Troubleshooting slow Internet

April 11th, 2008 by scott

This is completely unrelated to cycling or travel, but I thought I’d post it anyway, since I couldn’t find anything on the ‘net describing this problem in detail.

Over the past couple of days, we’ve seen intermittent slow Internet performance. A single page download may succeed, but none of the pictures will load. After resetting our wireless gateway/firewall/router, it would be OK for 15-30 minutes, then get bad again. I have a Linksys WRT-54G running DD-WRT firmware, and I initially thought it was either the hardware going bad, or a firmware bug. When the problem occurred, it took much longer than usual to log in, but once logged in, things looked fairly normal. DD-WRT is basically Linux, so the “top” command is sometimes useful to see how busy the system was. Strangely, it wasn’t very busy.

Digging deeper, I found /proc/net/ip_conntrack was filled with entries like this:

udp 17 3454 src=192.168.1.112 dst=140.113.242.224 sport=22465 dport=23867 src=140.113.242.224 dst=99.224.x.x sport=23867 dport=22465 [ASSURED] use=1 rate=119 mark=0

The commonality was UDP port 22465 and 192.168.1.112, which was Becky’s Windows machine. After shutting down all the applications, I still saw more of these connections. I had to look at the processes running, and kill them off one by one. These connections were open for a very short duration on the Windows side, so it was hard to find them. I couldn’t see them using netstat -o or Process Explorer. There may be other tools to monitor TCP/UDP connections being opened and closed on Windows, but they weren’t immediately obvious. On the various Unix-like OS’s (including Mac OS-X), lsof and strace (or equivalent) would be my preferred tools.

Key points:

  1. BitTorrent DNA can make a bunch of background p2p connections, even when you aren’t using your computer for any of the targeted streaming services
  2. BitTorrent DNA is associated with UDP port 22465 by default
  3. BitTorrent DNA doesn’t install a system tray icon to let you know it’s running, or easily disable it (evil!)
  4. Standard gateways are not tuned to handle the number of short duration connections generated by a p2p app. There are lots of pages showing how to tune different routers to handle this.

Now that I know what I’m looking for, there’s a post on the DD-WRT Wiki discussing slowdowns with p2p traffic, and how to appropriately tune . Since I didn’t know Becky was running a p2p app (and neither did she), this wasn’t initially obvious.

The good news is that this forced me to learn a bit more about Linux on the WRT-54G, including how to install supplemental packages using ipkg. Now that I have tcpdump installed, it will be much easier to look at the traffic going through the box.

Leave a Reply