Who's using my WLAN!?
Discussion
Hi folks.
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
There don't seem to be any issues on PH, it happens on all of my PCs, I have checked for spyware and viruses, I am running Windows firewall under a SP'd XP, about to rebuild one of the machines to check that isn't the problem.
I'm on Demon ADSL 8Mb line, speed tests come back OK (I think 4 or 5Mb, not bad considering), so I am at a loss.
My router is a Draytek Vigor 2600We, quite good I am led to believe. Always had trouble with the wireless networking though, sometimes it's OK, sometimes not. At the moment WEP refuses to work (have tried a million times with different keys, etc.) so I have an unprotected network. I am using MAC addressing which I understand only allows network cards with a certain MAC address to connect.
Is there any way I can monitor traffic through my internet connection and where it comes from? I used to have some sort of monitor program but it was ridiculously complicated and didn't really tell me much.
About the best thing I can do at the moment is check the DHCP IP assignment table on the router to see what machines have used it recently...
Any thoughts?
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
There don't seem to be any issues on PH, it happens on all of my PCs, I have checked for spyware and viruses, I am running Windows firewall under a SP'd XP, about to rebuild one of the machines to check that isn't the problem.
I'm on Demon ADSL 8Mb line, speed tests come back OK (I think 4 or 5Mb, not bad considering), so I am at a loss.
My router is a Draytek Vigor 2600We, quite good I am led to believe. Always had trouble with the wireless networking though, sometimes it's OK, sometimes not. At the moment WEP refuses to work (have tried a million times with different keys, etc.) so I have an unprotected network. I am using MAC addressing which I understand only allows network cards with a certain MAC address to connect.
Is there any way I can monitor traffic through my internet connection and where it comes from? I used to have some sort of monitor program but it was ridiculously complicated and didn't really tell me much.
About the best thing I can do at the moment is check the DHCP IP assignment table on the router to see what machines have used it recently...
Any thoughts?
You can run a syslog client on your pc.
Part of the draytek interface allows you to specify the output IP address for syslog messages, so you set this to be your pc's IP address and run the client up.
I think there is a syslog client on the draytek cd. If not, it's either available as a download from draytek.co.uk/through a link on the draytek forum/google. Doesn't have to be a draytek specific client; syslog is a standard format so many clients available. If you're lucky, there will be an app for extly this purpose available.
Posting this question on the draytek forum might yield some alternative (and likely better suggestions) - it's been a while since I played with syslog.
Part of the draytek interface allows you to specify the output IP address for syslog messages, so you set this to be your pc's IP address and run the client up.
I think there is a syslog client on the draytek cd. If not, it's either available as a download from draytek.co.uk/through a link on the draytek forum/google. Doesn't have to be a draytek specific client; syslog is a standard format so many clients available. If you're lucky, there will be an app for extly this purpose available.
Posting this question on the draytek forum might yield some alternative (and likely better suggestions) - it's been a while since I played with syslog.
Until you get the problem sorted why not try turning off the power to the router when it's not being used? This may discourage people trying to use your network if they can't rely on it being there when they want it. If you're going away for a few days plug it into a timer set to keep turning it on/off every half hour. That should p155 off the thieving scrotes.
I sometimes use my neighbors network when my own one is down but only to check/send email and I keep the bandwidth used to a minimum. My thinking is if you tear the arse out of it people will put an end to a useful backup service!
I sometimes use my neighbors network when my own one is down but only to check/send email and I keep the bandwidth used to a minimum. My thinking is if you tear the arse out of it people will put an end to a useful backup service!
NiceCupOfTea said:
Hi folks.
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
I think 'the internet' is just like that - I'm on BtBroadband and some days it seems to fly and other days is crawls. I sometimes find that resetting router 'seems' to help, but it might just be physcosomatic.
NiceCupOfTea said:
I am using MAC addressing which I understand only allows network cards with a certain MAC address to connect.
