Unexplained bandwidth usage/Connections not ending

Discussion in 'Tomato Firmware' started by LadFromWales85, Oct 12, 2006.

  1. LadFromWales85

    LadFromWales85 Network Guru Member

    Hey all.

    Recently 'upgraded' my WRT from DD-WRT to Tomato, and loving it so far, though I've noticed a small issue which is teasing me slightly, as it is causing a consistant stream of bandwidth use, 6-10kB/sec in both directions. I've tracked it down to connections to the port I forward to allow Skype to make direct connections, so it is probably related to Skype. But, upon closing Skype, or even shutting down the computer, the connections remain, and the bandwidth continues to be used (even right now, the 'Skype' PC is off, but the connections are still up!)

    I've noticed that the figures reported on Advanced > Conntrack are incorrect. The GUI shows that there are zero UDP>Unreplied connections, yet grepping /proc/net/ip_conntrack and wc'ing the lines shows over 200 UDP>Unreplied connections. As the time is set to 30 seconds by default, why are there still connections, even now? I'm assuming there are new connections being opened just as fast as the old ones are timing out?

    I realise that these connections are attempts by Skype relays to form a node, which is undesirable behavior, especially after I've closed the Skype client. Aside from rebooting my WRT to clear the connection tracker, how can I prevent this from happening?

    Cheers all!


    # cat /proc/net/ip_conntrack | wc -l

    # cat /proc/net/ip_conntrack | grep 6882 | wc -l

    # cat /proc/net/ip_conntrack | grep 6882 | grep UNREPLIED | wc -l

    # cat /proc/net/ip_conntrack | grep 6882 | grep ESTABLISHED | wc -l

    The UI shows zero UDP Unreplied connections, though the TCP Established count is right.

    Why are these connections still appearing, dispite the Skype client being terminated, and even the PC being shut down?
  2. wycf

    wycf Network Guru Member

    I think we have the same question which I posted on here:

    Then I use Wall Watcher to monitor the WAN side traffic. I am using high speed cable modem to connect to Internet. After few hour monitoring, I found that there are constant DHCP broadcast arrived on my router's WAN side. Could this be the reason that Tomato shows the constant traffic?
  3. LadFromWales85

    LadFromWales85 Network Guru Member

    I removed the port forward associated with Skype, and the transfer to the PC instantly stopped. Looking at the bandwidth graph, I now see a constant incoming stream of about 2.71kB/sec, but not outgoing. The number of connections in the conntrack has dropped to below 50, but there is still a stream of incoming data :s
  4. Reiper

    Reiper LI Guru Member

    I almost always have 4-5 kb/s incomming (no outgoing though) when there is no LAN activity... I wasn't sure if this was just "noise" on the internet. If you watch the WAN light on the Linksys it is always blinking even without LAN activity. From what I've read elsewhere I believe this is normal.
  5. LadFromWales85

    LadFromWales85 Network Guru Member

    It never used to happen with me. When my connection was idle, the modem and router activity LED's went static, with just the odd blink for whatever.

    Does seem to be quietening down now, down to about 1.5kB/sec, and no tracked connections as they are just being dropped due to no associated forward for the port. Maybe they'll stop over the next few hours :)
  6. aeonone

    aeonone Network Guru Member

    Actually it is entirely the fault of Skype.

    There was an article about Skype becoming a supernode for those who had properly set up portforwarding to help those who were stuck behind firewalls. It uses you as an intermediary to establish connections. It also lingers even after you've closed Skype, until you reboot the system. It's controversial for many people. I also noticed that my cpu usage would spike every now and then. That's why I uninstalled Skype.

    I'll try to find the link.
  7. lwf-

    lwf- Network Guru Member

    Skype is a evil piece of software in a black box, I surely doesn't trust it or its protocol.
  8. MiseryQ

    MiseryQ Network Guru Member

    uTorrent does'nt always clear the uPNP ports when shut down and I'll get a lot of warnings from my software firewall about this.
    Once cleared they stop. It's not the fault of Tomato.
  9. u3gyxap

    u3gyxap Network Guru Member

    That is actually a good thing. Many people are behind some sort of firewall and Skype does the best it can to establish communication between them. Sometimes that involves other Skype users with properly set connection (no firewall, or properly set Port Forwarding, DMZ, or uPNP), which route some of the traffic.
    That is why Skype is known to work in every setup, regardless if you do or do not have firewall.
    I personaly don't mind the 4-5KB/s and leave Skype working 24/7 just to help other poor souls.
