Broadband - tracing data being used by 'others'?
Discussion
Need a bit of help sorting my parents broadband. They are on a limited use package as they use hardly no internet at all. Somehow though, for the last few months data has been 'used' even when it's not possible for it to have been used by them. Last month after a long time of trying to stop it happening I installed a new Netgear wireless router, changed passwords, removed SSID broadcast on wireless in case it was being stolen through that... It's STILL being used by 'other' sources. How can I trace where the data is being used? Yesterday 300mb was used in a couple of hours and most months at the moment their allocation is being used within the first few days of the month!
nyt said:
You could look at wireshark.
Capture data on your parent's PC and run a connection report and look at how many computers are connected.
How are you determining that data is being used?
Are you sure that it's not a virus or something on your parent's PC?
Have you thought of configuring the router to only accept certain MAC addresses - preventing anyone but your parents connecting.
You are using WPA and passwords??
I have downloaded Wireshark but am struggling to make out the reports (I can set a basic network up okay but am no pro!!!) and also usage is sporadic so getting my parents to run wireshark while the data use is actually happening have been hit and miss lol (they live a 40 minute drive away). Sometimes it's in the middle of the night, sometimes during the day.Capture data on your parent's PC and run a connection report and look at how many computers are connected.
How are you determining that data is being used?
Are you sure that it's not a virus or something on your parent's PC?
Have you thought of configuring the router to only accept certain MAC addresses - preventing anyone but your parents connecting.
You are using WPA and passwords??
Data use has been based on their ISP reports (newnet) that have an online use monitor, and they get emails when they are close to their limit. They have a 3gb package and before the problems didn't use even half of that a month, now it can be gone in a few days!
The data is being used while the PC - indeed while everything bar the router in the house - is turned off. Yesterdays 300mb was used while they were about 100 miles away.
No I hadn't thought of configuring the router to accept only certain Mac addresses, I will have a look into that didn't know I could
EmmaJ said:
If they only use a PC to connect to the internet which is hard-wired it'll be worthwhile disabling wifi on the router.
Unfortunately they have lots of wireless capable devices. My parents don't use a lot of data but they do like their modern toys 
All of them are off at the moment while we try and figure out what's doing it, and that's not helping Dad's mood much lol.megaphone said:
The router should be able to tell you what devices are connected to it, or there are apps available for iPhones and the like, I use Fing to check IP addresses of devices connected to a network.
http://www.overlooksoft.com/fing
Do they only have a PC connected? No TV box? Smart phones? iPad etc? All of these can use random data as they check for updates, email etc.
At times when data is being used, everything that could possibly connect to the internet has been turned off while we try and sort it. They have iPad, smart phones, sonos, laptop, security cameras etc but it's all been disconnected / turned off to check if it was a 'leak' from one of their devices and still happening. Will have a look at Fing, ta http://www.overlooksoft.com/fing
Do they only have a PC connected? No TV box? Smart phones? iPad etc? All of these can use random data as they check for updates, email etc.
marshalla said:
MAC filtering won't stop other people connecting, but it will slow them down a little as they need to find a valid MAC address first.
Wireshark is also probably not the answer as it can only monitor the network segment that it's connected to.
Two things I'd do
i) shut down all local devices and see if there are any signs of traffic through the router - if not, it's almost certainly malware of some sort - likely to be filesharing from the volumes you're talking about.
already tried, still signs of traffic when router is only thing on. Wireshark is also probably not the answer as it can only monitor the network segment that it's connected to.
Two things I'd do
i) shut down all local devices and see if there are any signs of traffic through the router - if not, it's almost certainly malware of some sort - likely to be filesharing from the volumes you're talking about.
marshalla said:
iii shut down the router when it is not needed (e.g. overnight).
Tried shutting down router overnight, but it sometimes does it during the day too so wasn't a solution 
marshalla said:
ii)i Connect to the router using a single trusted wired device and see if it shows any connected devices. If it does, you have a leech to deal with.
This is trickier as it's so sporadic as to when it happens - I went and stayed at their house the night to try and do just this, they had no leak for 3 days... 2 days after I came back, started again lolmarshalla said:
iv) Use something like Kismet (with an appropriate WiFi card) to get a list of all devices in the area and which networks they are connected to.
will have a look into this as well, ta dave_s13 said:
This is the easiest "solution". just switch them to an unlimited packaged and that's you sorted.
Their location is 'problematic' with telephony and we've dealt with mainstream cheap providers before... downtime of weeks compared with hours when going through someone with Newnet, and dealing with customer service teams who's goal is to get through the day with as little effort as possible isn't really their thing.TonyRPH said:
All of them? Are you certain? They don't have some "toy" that's been forgotten perhaps?
LOL yeah, fortunately my dad is quite anal about electronic devices, he used to be an electrician at the time when TV's and radio's caught fire with little reason, so anything that can be turned on or off is well known and accounted for - took me about a year to convince him to leave even his router on when he wasn't in the house.TonyRPH said:
Is the entire network wireless, or are there any devices connected via cable?
part and part - some toys are hard wired (but disconnected at the moment while we sort this - only the main PC is now hard wired and is always off)TonyRPH said:
What happens if you simply disable wireless - do you still see the traffic flowing?
This would be the starting point for me (unless the entire network is wireless only).
