Tech Question on Routers

Discussion in 'The Barracks' started by Gazz, Aug 27, 2003.

  1. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    Can anyone with tech knowledge please give me some guidance on a perceived problem I am encountering? I posted the below onto the Whirlpool forum but thought some people here might also be able to help.

    I have BP ADSL which has been connected for over 2 years via a Netgear RT314 router. 2 other computers are also connect to the one internet connection. Normally we have no problems with the connection apart from the odd disruption and frequently have 2 computers browsing at the same time. We are not big on downloads and never go near the 3Gb limit.

    About 1~2 week ago (when the Blaster worm became a problem) I started having intermitent speed problems, especially in the mornings. I could usually connect ok, but browsing speed was very slow. This would go on for several hours. By the afternoon and evening the connection was back to normal. It would occasionally slow down but was generally normal. (as I said not big on dowloads so not sure of the speed) During this time I could play games and run Team Speak normally, including the times browsing was slow.

    After a week of poor connection in the morning I rang tech support. They couldn't help with the router (knew that) so I connected direct to the modem as a single computer. The tech guy got me to do a download which ran at 50kb/sec and said this was in the acceptable range. I re connected my router and tried the same download. However the download was very slow (0.5kb/s) Re tried the direct connection and download was back to normal.

    This made me think the router was faulty. I reset it to default setting and re configured. Again, when connected through the router downloads and browsing were very slow.

    That was this morning, this afternoon I tried the same thing again. I am now connected through the router and the connection appears to be operating normally. I tried the same download the tech guy gave me and through the router it was downloading at 48kb/s (within the acceptable range given by the Telstra tech)

    So it appears I frequently (usually in the morning) have a poor connection through my router, but at all times have a good connection when connected direct to the modem.

    Is there any reason my router would prevent a fast connection at different times of the day? Can Telstra block or slow a connection through a router? -The tech implied this was the case and even suggested the test download site was blocked unless you connected directly. Playing games and using Team Speak has never been a problem. It seems like the ports for browsing are being affected somewhere. The router blocks all incoming ftp and http requests but should allow normal browsing.

    I can't find a fault in the router setting. If the router is faulty why does it operate normally sometimes?

    I have read the post on changing ISP and was thinking that might be the answer, but want to be sure it is not my router before blaming Telstra.
     
  2. Derelict

    Derelict Retired Administrator

    Joined:
    Nov 4, 2002
    Messages:
    7,815
    Likes Received:
    167
    Location:
    Brisbane, Australia
    Doesn't sound like it's Telstra, nor does it sound like it's the router either.

    My first thought for diagnosing the problem is that when you're experiencing slow downloads, disconnect all the machines except the one you're using and see if the speed picks up.

    To Telstra, it sees nothing of the fact that you have a router sittiing on the connection, all it sees you as is an IP address and one of 65314 or so ports. This is basically the same thing anyway if you're browsing and using the net normally. The router simply uses different ports from "regular" ports.

    So my first thought is you test the speed with the router connection to a single connection.... then that will at least narrow down the problem. Perhaps doing a virus scan might prove useful as well. Though I doubt you would have had a blaster worm infection because your router should have prevented it.
     
  3. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    Thanks Derelict,

    I don't know what to make of it. In the morning I am the only machine running so it can't be the other machines using the bandwidth.

    Your suggestion that a router uses different ports than a standard connection may have merit. Do you know that for sure and can you adjust them? Given the problem only seems to be in the morning I was wondering if this is a peak load as industry is starting up and affecting the connection somehow.

    The router instruction say that it is set to decline ftp and http inputs. I see this as one of the advantages of a router, but maybe if the connection does not accept signals so slowing the connection? But I don't know why it would change in the afternoon.

    I am just clutching at straws here so any ideas are welcome.
     
  4. Major_Mess

    Major_Mess Retired Captain

    Joined:
    Apr 28, 2003
    Messages:
    762
    Likes Received:
    11
    Location:
    Oatley, Sydney
    The router still uses the same ports to connect to sevices. ie request from PC for web hits router on port 80, router then NATs IP address and sends request for web on port 80 using your external IP address.

    Gazz confirm if is it only Web that is slow?

    With a NAT some applications, games, files sharing apps, etc can have a problem because they do need to connect to your PC with a specific port. If you havent configured the router to map ports for incoming request to a specific machine on the private network it simply won't connect. So even if u turned of the blocking of incoming http and ftp and u had a web and ftp server on the internal network, incoming requests would still fail because the router simply doesn't know what to do with the requests.

    Suggestions:

    Have you checked for spyware? Some time it tries to talk on funny ports and sits there waiting for a reply which will never reach your machine. Which means your web might stall waiting for the spyware app to timeout before then giving control back to the web browser. If you have a DMZ(sends all requests to an internal IP address) setting in your router you could point that to your PC amd see what happens.

    Telstra can't block connections through a router only.

    With the slowness in the mornings, maybe there are some big bandwidth users on your shared pipe who kick in in the mornings.

    Highly likely this is a Telstra fault. The tech people you talk to are nobs and generally don't have a clue.

    Try connecting to telstra sites when u have the slow problem and see if they are quicker.

    Small chance your router is faulty and it's just coincidence that you have noticed it happening in the morning.

    Have u tried it from the other PC's on your network? I guess you would have.
     
  5. Father

    Father The Boss Staff Member Administrator Moderator

    Joined:
    Sep 1, 2002
    Messages:
    9,748
    Likes Received:
    426
    Lol @ they can check that you have a router, that is a lot of bullshit, there is no way that Tel$tra can check you are using a router to connect or going directly.

    I used to be on bigswamp originally when dsl became first availble, it uses the PPPOE protocol as most of them do. Nothing whatsoever in an IP packet will indicate what physical device it originates from router or a PC. (You can argue about vendor ID's in MAC addresses but even then)
    Obviously a typical taxi driver became IT technician you got there. ( no offense meant)

    When you did those DL's were they from the Telstra FTP each time?
    Traceroutes are always a good tool as they can show delays and packet loss.
    Malfunctioning router? Possible that the ethernet port is starting to create jabber occassionally which would explain intermitted problems a traffic analyzer like ethereal which is free can tell you a LOT but requires some skill to use.

    Tricky one, it's gonna take some trial and error to find this one. Tech support will conveniently wash their hands from it unless you connect directly.
    Best advice is to try and find a set pattern to make sure that the router would be the culprit.
    Might even be your network card in your PC, if it ALWAYS works when connected directly we can work from there.
     
  6. Father

    Father The Boss Staff Member Administrator Moderator

    Joined:
    Sep 1, 2002
    Messages:
    9,748
    Likes Received:
    426
    Incoming requests do not need to mapped with NAT if they are part of an outgoing stream though, if the ACK bit is turned on in the returning packet it will be passed on as NAT can map it to the internal PC without problems.
    The NAT you use will be PAT anyway which used the TCP/UDP port numbes as part of the mapping so you can have multiple machines going out with the same external source address but will be recogised by layer 4 port numbers upon return.
    Only if you run any serves of any sort internally would you need a static mapping for INIT ingress traffic.
    I use a cisco 2514 to connect I dont have to map any ports whatsoever as I dont run any more servers anyway.
    The mappings are still there but the servers aren't :)
     
  7. Derelict

    Derelict Retired Administrator

    Joined:
    Nov 4, 2002
    Messages:
    7,815
    Likes Received:
    167
    Location:
    Brisbane, Australia
    Yeah, once it runs slowly, what you should do is:

    Disconnect your ethernet from your computer to the switch and connect it straight to the router's ethernet port. Then:
    Start>Run>Cmd
    Then:

    tracert bigpond.com

    Copy and paste this file with an associated date and timestamp into a word or text file. Next thing you should do is to:

    ping bigpond.com

    And copy this into the file too. Do this for 3 or 4 consecutive days and you'll have proof whether or not you have slow access.

    Essentially what you're looking for and what you will be explaining to the Bigpond IT helpdesk person on the other end is this:

    Local LAN connections should have ping times of <1ms. (milisecond)
    National WAN connections (router to router) should be below the 100ms mark (average should be the 20-50ms). Therefore all hops on your tracert test should be below the 100ms mark. If there are hops that are in the Bigpond network slowing down in significant ways, then they are the ones to blame and then you've got irrefutable proof to have your question escalated to their Telstra Network Boys.

    However, in saying all that, the spyware issue is also something that should be checked on. Download Adaware. It's freeware and when given the newest definitions it should remove almost all traces of spyware in your registry and in your cookies areas.

    The other thing I'd try would be Kerio Personal Firewall. This neat little program has an administration and analysis tool that shows you exactly which program or service is connecting or listening in on which particular port.

    And finally do a full system virus scan if I didn't mention it earlier.
     
  8. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    Thanks for the help, appreciated.

    The tech talk is starting to get ahead of me so I will tell you what I have done and maybe we can go from there.

    The file I have been using to test speeds is located here;
    ftp://update-server.qld.bigpond.net.au/dist/netscape
    This was the file the Telstra guy asked me to download. I haven't done a trace but will look at doing that if/when the problem re occurs.

    I have installed the latest firmware for the router. I removed all port forwarding so is in default settings.

    I will run a spyware and anti virus program as suggested.

    Father said "ethernet port is starting to create jabber" Which port? Do you mean ethernet card (NIC). The NIC is built into the motherboard. I use the same NIC to connect to the router or to the modem. I also use the same cables for both connection methods.

    thanks again.
     
  9. SnakeTails

    SnakeTails Well-Known Member

    Joined:
    Feb 12, 2003
    Messages:
    1,957
    Likes Received:
    49
    Location:
    Boronia
    Didn't the Blaster worm attack the Microsofy IIS systems? as an attempt od DoS attack, thus slowing down your net connection, or DoS attack proxy servers? if so, you connection could be comprimised from this action

    Question, are the net speeds between your computers any slower when the problem occurs?

    It may not be a problem of the timing of the Blaster worm, may be just coincidence that its happened at the same time..

    May be a dry join on the internal PCB, this is a possible cause of a problem, and be intermittant, and they are not always picked up in manufacturer (as I sit here and wait for someone to try and debunk me on this....)
     
  10. Father

    Father The Boss Staff Member Administrator Moderator

    Joined:
    Sep 1, 2002
    Messages:
    9,748
    Likes Received:
    426
    A dying ethernet interface creates jabber you will have an interface on both your router and your PC so it can be either one.

    Although the symptoms point in this direction I would honestly not expect this to be a problem. If you have more indications that this might be the case an analyzer will be the only solution to finding as it will show lots of bad frames either above or below the min/max packet size.

    EZ to see in an analyzer but I seriously doubt this to be the problem.
     
  11. SnakeTails

    SnakeTails Well-Known Member

    Joined:
    Feb 12, 2003
    Messages:
    1,957
    Likes Received:
    49
    Location:
    Boronia
    And I bet Father has a spare 2 or 3 of them laying around ;o)
     
  12. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    The virus check and Adaware have both been run. No virus and Adaware removed several cookies and registery entries.

    Here are some traces I did. I am inexperienced so would value an analysis.

    These tests were done within a few minutes of each other. With the router connected the connection was slow (downloads and browsing were slow). With the router by-passed the connection appeared normal.

    While I am not sure a lot can be made from one test, it appears that these are very similar. Given the vast difference in ability to download a file the problem appears to be in the routers ability to process while under load. The file could DL at 50kb/s without the router and was less than 5kb/s with the router.


    This one is from my machine with the router connected.
    C:\Documents and Settings\Gazz>tracert bigpond.com
    Tracing route to bigpond.com [144.135.18.32]over a maximum of 30 hops:

    1 1 ms 1 ms 1 ms 192.168.0.1
    2 40 ms 39 ms 38 ms 172.31.16.24
    3 41 ms 43 ms 40 ms 172.31.56.24
    4 * 38 ms 39 ms qld2-atm.qld.bigpond.net.au [61.9.208.221]
    5 41 ms 38 ms 41 ms 61.9.209.8
    6 39 ms 42 ms 39 ms GigabitEthernet4-1.cha23.telstra.net [139.130.193.113]
    7 40 ms 40 ms 38 ms GigabitEthernet5-0.cha-core4.Brisbane.telstra.net [203.50.44.9]
    8 38 ms 41 ms 41 ms GigabitEthernet2-1.woo-core1.Brisbane.telstra.net [203.50.6.218]
    9 51 ms 80 ms 57 ms Pos5-0.ken-core4.Sydney.telstra.net [203.50.6.221]
    10 54 ms 51 ms 54 ms GigabitEthernet1-1.pit1.Sydney.telstra.net [203.50.13.2]
    11 51 ms 52 ms 52 ms pitt-tcom-r01 [139.130.185.254]
    12 54 ms 56 ms 56 ms 144.135.19.84
    13 53 ms 51 ms 55 ms 144.135.18.32
    Trace complete.

    This one is from my machine with the router bypassed.
    C:\Documents and Settings\Gazz>tracert bigpond.com

    Tracing route to bigpond.com[144.135.18.32] over a maximum of 30 hops:

    1 48 ms 39 ms 39 ms 172.31.16.24
    2 39 ms 39 ms 39 ms 172.31.56.24
    3 39 ms 39 ms 39 ms qld1-atm.qld.bigpond.net.au [61.9.208.217]
    4 39 ms 39 ms 39 ms 61.9.209.8
    5 39 ms 39 ms 39 ms GigabitEthernet4-1.cha23.telstra.net [139.130.193.113]
    6 39 ms 39 ms 39 ms GigabitEthernet5-0.cha-core4.Brisbane.telstra.net [203.50.44.9]
    7 39 ms 39 ms 39 ms GigabitEthernet2-1.woo-core1.Brisbane.telstra.net [203.50.6.218]
    8 49 ms 59 ms 49 ms Pos5-0.ken-core4.Sydney.telstra.net [203.50.6.221]
    9 49 ms 59 ms 49 ms GigabitEthernet1-1.pit1.Sydney.telstra.net [203.50.13.2]
    10 59 ms 49 ms 59 ms pitt-tcom-r01 [139.130.185.254]
    11 59 ms 59 ms 49 ms 144.135.19.84
    12 59 ms 59 ms 59 ms 144.135.18.32

    Trace complete.
     
  13. Father

    Father The Boss Staff Member Administrator Moderator

    Joined:
    Sep 1, 2002
    Messages:
    9,748
    Likes Received:
    426
    Nothing abnormal in there, an extra ms via the router which is OK.
    Although u r getting slightly higher numbers at certain points I wouldn't see it as indication of problems.

    The delays on the rest of the internet is regretfully not a constant.

    U still experiencing slowdowns?
     
  14. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    Yes I still have intermitent problems.

    Given that I still get severe slow downs, and these only occur when I have the router connected I will presume the router is causing the problem. Because it is intermittent I would guess it will be difficult to track down. The router is 2 years old... but has a 5 year warranty, so I should have plenty of time to get it sorted. I have spoken to Negear and am emailing their tech support so will see how it goes.

    In any case, thanks for your help. I'll let you know the result.
     
  15. SnakeTails

    SnakeTails Well-Known Member

    Joined:
    Feb 12, 2003
    Messages:
    1,957
    Likes Received:
    49
    Location:
    Boronia
    Does Winslut have the "port" option for tracerouting?

    Say traceroute to a specific port on a distination computer like www port-80?

    eg. (Linux) traceroute -p 80 www.duckpuddle.com 2048

    traceroute -p <port> <ip-addy> <packet length>
     
  16. Gazz

    Gazz Active Member

    Joined:
    Apr 19, 2003
    Messages:
    509
    Likes Received:
    4
    Location:
    Townsville, Queensland, Australia
    Just letting those that helped know the outcome of my problem.

    The problem persisted and in fact it became worse. I contacted Netgear Tech Support who eventually had me return the router to them. (It was still under warranty) After testing the router was replaced.

    Thanks again.
     
  17. Derelict

    Derelict Retired Administrator

    Joined:
    Nov 4, 2002
    Messages:
    7,815
    Likes Received:
    167
    Location:
    Brisbane, Australia
    LOL

    So it was dodgy Netgear hardware?

    Jeesh. Can't a company as large as Netgear build components that aren't dodgy? :roll:
     

Share This Page