Broadband - tracing data being used by 'others'?

You could look at wireshark.

Capture data on your parent's PC and run a connection report and look at how many computers are connected.

How are you determining that data is being used?

Are you sure that it's not a virus or something on your parent's PC?

Have you thought of configuring the router to only accept certain MAC addresses - preventing anyone but your parents connecting.

You are using WPA and passwords??

I have downloaded Wireshark but am struggling to make out the reports (I can set a basic network up okay but am no pro!!!) and also usage is sporadic so getting my parents to run wireshark while the data use is actually happening have been hit and miss lol (they live a 40 minute drive away). Sometimes it's in the middle of the night, sometimes during the day.

Data use has been based on their ISP reports (newnet) that have an online use monitor, and they get emails when they are close to their limit. They have a 3gb package and before the problems didn't use even half of that a month, now it can be gone in a few days!

The data is being used while the PC - indeed while everything bar the router in the house - is turned off. Yesterdays 300mb was used while they were about 100 miles away.

No I hadn't thought of configuring the router to accept only certain Mac addresses, I will have a look into that didn't know I could

Unfortunately they have lots of wireless capable devices. My parents don't use a lot of data but they do like their modern toys All of them are off at the moment while we try and figure out what's doing it, and that's not helping Dad's mood much lol.

At times when data is being used, everything that could possibly connect to the internet has been turned off while we try and sort it. They have iPad, smart phones, sonos, laptop, security cameras etc but it's all been disconnected / turned off to check if it was a 'leak' from one of their devices and still happening. Will have a look at Fing, ta

MAC filtering won't stop other people connecting, but it will slow them down a little as they need to find a valid MAC address first.

Wireshark is also probably not the answer as it can only monitor the network segment that it's connected to.

Two things I'd do

i) shut down all local devices and see if there are any signs of traffic through the router - if not, it's almost certainly malware of some sort - likely to be filesharing from the volumes you're talking about.

iii shut down the router when it is not needed (e.g. overnight).

ii)i Connect to the router using a single trusted wired device and see if it shows any connected devices. If it does, you have a leech to deal with.

iv) Use something like Kismet (with an appropriate WiFi card) to get a list of all devices in the area and which networks they are connected to.

This is the easiest "solution". just switch them to an unlimited packaged and that's you sorted.

All of them? Are you certain? They don't have some "toy" that's been forgotten perhaps?

Is the entire network wireless, or are there any devices connected via cable?

What happens if you simply disable wireless - do you still see the traffic flowing?

This would be the starting point for me (unless the entire network is wireless only).

Also - one simple (but not always reliable method) of detecting other devices on the network is to go to a dos prompt, and ping the broadcast address - so if your network address is 192.168.0.0 - ping 192.168.0.255 - if it's 192.168.1.0 then ping 192.168.1.255 and so on (the last 3 digits are always 255 for the broadcast).

Then run "arp -da"

This should print a list of devices on the network, in the format <ip address> <mac address>.

To determine what the devices are, use the MAC address to lookup the manufacturer here

If you see any brand you don't recognise, that'll give you a starting point - however do bear in mind that the network card brand won't always match that of the device.


ETA: You could also use nmap to establish exactly what's on the network.

Usually, with unknown traffic - you look for unknown devices first - and then use Wireshark (with IP or MAC filters) to home in on these unknown devices to see what traffic they are generating / passing, rather than try to examine the entire network.

LOL yeah, fortunately my dad is quite anal about electronic devices, he used to be an electrician at the time when TV's and radio's caught fire with little reason, so anything that can be turned on or off is well known and accounted for - took me about a year to convince him to leave even his router on when he wasn't in the house.

part and part - some toys are hard wired (but disconnected at the moment while we sort this - only the main PC is now hard wired and is always off)

We've tried turning wifi off and not had data use while it's been off. We are going to resume testing on that one by having them turn off wifi at all times when they're not wanting to use it there and then.

Ta will have a look soon as I can get up there (awaiting reply on another thread as to why my car won't run lol :/ )

You could install remote control software onto their pc. Save you a journey. Easier than asking people to do stuff down a network line.
http://pcsupport.about.com/od/remote-access/tp/fre...

Use WPA(2), if you are already using WPA, disable WPS which close the major vunerability. If still happening you are 1) way out of your league, 2) It is one of those Gadgets.

http://kb.netgear.com/app/answers/detail/a_id/96/~...

Have a look at the router logs

http://kb.netgear.com/app/answers/detail/a_id/1014...

Depending on what router you are using, enable the Traffic Meter and Disable unnecessary traffic.

http://documentation.netgear.com/fvs336g/enu/202-1...