or a "pull" process.
2) In a client-server architecture, one end of the link
is a client, the other end a server. One end is "guilty",
the other end is "innocent".
3) In a peer-to-peer architecture, we can't really tell what is
going on. Say you had BitTorrent running just on your LAN.
Maybe a movie would be moving from A to B, at the same time
as another movie is moving from B to A. Stopping all but
one of the peers, stops the traffic.

Try to fit what you're seeing, to some kind of model, and
give us details.

If you don't give details, the answer will be "well, fix it".
In other words, a "reply-in-kind" devoid of any details
you could use.

I bet turning off the NAS would stop it, but I somehow doubt
that's the answer you're looking for.

Now, you were using TCPView at one point. What
names does it show ? Are the names "clients" of something ?

Paul

OldGuy wrote:

Those previous suggestions have nothing to do with my recent question!
So if you do not know an answer why are you wasting bits?

You know, for someone repeatedly asking for help, it might pay to sound
grateful ...

OldGuy wrote:
What the heck is going on?

I shut down the WD CLoud by removing the drive letter assignment.

Then I found high data volume being sent from the PC to another location.

Turns out that it seems to be the Buffalo NAS that is being sent gigabytes
of data and yet I am not doing any operations on the Buffalo NAS let alone
previously the WD Cloud NAS.

I can write code to shut down the .EXEs that are doing this but why are the
NAS fiddling like this?

The NAS high volume disrupts the more important LAN data transfers that I
want making video and audio garbled.

So do you have some details you can share with us ?

The possibilities a

1) Process involved is a "push" or a "pull" process.
2) In a client-server architecture, one end of the link
is a client, the other end a server. One end is "guilty",
the other end is "innocent".
3) In a peer-to-peer architecture, we can't really tell what is
going on. Say you had BitTorrent running just on your LAN.
Maybe a movie would be moving from A to B, at the same time
as another movie is moving from B to A. Stopping all but
one of the peers, stops the traffic.

Try to fit what you're seeing, to some kind of model, and
give us details.

If you don't give details, the answer will be "well, fix it".
In other words, a "reply-in-kind" devoid of any details
you could use.

I bet turning off the NAS would stop it, but I somehow doubt
that's the answer you're looking for.

Now, you were using TCPView at one point. What
names does it show ? Are the names "clients" of something ?

Paul

I do not know much about this stuff.

The scenario is very complex.
I have two routers, one master the other a slave.
I have several PCs connected via CAT5.
I have several NAS on the LAN, one is the WD Cloud and another is a
Buffalo.

The TV PC, call it TVPC has a tuner and records TV to disk.
I never look at it live just look at the files on PC2.
Both are running Win 7 Pro Media Center.

The files are stored on TVPC and also on a USB drive connected to TVPC.

So I get an index of recorded stuff on PC2, select it and play it
through PC2 Media Center. THerefore all TV file data is on the LAN
coming from TVPC to PC2.

This additional disrupting data comes in bursts so most things like
Process Explorer do not register it. The exception was the WD Cloud
where bursts were both large and long. So there I was able to see
better on my network meters.

I have two network meters that both register the bursts as they happen
but neither has the capability to indicate where it is coming from.

I used TCPView and was able to see large abounts of data flowing but
again in bursts so it took a long time to determine what was really
happening.

The TCPView info is not revealing in itself but it did give me a clue
or two. The big IP Addresses xx::xx: ... were found from a WhoIs of
the properties shown in TCPView. But I do not think that this is
relevant.
The resolved remote addresses did give me a starting point.
I pasted the remote address into a browser and found myself looking at
a Buffalo NAS login. Surprise.

Remote addresses look like
name.attlocal.net
Where name is the name of a device.
In the case of a NAS it is assigned by the NAS manufacturer so it was
not obvious to me. Now I think I have decyphered some of them.

Previously I determined that the majority of data was flowing via the
WD Cloud and I could only disable that data flow by removing the Drive
Letter reference to that WD NAS. Nothing would kill the process.
THe drive still shows up in the Network area in Win Explorer.

SO it seems that Windows is also in cohoots with Buffalo NAS somehow.
The Buffalo NAS .EXE I was able to kill its app and it stayed killed at
least for now.

With all that I know I still do not know what all that data, 50GBytes
during a day is being pushed or pulled around.

I have no auto backup running.
I was not even looking at those drives.
So I cannot fathom what process was running to do this disrupted data
movement.

I have other things like WiFi cams that behave properly and can be
turned on or off data wise.

I run all the malware apps I know about and none tell me anything other
than all is well.

Please ask specific questions if I did not explain well enough.

I have a 1G network I think and that was being disrupted by the WD and
less by the Buffalo NAS. I'll have to check on the ATTUvers WiFI
router to be sure it supports 1G.

I am sure if I boot, the Buffalo NAS will start data movement again and
I will have to kill thoise .EXEs again.

With both NAS off I see only about 12KBps.

But this is only one PC, at PC2.

I'll bet that when I go look at TVPC I will see lots of data flowing
there since I have not disable the NAS there.

With several PCs I can see how the LAN would be swamped by those NAS
data bursts since thos other PCs are "attached" to the NAS.

--- news://freenews.netfront.net/ - complaints: ---

OldGuy wrote:

I do not know much about this stuff.

The scenario is very complex.
I have two routers, one master the other a slave.
I have several PCs connected via CAT5.
I have several NAS on the LAN, one is the WD Cloud and another is a
Buffalo.

The TV PC, call it TVPC has a tuner and records TV to disk.
I never look at it live just look at the files on PC2.
Both are running Win 7 Pro Media Center.

The files are stored on TVPC and also on a USB drive connected to TVPC.

So I get an index of recorded stuff on PC2, select it and play it
through PC2 Media Center. THerefore all TV file data is on the LAN
coming from TVPC to PC2.

This additional disrupting data comes in bursts so most things like
Process Explorer do not register it. The exception was the WD Cloud
where bursts were both large and long. So there I was able to see
better on my network meters.

I have two network meters that both register the bursts as they happen
but neither has the capability to indicate where it is coming from.

I used TCPView and was able to see large abounts of data flowing but
again in bursts so it took a long time to determine what was really
happening.

The TCPView info is not revealing in itself but it did give me a clue or
two. The big IP Addresses xx::xx: ... were found from a WhoIs of the
properties shown in TCPView. But I do not think that this is relevant.
The resolved remote addresses did give me a starting point.
I pasted the remote address into a browser and found myself looking at a
Buffalo NAS login. Surprise.

Remote addresses look like
name.attlocal.net
Where name is the name of a device.
In the case of a NAS it is assigned by the NAS manufacturer so it was
not obvious to me. Now I think I have decyphered some of them.

Previously I determined that the majority of data was flowing via the WD
Cloud and I could only disable that data flow by removing the Drive
Letter reference to that WD NAS. Nothing would kill the process.
THe drive still shows up in the Network area in Win Explorer.

SO it seems that Windows is also in cohoots with Buffalo NAS somehow.
The Buffalo NAS .EXE I was able to kill its app and it stayed killed at
least for now.

With all that I know I still do not know what all that data, 50GBytes
during a day is being pushed or pulled around.

I have no auto backup running.
I was not even looking at those drives.
So I cannot fathom what process was running to do this disrupted data
movement.

I have other things like WiFi cams that behave properly and can be
turned on or off data wise.

I run all the malware apps I know about and none tell me anything other
than all is well.

Please ask specific questions if I did not explain well enough.

I have a 1G network I think and that was being disrupted by the WD and
less by the Buffalo NAS. I'll have to check on the ATTUvers WiFI router
to be sure it supports 1G.

I am sure if I boot, the Buffalo NAS will start data movement again and
I will have to kill thoise .EXEs again.

With both NAS off I see only about 12KBps.

But this is only one PC, at PC2.

I'll bet that when I go look at TVPC I will see lots of data flowing
there since I have not disable the NAS there.

With several PCs I can see how the LAN would be swamped by those NAS
data bursts since thos other PCs are "attached" to the NAS.

--- FIOS_Router --x
--X (WAN) (LAN)
---------- Downstream_Router ---- PCTV (WMC server)
(GbE) ---- PC2 (WMC client)
---- Buffalo NAS
---- WD Cloud

Home routers are generally not "managed" and don't give
the particulars of what is going on, on each port.

My $40 router for example, gives a total byte count for
the WAN connection, and that is all.

If you run TCPView on PCTV or PC2, it will be able
to view connections between

PCTV and PC2
PCTV to some NAS \___ Potential for Cloud backup, orchestrated by PCTV or PC2
PCTV to Internet /

The Cloud activity, could be to a Buffalo Cloud provider,
a Western Digital Cloud provider, or to Microsoft OneDrive.
It could even be to DropBox, but you'd remember setting
that up.

An Internet-side device, would attempt to "Pull" data. To
gain access to your LAN, you would need to do Port Forwarding
on the routers. An IPV4 router has a NAT (network address translation)
style of firewall, which helps to prevent accidental network
connectivity of that type.

However, it's a lot easier to "push" data from the LAN
side to the Internet.

Using TCPView, gives you the ability to monitor "push"
from PCTV ot PC2.

What you cannot monitor, is Buffalo NAS "push" to Internet.
Or WD Cloud "push" to Internet. While you may be able
to view aggregate WAN byte count on a router, it may not
give you a breakdown as to which port produces the traffic.

Similarly, if you wanted to do traffic analysis, you
may need a "sniffer" stuffed between the NAS and the router.
A "sniffer" would be a PC with two NIC ports, one facing the
device, one facing the router. Such a box can run Wireshark,
and trace traffic on either port of your choosing. I've never
set one of these up, although I swore many times I would do so...
One of my problems, is I have no table space left, to set up
another computer :-)

--- FIOS_Router --x
--X (WAN)
---------- Downstream_Router ---- PCTV (WMC server)
(GbE) ---- PC2 (WMC client)
---- sniffer ---- Buffalo NAS
---- WD Cloud

So when it comes to NAS devices, you will need to do
additional work, to "catch" them.

The Buffalo NAS and WD Cloud could be running Linux.
If you could fire up a remote terminal into either
NAS box, it may be possible to trace activity in there.
But that only helps, if the process in Linux doing the
transfer, has an obvious name like "CloudBackupJob"
or similar. Then you would have some idea
what is going on.

So on the incoming side, at least with IPV4, the
NAT feature provides a measure of protection. On the
outgoing side, the Windows firewall *can* occasionally
flag a goofy port choice by some program abusing the
network. But that sort of notification has only happened
once here, and my guess is, the typical outgoing firewall
isn't going to provide any hints as to what is
going on. And in any case, TCPView should tell you
something about it.

So when PCTV or PC2 is "pushing" stuff, you will be
able to easily log the activity. Not necessarily explain
it, but you should be able to observe it. For NAS boxes,
you're going to either need a much better router (like
use a separate computer as a router, complete
with LCD monitor and OS of your choice), or you can
add a PC set up as a sniffer for the analysis. Both
amount to the same thing. Even the PC set up as
a sniffer is a router. The advantage of making it
a sniffer, is to not disrupt the rest of the setup.

If you have details to add to the diagram, modify it
and post it, so other readers here can have a look.

Paul

THat is a lot to take in right now.
Give me a day or two to try to digest it.

See my new post on single point internet and see if that makes sense to
do.

--- news://freenews.netfront.net/ - complaints: ---