coles1's profile

Frequent Visitor

 • 

12 Messages

Mon, Sep 30, 2019 11:00 AM

Unusually high data usage megathread

Jessie helpfully locked the thread pertaining to this for being "off topic" after merging all relevant threads into the irrelevant terabyte thread.

I thought we should still have a place to discuss this ongoing problem. I took 20 pages of documentation into a store today and was told all they could do was charge me 70 dollars to send out a tech. Out of desperation I conceded.

Any thoughts? Anyone had any resolution yet? Some folks on Twitter seem to have made slight headway and had their accounts credited but aren't sure how to help since they seem to think they just got lucky.

This conversation is no longer open for comments or replies and is no longer visible to community members.

Responses

Frequent Visitor

 • 

21 Messages

2 y ago

Well, the meter can't be "working as designed".   It's claiming I used 50GB for October so far.

 

Also,  that courtesy month that was re-funded to me... 

My account now says that I only have one courtesy month left again?

 

Looks like I'm back to calling costomer support again tomorrow.

flatlander3

Regular Contributor

 • 

176 Messages

2 y ago

That one's perfect! 

 

My concern is that perhaps there's traffic there and it's not just a metering problem.  Take a peek.

 

Every use Wireshark?  It's free.  Windows/Mac/Linux Captures packets.  Turn your wifi radio's off.  Connect to the Lan port on your router.  Disconnect anything else on the lan.  We want to cut down on the talking.

 

Look at your local IP address.  Get a "cmd" box in windows and type ipfconfig.  You want to look at the default gateway address, so if your default gateway is 192.168.0.1, start a packet capture with this filter in the top browser url looking line:

 

ip.addr == 192.168.0.1/32

 

Don't surf.  Don't do anything.  Just let the packet capture run.   Get a few thousand packets.  Save it.  Now turn the firewall off on your router temporarily and do it again.

 

Without knowing a whole lot about packet captures or TCP, you should be able to tell if your IP is getting bombed with a flood of inbound traffic.

Regular Visitor

 • 

6 Messages

2 y ago

I have been using Glasswire since the 30th of September. I'm an expert computer user and am conscious of what I download. I am the only computer user in this house and Glasswire reports that I've used 2.9GB from September 30 - October 2. I went to my account page and lo and behold October has 166GB data used up.

I have been a loyal comcast customer for over 10 years and not once have I ever hit the data cap since it started being enforced. Usually hit ~500-650GB per month. Suddenly in September I hit 1200GB and used up one of our courtesy months for the first time ever. I woke up on October 1st to see that overnight even with Glasswire running, Xfinity's website said I mysteriously used 76GB.

Scouring my connected devices page showed no foreign devices, however I changed the WiFi password just to be safe. Still spiking.

I called up and they said that's unusual and that they've been receiving a high volume of complaints regarding data spikes.

My case has been escalated twice and I'm waiting for a response back. This has nothing to do with actual traffic or background downloading that people aren't aware of. There are people on the subreddit even complaining that unplugging their modem still leads to crazy data usage even after waiting 24H.

This is a problem on Comcast's side -- one I hope they fix and compensate us for -- otherwise I may have to find alternatives. I cannot afford to pay data overages.

Mike6623

Contributor

 • 

30 Messages

2 y ago

Pk


@flatlander3 wrote:

Interesting. I also recently used Readyshare to connect a 8tb drive to my router. I thought about this and uplugged it so no traffic is going to it but I am not sure if it is "disabled" because even after unplugging it last night, I still consumed nearly 49gb by morning. 

While you're in there.  Make sure UPnP is disabled.  Devices shouldn't be allowed to create firewall rules/holes.   You want ICMP disabled too.  Make sure nobody can flood ping your IP from the outside.


Thanks. It is weird because I haven't changed my router settings in, forever! The only thing this reminds me of is when I was working and idle printers were consuming 100GB of data over night just sitting there. It ended up being an intel driver that was causing a packet floot. I would use wireshark but you need to know how to read that in order to understand it, and wireshark isn't user friendly in my opinion. Thanks, I will try the suggestion but with everyone having this same spike I would assume it is xfinity and I would also guess it is related to my constant internet drops. 

 

My call last night was also escalate and I am supposed to get a call back this evening. 

flatlander3

Regular Contributor

 • 

176 Messages

2 y ago


Interesting. I also recently used Readyshare to connect a 8tb drive to my router. I thought about this and uplugged it so no traffic is going to it but I am not sure if it is "disabled" because even after unplugging it last night, I still consumed nearly 49gb by morning. 

While you're in there.  Make sure UPnP is disabled.  Devices shouldn't be allowed to create firewall rules/holes.   You want ICMP disabled too.  Make sure nobody can flood ping your IP from the outside.

Mike6623

Contributor

 • 

30 Messages

2 y ago


@flatlander3 wrote:

@RSucher wrote:

Glasswire

76GB.

Still spiking.


