What's new

large rhythmic spikes in network traffic

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

southlake

Occasional Visitor
Can you guys make heads or tails of this?

I have cable internet, a Netgear CM600 modem, and an Asus RT-AC88U router.

What happens at random times during the day, streaming services will start getting jammed up (on apple tv somewhere on the network), if i'm gaming at my PC, i'll start getting packet loss, to the point of dropping. All devices on the entire network are moderately effected when this happens. I have ruled out all of the devices on the network by removing them once this pattern starts, and observing this same pattern of traffic with only the router and the modem online together.

If I reset the modem, the problem goes away, sometimes for a day, sometimes less.
QoS is turned off on the router.

I think I need a new modem, I ordered one, not here yet. I'm curious if anyone has run into anything like this before. Would an overheating modem behave like this?

Since the behavior exists while my desktop PC, and other clients are physically off of the network, I'm assuming that means that nothing on the network is compromised. Is that a safe assumption? example; if my PC were compromised, and I removed it from the network then the traffic pattern would stop as there would be no destination or malicious exe running

Below is what it looks like when its acting up:
50103567817_681e494720_z.jpg
 
Last edited:
The new modem will be here today, although im not 100% convinced yet its the modem now. I reformatted the PC on the network, and had much more normal looking network traffic the last two nights. I havent seen those spikes return. However, I did still get disconnects last night. Im not sure it wasnt maintenance by my ISP though, would be a little too coincidental. The Netgear CM600 does not use the intel chip set, it uses Broadcom BCM3384 chip
 
It seems unlikely that's it's an issue the the modem per say.

Your screen shot shows traffic leaving the router but you say this happens when there are no devices connected to the LAN (other than the monitoring device). If that is true when we must conclude that the source of the traffic is the router itself. The only thing I can think of that might consume such a large volume of traffic would be the router trying (and failing) to update its AiProtection database or download a new firmware.
 
Weird that you mention that, I looked at the RT-88Us log and found this around the time I started having problems:
Jul 14 01:13:58 WAN Connection: ISP's DHCP did not function properly.
Jul 14 01:13:58 DualWAN: skip single wan wan_led_control - WANRED off
Jul 14 01:13:58 nat: apply redirect rules
Jul 14 01:13:59 nat: apply nat rules (/tmp/nat_rules_eth0_eth0) error!
Jul 14 01:13:59 wan: finish adding multi routes
Jul 14 01:13:59 miniupnpd[31993]: shutting down MiniUPnPd
Jul 14 01:13:59 start_ddns: update WWW.ASUS.COM dyndns, wan_unit 0
Jul 14 01:14:00 ddns update: ez-ipupdate: starting...
Jul 14 01:14:00 ddns update: asus_private() interface =eth0
Jul 14 01:14:00 ddns update: g_asus_ddns_mode == 2
Jul 14 01:14:00 miniupnpd[32341]: version 1.9 started
Jul 14 01:14:00 miniupnpd[32341]: HTTP listening on port 37130
Jul 14 01:14:00 miniupnpd[32341]: Listening for NAT-PMP/PCP traffic on port 5351
Jul 14 01:14:00 ddns update: connected to nwsrv-ns1.asus.com (52.250.42.40) on port 443.
Jul 14 01:14:00 ddns update: Asus update entry:: return: HTTP/1.1 200 OK^M Date: Tue, 14 Jul 2020 05:14:00 GMT^M Server: Apache/2.4.29 (Ubuntu)^M Content-Length: 0^M Connection: close^M Content-Type: text/html; charset=UTF-8^M ^M
Jul 14 01:14:00 ddns update: retval= 0, ddns_return_code (,200)
Jul 14 01:14:00 ddns update: asusddns_update: 0

I also found this in the modem log. Not sure if any of the above or below are normal or not:
Warning: DHCP Warning: Non-critical field invalid in response; CM-MAC= (mac address of MODEM) ; CM-MAC= (mac address I don't recognize); CM QOS=1.0, CM-VER=3.0
 
The messages in the Asus log would be consistent with it having lost its WAN connection and then it being restored. e.g. if its WAN cable was temporarily disconnected or the modem had rebooted. You'd really have to see those messages in context with the rest of the log rather than looking at just 2 seconds worth.

The modem message by itself doesn't necessarily indicate a problem but if you get lots of them together with other messages all occurring within a few minutes of each other then there could be an issue with your line.
 
Thank you for looking, the log file is like a haystack, and I can only partially understand what im looking at.

When I pull up the modem status, the SNR and power look good that are populated into the fields for QAM 256 (had to google it).

I have disabled the Asus Ai protection, traffic monitoring (was already off), and NAT acceleration in the AC88U. I guess to rule out the router entirely, Id have to unplug the router from the network, plug the PC directly into the modem during an event, and get more accurate time stamps to try and dissect the logs.

When things start getting screwed up, I can attempt to run a speed test online, often times the speed test will be unable to test the UPLOAD speed while these events are occurring.
 
You could upload the entire log to pastebin for us to look at and see the errors in context. But I suspect the problem is with your ISP internet connection. Log into the modem and keep an eye on the log file for critical errors or indications of it rebooting. Also have a look at the Downstream "Post RS Errors". They should be pretty static but if they're increasing at a large rate there's a problem.
 
Last edited:
much better tonight. No disconnects, or weird traffic spikes for the first time in many weeks.
- new (similar) modem installed (Motorola MB7621)
- rolled back router firmware a few revisions to stop "portsLinkStaus=" from appearing in the log every 4 seconds.
- Made sure all router apps were off, qos off, traffic monitoring off, and turned off AiProtection stuff
- freshly reformatted PC

The log for the modem was totally clear all night. The log on the router was mostly clear with the only exception of "disassociated leaving" and "associated" lines to my phones mac from moving around (i think). Not sure which one of those things it could have been, but they were all suspicious to me as being possible culprits.
 
Not sure which one of those things it could have been, but they were all suspicious to me as being possible culprits.

Changing one thing at a time can help reveal the culprit. If you put the old modem back and the problem returns, then you can recycle that old modem instead of saving it for backup.

OE
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top