Wifi data has EXPLODED....why?

Anthony Ficklin · Jul 6, 2013

Hey guys, I have an odd issue I can't really figure out on my own. I've been in my apartment for over a year now with Cox internet, 3.0 modem and an Asus RT-N66U router. Always had an average on three computers, 3 phones, and a smart TV pulling data. We are three college students who are darn good at using data. Constantly on Netflix, Spotify, Reddit, Online game, etc. But we have never gone over 300GB a month....until this month. Got a notification from Cox only 8 days into the cycle that we are at 344GB with 22 days left. Now, five days later, we stand at 581gb. We have in no way changed our habits, and Im not sure why we are using so much data. We just got done watch all of Breaking Bad in a two week period, but binge watching shows off the internet is common place here and we have never run into this problem. I've logged into the router, and I see no MACs that I dont recognize and everything looks fine. I do have have a security code, and my guest network is disabled. Any ideas? Any help will be greatly appreciated.

Thanks!

USAFRet · Jul 6, 2013

Someone accidentally leave a torrent seeding?

Anthony Ficklin · Jul 6, 2013

No one here uses torrents, so I dont think so. Also, I check the traffic, and I get HUGE spikes of data pull for a couple minutes and then nothing. I dont see these spikes in the wired, 2.4ghz or 5ghz bands but when I look at the total they are there. Makes no sense

fyrye · Jul 6, 2013

Enable MAC Filtering and add the MAC addresses you want connected to the list.
Just because they weren't on at the time doesn't mean they weren't and didn't delete their entry from the list.

Next if your router supports it, enable traffic logging/monitoring to determine where the issue is coming from.

What kind of bandwidth do they provide and do they combine upload and download for their cap?

USAFRet · Jul 6, 2013

What WiFi security are you using?

Anthony Ficklin · Jul 6, 2013

Im using WPA right now. I have 50mbs down and I can't find whether or not they combine down and up. But I do now My received is exponentially bigger than my sent when these "spikes" hit.

And Im going to try the filtering. I'll keep you posted.

fyrye · Jul 6, 2013

Anthony Ficklin :

Switch to WPA2-personal if capable, WPA is crackable, also disable your WPS button since there are loopholes in that as well. Call the ISP and determine if it combined or not as they may be a factor in the data rates. 50Mbps it's possible, but you would need to be downloading ISO quality, streaming is usually significantly less size.
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

The only other thing I can think of is malware/trojan outside of torrent or filesharing.

http://www.apartmenttherapy.com/how-much-monthly-bandwidth-doe-136401

Anthony Ficklin · Jul 6, 2013

Alright. It's on WPA-2 Personal. Filtered to only let my laptops MAC through. Everything else at the aprtment it turned off. The router config says only one device is connected, so no one is sneaking in right now, but Im still getting small minute long periods of huge data pull. All programs are off on my comp. I have no idea what is pulling the data or where it's going. Im running a full malware/virus scan now to see what that turns up..

USAFRet · Jul 6, 2013

Anthony Ficklin :

Only one machine on and connected, and it's still doing it?
Virus/malware would seem to be the problem.

fyrye · Jul 6, 2013

Anthony Ficklin :

Be sure to run TDSKiller (kaspersky rootkit scanner) I have seen some nasty rootkits that do an enormous amount of random downloading, sometimes connected to upwards of 90 different IP addresses.

Does the router tell you which IP etc is producing the traffic?

To do an immediate check if running windows, open a command prompt, and type in NETSTAT -a which will tell you all connected IPs

Anthony Ficklin · Jul 6, 2013

Well. I ran the rootkit scanner and it was clean. The full virus scan also finished up and is completely clean. My router is only showing a single ip connected. I don't see any crazy traffic right now, but I reckon it will come back in a couple minutes. I'll keep you updated. A big thanks to everyone who's replied though. Really appreciate it

fyrye · Jul 6, 2013

To get a better idea of what's running and connecting to the internet try using Process Hacker
http://processhacker.sourceforge.net/

It'll show you which application is using network traffic what IP it's connecting to and allow you to terminate the application/connection.

Anthony Ficklin · Jul 6, 2013

Update. It has continued to have huge spikes in the data. Used process hacker and i cant find anything unusual on there. I am beyond confused right now.

fyrye · Jul 6, 2013

Anthony Ficklin :

What anti-virus did you use?

Anthony Ficklin · Jul 6, 2013

fyrye :

Symantec Endpoint Protection

fyrye · Jul 6, 2013

Anthony Ficklin :

Run Malwarebytes, don't agree to the free trial to avoid collisions of real-time scanning.
http://www.malwarebytes.org/products/malwarebytes_free/

Anthony Ficklin · Jul 6, 2013

fyrye :

I ran that malware scan and got 0 results. That picture is an example of what happens. I go from averaging 300kbs with regular use to over 5000kbs and it just stays there and then poof, its gone.

USAFRet · Jul 6, 2013

Anthony Ficklin :

Where are you monitoring this bandwidth use? On your PC or at the router?

Anthony Ficklin · Jul 6, 2013

USAFRet :

That's data through the router.

USAFRet · Jul 6, 2013

Anthony Ficklin :

If you can, boot into a Linux LiveCD and monitor the router. Shut down everything else in the house.
If it continues, then it is coming from the outside.

If it stops completely, then it is probably some device in the house. Turn on one by one until you see it happening again.

Wifi data has EXPLODED....why?

Honorable

Titan

Honorable

Honorable

Titan

Honorable

Honorable

Honorable

Titan

Honorable

Honorable

Honorable

Honorable

Honorable

Honorable

Honorable

Honorable

Titan

Honorable

Titan

Share this page