I know it's possible to hack all these things, but, assuming it's enabled properly, then it's pretty unlikely that someone else is using your link
You could use Ethereal / Wireshark - this can keep a copy of all network traffic, not just traffic to/from your machine. Leave it monitoring for 24 hours, or just when its slow, then filter out the source/destination of your laptops IP, whats left should be any other machines using the net during that period. The added bonus is you can use it to sniff email account usernames/passwords if necessary.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
SneakyNeil said:
You could use Ethereal / Wireshark - this can keep a copy of all network traffic, not just traffic to/from your machine. Leave it monitoring for 24 hours, or just when its slow, then filter out the source/destination of your laptops IP, whats left should be any other machines using the net during that period. The added bonus is you can use it to sniff email account usernames/passwords if necessary.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
Ethereal won't work with a switch (only a hub), unless someone is accessing the machine running ethereal directly.
scorp said:
SneakyNeil said:
You could use Ethereal / Wireshark - this can keep a copy of all network traffic, not just traffic to/from your machine. Leave it monitoring for 24 hours, or just when its slow, then filter out the source/destination of your laptops IP, whats left should be any other machines using the net during that period. The added bonus is you can use it to sniff email account usernames/passwords if necessary.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
However, as said, if MAC filtering is working I think it's medium-unlikley that anyone is piggybacking.
Ethereal won't work with a switch (only a hub), unless someone is accessing the machine running ethereal directly.
Wifi isn't switched...
NiceCupOfTea said:
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
This happens to a fair number of people and it is a problem with PH, not with your connection.
trooperiziz said:
NiceCupOfTea said:
I've had a lot of problems with my internet connection recently, most seem to be on PH. It's all latency issues really, pages not coming down and then suddenly flying after a refresh, pages halting on ads half way down.
This happens to a fair number of people and it is a problem with PH, not with your connection.
Often the reason why a website will randomly go slow is external adverts. doubleclick's servers are renound for going bang and slowing everything down.
WTFH said:
What O/S?
What browser?
What anti-virus?
What ant-spyware?
What firewall?
(If any of the bottom three answers include the word "Norton", then excuse me while I point and laugh)
What browser?
What anti-virus?
What ant-spyware?
What firewall?
(If any of the bottom three answers include the word "Norton", then excuse me while I point and laugh)
XP (service packed)
Firefox
AVG Free
Spybot S&D
Windows Firewall + router firewalling
However, after having so many problems recently (now including some file corruption and mouse pointer periodically freezing (although bizarrely if you "guess" the right place to click the mouse still works)) I installed a different virus checker, NOD32, which has found several viruses/trojans, F knows where from
Why the hell AVG didn't pick them up I don't know, all the latest definition files...
PH in particular has been very sluggish for the last 4 months or so, just started one day, and it's always like that
If I can manage to get the machine clean (not easy without a working mouse) I'll address WLAN "sharing" issues then - thanks for the advice...
Add to the list: -
Windows Defender, and
Adaware
Lets each one do a full scan and tackle the results before you move on to the next. If you are certain you have loads of malicious software running on the machine then try and clean this up first.
If you want to do a quick check to see if there is any lag on the internet line, do a simple "tracert" via a command prompt to several sites. For example, if you noticed that one site has always been running smoothly and responsive then compare it to PH: -
Start -> Run -> cmd [ENTER]
tracert www.WorkingWebsite.com [ENTER](just enter the one you know from above); then
tracert www.pistonheads.com [ENTER]
Compare the two results. The first few 'hops' will be the same in both cases and show the time it took to reach that node, in milliseconds. If the numbers are in the hundreds and possibly high-hundreds then there is a considerable delay somewhere along the path. Just post your results when you get to this point if there is indeed something not right. Oh and forgot to add that its best to do this while there is no other traffic - just disconnect all other computers for a brief period to do this and even use the wired connection as opposed to a wireless for the tests. Consistency is important here.
Regards
Popolou
Windows Defender, and
Adaware
Lets each one do a full scan and tackle the results before you move on to the next. If you are certain you have loads of malicious software running on the machine then try and clean this up first.
If you want to do a quick check to see if there is any lag on the internet line, do a simple "tracert" via a command prompt to several sites. For example, if you noticed that one site has always been running smoothly and responsive then compare it to PH: -
Start -> Run -> cmd [ENTER]
tracert www.WorkingWebsite.com [ENTER](just enter the one you know from above); then
tracert www.pistonheads.com [ENTER]
Compare the two results. The first few 'hops' will be the same in both cases and show the time it took to reach that node, in milliseconds. If the numbers are in the hundreds and possibly high-hundreds then there is a considerable delay somewhere along the path. Just post your results when you get to this point if there is indeed something not right. Oh and forgot to add that its best to do this while there is no other traffic - just disconnect all other computers for a brief period to do this and even use the wired connection as opposed to a wireless for the tests. Consistency is important here.
Regards
Popolou
Edited by Popolou on Wednesday 31st January 23:35
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff