Topic: How to Determine Data being sent and recieved.

[janet]

pssl

Use command formatting syntax like shown here to generate reports from log files
http://wiki.contribs.org/Virus:Email_Attachment_Blocking#Checking_logs

Charlie already advised the logs do not contain data quantities, so I think you are searching for something that is not there

Install wondershaper script (which works) or the rpm (not sure if that is fixed) to limit outgoing bandwidth & that may help for next time.
http://wiki.contribs.org/Wondershaper

[pssl]

Hi Mary.

I must have missed that note from Charlie...or I'm having senior's moment...my 61 year old brain ain't what it used to be.  I'll take a look at wondershaper to see if I can wrap my head around it.

Thanks Mary.

[piran]

That wondershaper thing isn't particularly easy...

With only two machines the situation ought just
to be eany meany myny mo... Be mindful of the
activity lights or noisier fans. When Immunet
kicks in here on our W8 box with its daily run the
fans start running slightly harder. It 'may' just be
easier to install a monitor on your boxes (are they
windows?) and keep an eye on things at source.

Alternative thoughts: WiFi. Could you be running
bandwidth out to your neighbour(s). An intermittent
drive-by (literally) stealing bandwidth from their car?
My mobile's data account can share too by its own
WiFi. When Microsoft get their corporate act together
here in the UK my intention is to get a Surface Pro
to use that otherwise unused tethering capability.
Could you be unexpectedly tethering your bandwidth?

I still think you should run up sme7admin and get some
graphs showing 'when' and 'by how much' the (mis)use.

[pssl]

Hi piran.

Thanks for the info on wondershaper.

I have seven machines on the net, 3 usually through Ethernet, the others almost always wifi.  I have a Macbook, an IPod, an android tablet an XP machine and 3 Windows 7 machines (2 laptops and 1 desktop).

My wifi is password protected with wpa2/AES and the distance between me and my neighbour is about 200 feet.  I do not detect any neighbourhood wifi signals and I doubt they can detect me.  It is 100 feet to road so drive-by may be possible if they have sensitive equipment.  It is a very quiet road so I would probably have noticed a car parked near my house.  They'd still have to get past the security. 

As for tethering, I'm not familiar with it.  I did a quick scan on the net and as I now understand it (connecting to the net via my cell phone), tethering isn't an issue since the issue is data flowing out through SME server with is connected to my ISP, not my cell provider.  Besides, I don't have a cell data plan; I don't connect to the net via my cell.

I'm going to install sme7admin and see what that gets me.

Thanks.
P

[piran]

I've never used or had MACs or iPods. My mobile uses
Windows Phone 7.5 and my ISP's data account allows
me to hook up other stuff to the internet via that phone's
account and connection. It's known as tethering. I've
only tested it with a Dell laptap of my neighbour when
he asked me to fix it (would not complete any boot).
It just WiFi's in to the phone, gets acknowledged etc
and then it's on the internet much the phone's own
browser. Mobile plan is Unlimited (monthly PAYG).

Sheer guess: WiFi probably. Possibly that Android
tablet or the XP box. Sheer guess YMMV.

sme7admin will give you the 'when' and 'how badly'
on the network use family of graphs. The ones further
down the page give internal and external networ loads.
You should be able to infer a lot of pointing information.

If it turns out to be a windows box then something
called Wireshark (open source) will allow you to squirrel
down through a complete morass of really technical stuff
on your network to give you a closer hunch of where to
search next. Wireshark is quite complex and not very
intuitive but it delivers, though it's up to you exactly
how you interprete what it delivers.
http://www.wireshark.org/

[pssl]

Thanks piran.

[janet]

piran

That wondershaper thing isn't particularly easy...

I disagree with that, but with a proviso.
At it's basic level there are usually only two settings to change, and two more to check.

You can do advanced customisation if you want (it's not strictly necessary), but that may take a bit of working out. There are other helpful sites with information & suggestions for advanced configuration, so initially just copy a suggested advanced configuration (only if you need it).

For the basics just test your Internet speed online and you have the answers you need

Follow the wiki to install the script & adjust the settings, it's easy to get it running in basic mode.

There is/was an rpm available, but there were reports of it not working correctly. At a quick look I cannot find it now.

Wondershaper does not solve pssl's problem, it just manages or controls the use of outgoing bandwidth, so may assist in sharing of the outgoing bandwidth so all devices get their "fair share", and limit or slow down whatever is gobbling up a few Gb every day (on the days in question).
 

[pssl]

I'm not seriously considering wondershaper because I don't want/need to manage the bandwidth via the server.  That'll have to be a mandraulic process.

[janet]

pssl

I'm not seriously considering wondershaper because I don't want/need to manage the bandwidth via the server

Actually all servers should really use some form of outgoing bandwidth shaping, so that heavy & sustained email loads, or large file uploads etc, do not hog all the bandwidth & disrupt web browsing or skype usage or other sorts of net access activity that people are doing etc etc etc. qmail is a big bandwidth hog, it will use it all if it can.

[johnp]

I agree with Mary. Coming from voice centric approach where priority needs to be maintained, the ability to set priority or reserve bandwidth is essential.

[pssl]

It seems like overkill for my situation.  It's just a home network with just my wife and I.  But if you think it's worth it maybe I'll take a closer look at it.

[piran]

I agree with Mary... however that doesn't alter the fact
that I found it difficult to impossible to implement that
wondershaping thing the last time I tried (a couple of
years back). That the OP should try and attempt to
get this going during a possible bandwidth abuse
period is unwise. Find the issue first, weigh up the
available resolutions, implement the fix. Then consider
that wondershaping thing when everything settles...

My router does some crude traffic shaping (Qos), 
it's sufficient for our server. May have another go
at wondershaper on a quiet day or week...

[johnp]

Agreed

[piran]

It seems like overkill for my situation.

Agreed. Our posts crossed.

[pssl]

I agree.  And my router has limited QoS as well.  However, once I upgrade my service and maybe start using it for more bandwidth intensive activities such as streaming movies and TV programs, then the issue of shaping may become more important.  In the meantime, the search for the cause of the data spikes goes on.  I checked the update logs on my XP machine I and noted that the spikes happened to coincide with updates.  But I've updated it a few times since and have not seen any spikes of similar magnitude.  Plus it is hard to imagine even Microsoft sending almost 4 gig of data to themselves 3 days in a row.

So far virus scans have found nothing.