We've tried turning wifi off and not had data use while it's been off. We are going to resume testing on that one by having them turn off wifi at all times when they're not wanting to use it there and then.This would be the starting point for me (unless the entire network is wireless only).
TonyRPH said:
Also - one simple (but not always reliable method) of detecting other devices on the network is to go to a dos prompt, and ping the broadcast address - so if your network address is 192.168.0.0 - ping 192.168.0.255 - if it's 192.168.1.0 then ping 192.168.1.255 and so on (the last 3 digits are always 255 for the broadcast).
Then run "arp -da"
This should print a list of devices on the network, in the format <ip address> <mac address>.
To determine what the devices are, use the MAC address to lookup the manufacturer here
If you see any brand you don't recognise, that'll give you a astarting point - however do bear in mind that the network card brand won't always match that of the device.
Ta will have a look soon as I can get up there (awaiting reply on another thread as to why my car won't run lol :/ )Then run "arp -da"
This should print a list of devices on the network, in the format <ip address> <mac address>.
To determine what the devices are, use the MAC address to lookup the manufacturer here
If you see any brand you don't recognise, that'll give you a astarting point - however do bear in mind that the network card brand won't always match that of the device.
AW10 said:
Apols if you already know this but ipads and iphones use data 24/7 unless they're actually turned off as opposed to just a short button pass to put it into standby.
Also consider intalling data monitors on individual devices to see how much they use.
Yeah first thing we did when we noticed the problem was check Dad was actually turning them off and not putting them in standby, no such luck for a simple solution, all properly off.Also consider intalling data monitors on individual devices to see how much they use.
chris1roll said:
Would this help:
https://www.gargoyle-router.com/
Assign all of their devices static IPs, set them to be allowed to do what they want, and block/restrict all traffic from the DHCP pool?
I bought the TP-Link Wr1403ND router, for £12.50 on ebay. Sorted our problem with guests blowing our download limit, now they get 500mb/day and then cut off. I'd never got that in-depth before but it was very easy.
Cheers, unfortunatley they've just spent quite a bit on a highish end wifi router so that suggestion would go down like a lead balloon if I said I was taking it back out lol. https://www.gargoyle-router.com/
Assign all of their devices static IPs, set them to be allowed to do what they want, and block/restrict all traffic from the DHCP pool?
I bought the TP-Link Wr1403ND router, for £12.50 on ebay. Sorted our problem with guests blowing our download limit, now they get 500mb/day and then cut off. I'd never got that in-depth before but it was very easy.
BenM77 said:
What do they use for TV?
A TV The 3 gig was never even close to being bridged before the leeching of data started happening, they rarely used 1 gig a month for a whole year with all the devices.
The point isn't that they're going over the limit, the point is the limit is being used by someone other than them.
furtive said:
I bet it isn't, unless you have used WEP on the WiFi security settings in which case it's your own fault.
It will be something in the house using it. Windows updates, tablets slurping data in the background, etc.
no it's not wep, it's WPA2 on a hidden SSID and if you read the rest of the thread, the data is being used with EVERYTHING in the house capable of using it being turned off with the exception of the router.It will be something in the house using it. Windows updates, tablets slurping data in the background, etc.
furtive said:
I have read the thread - despite being asked several times if you are using WPA, you had failed to reply to that question until now...
You should be able to see which devices are connected in the router settings.
Change the WiFi password to something hard to guess but don't change the password on any of your devices and see if any data gets used. Then add each device one at a time until you find out which one is slurping all the data.
I would be very surprised if someone is hijacking your wifi connection if you are using WPA.
Do they have any powerline ethernet adaptors plugged in?
the comment was more aimed at things being on - just saying I know that it's nothing in their house as it's all been completely shut down when data is going. We did change the password, for a short while no data was used, then it started again. Same as when we changed the router for a new one, a few weeks of no data usage, then it started back up again. You should be able to see which devices are connected in the router settings.
Change the WiFi password to something hard to guess but don't change the password on any of your devices and see if any data gets used. Then add each device one at a time until you find out which one is slurping all the data.
I would be very surprised if someone is hijacking your wifi connection if you are using WPA.
Do they have any powerline ethernet adaptors plugged in?
No powerline adaptors, they have two Netgear Extenders at either end of the house, both off when data has been used. My dad is Mr Anal about things being turned off at the socket when they're not in the house, it took me best part of a year to convince them that they should leave the router on, other than the fridge /freezer, if they leave the house EVERYTHING is shut down. At the moment we are running a test with wifi being turned off as well on the router when they're not in - the problem is they have a burst of high use, with gb's being used in a few days, then nothing for a couple of weeks, so tests have to be over quiet a period to ascertain if they've made any difference!
No sneaky grandchildren, no. We were wondering if it's possible that one of the neighbours PC's were infected with something and access was being gained through those, we don't think they have the inclination or aptitude to do it themselves, but wondered if someone may be using their equipment to do so (reason being for two weeks they were both away and no data was used at all)
marshalla said:
Have any of the neighbours visited and brought their gadgetry with them, and connected it to the problem router ?
If so - there's your answer. They're picking up the "wrong" signal and connecting to it automatically at times (e.g. when at the end of the garden, other side of their house from their router etc.)
No unfortunately not, would be a nice simple solution, but they're not that social lol.If so - there's your answer. They're picking up the "wrong" signal and connecting to it automatically at times (e.g. when at the end of the garden, other side of their house from their router etc.)
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff