Strange Network Problem.

[B-1]

Wireshark is only good for examining traffic on the device it's installed on unless you have a span/monitor port set up on the switch, which in this case I doubt.

You can run it as Man in the Middle and just proxy the traffic through a laptop temporarily on each of the cables.

 

[William1102]

The ISP refuse to give access to the router itself, why I can't tell you because it is stupid, it is your network you should have access to it.

Vox?

 

[William1102]

Had a similar issue couple years back, turned out to be a compromised CCTV DVR intermittently maxing out the line upload.

I always worry about this , always limit traffic to 2mb upload but I see even when not in use it has very light (Kbs) of traffic all day

 

[William1102]

Friends of ours have a very strange problem and I can't seem to figure it out.

So the network upload stream remain saturated to the point that games, video calls and even discord will disconnect randomly. At first we suspected it might be the ISP connection and they where contacted. They found no problem and the line is running at full speed of about 100Mbps up/down. Next all the network cables was replaced with new cables to rule out any problems. It is a simple home network that runs CAT6 and all the devices are directly connected to the ISP router.

What we found on the usage panel was strange, the majority or the usage was upload traffic. The download traffic is minimal. After using a few tools to identify each device on the network we ruled out any outside connections. We ran spyware tools, antivirus tools to rule out malware and the computers had no known infections. The upload traffic is at a point just saturated.

I was wondering if there is a tool that is not Wireshark that can show active up/down traffic of each IP address. Then we can Identify what system or phone is saturating the network. I am not aware of anyone doing streaming on Twitch/YouTube or if anyone is running any type of private server. But I am hoping the tool can point that out. I have tried free tools but they lack the functionality to truly inspect upload download traffic in a simplified form.

Any suggestions on free tools that can maybe give us a clearer view on what is happening.

Could try changing the Wi-Fi password (force all devices off the Wi-Fi) firstly then unplug each Ethernet connected device, next plug in a laptop and run a speedtest to see the results, if all good plug each device in one by one to find the problem device

I assume it is Vox which uses a Mikrotik and they refuse access for their customers, can they not see where the traffic is coming from?

 

[The_Ogre]

FUP/AUP?

 

[Jackal65]

If you don't have access to the router, how do you know upload is saturated?
Try a different router first and see if its perhaps not a QoS issue.

The ISP provides a portal with usage analytics

 

[Jackal65]

Right was working all day so sorry for not answering.

I am waiting for a response but it seems that the uploads are really heavy. I have made the same suggestions about password changes and all that we will have to wait and see when they respond. Till then I guess we are in the dark.

 

[Jackal65]

Update,

Turns out the dogy android TV was part of the problem, The ISP also indicated that the router had a damaged port that failed intermixingly. So after the TV box was disconnected and the ISP replaced the router the network ran smoothly. My question now is how did the connector on the router get damaged and was the BLACK burning marks not a good enough indication that something was ****ed?

I suspect someone did something stupid with a POE

Anyhow solved.

 

[Sinbad]

Or lightning.