This is completely unrelated to cycling or travel, but I thought I’d post it anyway, since I couldn’t find anything on the ‘net describing this problem in detail.
Over the past couple of days, we’ve seen intermittent slow Internet performance. A single page download may succeed, but none of the pictures will load. After resetting our wireless gateway/firewall/router, it would be OK for 15-30 minutes, then get bad again. I have a Linksys WRT-54G running DD-WRT firmware, and I initially thought it was either the hardware going bad, or a firmware bug. When the problem occurred, it took much longer than usual to log in, but once logged in, things looked fairly normal. DD-WRT is basically Linux, so the “top” command is sometimes useful to see how busy the system was. Strangely, it wasn’t very busy.
Digging deeper, I found /proc/net/ip_conntrack was filled with entries like this:
udp 17 3454 src=192.168.1.112 dst=140.113.242.224 sport=22465 dport=23867 src=140.113.242.224 dst=99.224.x.x sport=23867 dport=22465 [ASSURED] use=1 rate=119 mark=0
The commonality was UDP port 22465 and 192.168.1.112, which was Becky’s Windows machine. After shutting down all the applications, I still saw more of these connections. I had to look at the processes running, and kill them off one by one. These connections were open for a very short duration on the Windows side, so it was hard to find them. I couldn’t see them using netstat -o or Process Explorer. There may be other tools to monitor TCP/UDP connections being opened and closed on Windows, but they weren’t immediately obvious. On the various Unix-like OS’s (including Mac OS-X), lsof and strace (or equivalent) would be my preferred tools.
Key points:
- BitTorrent DNA can make a bunch of background p2p connections, even when you aren’t using your computer for any of the targeted streaming services
- BitTorrent DNA is associated with UDP port 22465 by default
- BitTorrent DNA doesn’t install a system tray icon to let you know it’s running, or easily disable it (evil!)
- Standard gateways are not tuned to handle the number of short duration connections generated by a p2p app. There are lots of pages showing how to tune different routers to handle this.
Now that I know what I’m looking for, there’s a post on the DD-WRT Wiki discussing slowdowns with p2p traffic, and how to appropriately tune . Since I didn’t know Becky was running a p2p app (and neither did she), this wasn’t initially obvious.
The good news is that this forced me to learn a bit more about Linux on the WRT-54G, including how to install supplemental packages using ipkg. Now that I have tcpdump installed, it will be much easier to look at the traffic going through the box.