analyzing network traffic

  • I have to keep an eye on my data usage thanks to Comcast's stingy 1TB cap.


    Last month I blew through it faster than expected. This month the same thing. my asus router has traffic analyzing and my server is using a ton of data. ( I can't pinpoint if its LAN or WAN as the stats won't load properly. ) It just comes up as win2k+ server message block. Is there anything on the server side I can do to better keep track of things?

  • I'm also on Comcast and am capped at 1TB/mo. Although I monitor my use several ways I find Comcast's own meter to be sufficient. Do you use it or are you not aware of it?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • I'm also on Comcast and am capped at 1TB/mo. Although I monitor my use several ways I find Comcast's own meter to be sufficient. Do you use it or are you not aware of it?

    Definitely use their meter. The last 2 months I'm positive I haven't personally used as much as they say. I'm not doubting their meter, I'm wondering what on my network is running amuck and I'm trying to sniff it out.


    Sent from my Pixel 3 XL using Tapatalk

  • Looks like a lot of Samba traffic between ~10:00pm and 5:00am. Is anyone in the home that active during that time period? Do you have an insecure wireless network?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Looks like a lot of Samba traffic between ~10:00pm and 5:00am. Is anyone in the home that active during that time period? Do you have an insecure wireless network?

    No way the person that was home would be using much if any. And no, network is secure and no abnormal clients are connected


    Sent from my Pixel 3 XL using Tapatalk

  • You might want to run netstat with selected option during that period and see what IP addresses the box is connecting to.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Negative.
    I'm assuming the router keeps track of all traffic. Not just WAN.. I wondered if plex is constantly refreshing or something odd. But that wouldn't show up as samba right?


    Sent from my Pixel 3 XL using Tapatalk


    Assuming the router keeps track of all traffic is not a good assumption. The only traffic it sees is what comes in from the internet and what goes out to the internet. Your local LAN traffic never touches the router.


    I'd start with netstat on the box and see what IPs it is connecting to and on what ports. Once you know the IP addresses you can try to find out which processes are using those addresses.


    Being identified as Samba might be true or false.


    Plex, depending on how it is setup could be refreshing metadata on a schedule, but I doubt that explains the volume of traffic.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.


  • Interesting. I figured it showed local traffic. That's even more concerning as my server used like 400gb this week.


    Netstat on the server or router? I'll look into it ASAP.
    I feel like it would have to refresh data 24/7 and it probably wouldn't use that much data. Netstat looks like where I need to start


    Sent from my Pixel 3 XL using Tapatalk


  • Interesting. I figured it showed local traffic. That's even more concerning as my server used like 400gb this week.


    Netstat on the server or router? I'll look into it ASAP.
    I feel like it would have to refresh data 24/7 and it probably wouldn't use that much data. Netstat looks like where I need to start.


    Sent from my Pixel 3 XL using Tapatalk

  • Interesting. I figured it showed local traffic. That's even more concerning as my server used like 400gb this week.


    Netstat on the server or router? I'll look into it ASAP.
    I feel like it would have to refresh data 24/7 and it probably wouldn't use that much data. Netstat looks like where I need to start.


    Sent from my Pixel 3 XL using Tapatalk

  • netstat or ss on the server box. A good start could be:


    ss -4


    Look at all non-local IPs it shows you.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!