Great Data points.  That's a lot of data.  That would be like pulling 7Mbps constantly for a day.  I'm not saying it's NOT an Xfinity issue.  After watching this like a hawk with both Cisco gear, then a pfSense firewall and tracking every packet -- dropped ones too, I've had both Short and OverCounts compared to what Xfinity "thinks" I'm using.  Everything goes throught my firewall, including wifi.

 

Still, I haven't ruled out botnets on the network completely.  I'm just trying to catch one in the act.  Maybe you can help.  Something to watch for to get setup for debugging. 

 

Check your gear, poke at your router settings, scan with nmap just to make sure -- newer routers can detect port scans, even with the -Pn option and give you false hope.  Scan ports individually from an external address -- ie #nmap -p 443 -Pn targetIP

 

Got a Netgear customer owned cable router?  So as it turns out, there's something called "ReadyShare" that's supposed to allow you to be able to stuff a USB stick in the router and share content -- Even over the internet.  It's on by default.  It's horrifying.  Yep, it's running ftp, 80-web internally, and 443 externally.  It will be intercepting traffic before you can even see it with Glasswire.  If anyone has it, turn off the built in media server, then go to advanced tab and "port forward" ports 80, 443, 21 to a bogus IP, or if you've got a decent firewall, direct them there to be blocked directly.  Redirect the "remote management" ports as long as you're in there, even if you have remote access disabled.  You don't want your router responding even if it's saying "closed".  All you should get is "filtered" with nmap.

 

Does an Xfinity Cable Modem have open internet ports or services?  Dunno.  You can reboot it from the web site, and I'm not sure what the mechanism is there.   SNMP?  IPMI?  Web?  Undocumented server??  An employee could help us out with that one.  Whatever it is, that is a backdoor service shouldn't exist.

 



Interesting. I also recently used Readyshare to connect a 8tb drive to my router. I thought about this and uplugged it so no traffic is going to it but I am not sure if it is "disabled" because even after unplugging it last night, I still consumed nearly 49gb by morning. 

Mike6623

Contributor

 • 

30 Messages

2 y ago

This is still happening to me, I do respond, create threads and call and call and call. NOTHING is ever done. What is the problem here? This has to be why my internet is dropping every 10 minutes. If am using 40gb of data in a matter of a few hours, I can see what that woudl happen, but again xfinty xfi stinks and doesn't show what devices are consuming what. And Xfininity never admits it is there issue. Please tell me what I need to do to correct this. This huge use of data is killing my ability to work 

 

Where is Xfinity at with a solution or at least an update to the customers who pay hand over fist for poor, over priced service, support and technical. No one at xfinity knows anything other than what is on their scripts. I am so mad!

flatlander3

Regular Contributor

 • 

176 Messages

2 y ago


@RSucher wrote:

Glasswire

76GB.

Still spiking.


Great Data points.  That's a lot of data.  That would be like pulling 7Mbps constantly for a day.  I'm not saying it's NOT an Xfinity issue.  After watching this like a hawk with both Cisco gear, then a pfSense firewall and tracking every packet -- dropped ones too, I've had both Short and OverCounts compared to what Xfinity "thinks" I'm using.  Everything goes throught my firewall, including wifi.

 

Still, I haven't ruled out botnets on the network completely.  I'm just trying to catch one in the act.  Maybe you can help.  Something to watch for to get setup for debugging. 

 

Check your gear, poke at your router settings, scan with nmap just to make sure -- newer routers can detect port scans, even with the -Pn option and give you false hope.  Scan ports individually from an external address -- ie #nmap -p 443 -Pn targetIP

 

Got a Netgear customer owned cable router?  So as it turns out, there's something called "ReadyShare" that's supposed to allow you to be able to stuff a USB stick in the router and share content -- Even over the internet.  It's on by default.  It's horrifying.  Yep, it's running ftp, 80-web internally, and 443 externally.  It will be intercepting traffic before you can even see it with Glasswire.  If anyone has it, turn off the built in media server, then go to advanced tab and "port forward" ports 80, 443, 21 to a bogus IP, or if you've got a decent firewall, direct them there to be blocked directly.  Redirect the "remote management" ports as long as you're in there, even if you have remote access disabled.  You don't want your router responding even if it's saying "closed".  All you should get is "filtered" with nmap.

 

Does an Xfinity Cable Modem have open internet ports or services?  Dunno.  You can reboot it from the web site, and I'm not sure what the mechanism is there.   SNMP?  IPMI?  Web?  Undocumented server??  An employee could help us out with that one.  Whatever it is, that is a backdoor service shouldn't exist.

 

Mike6623

Contributor

 • 

30 Messages

2 y ago


@coles1 wrote:

the problem isnt individual data usage, my dude, we've established that amply. the problem is comcast metering. i have twenty printed-off pages of posts from across the internet from dozens of people having the exact same problem in the exact same frame of time. this is not an individual data usage issue. this is a comcast issue. a couple of people have even gotten comcast to admit it! twitter has some interesting things.

 

stop merging relevant threads into irrelevant ones so that you can shut them down, thx


This is insane. Everyone is having the same exact issue starting at the same exact time and they just can't admit or try to give us a solution. I have never had such terrible service. I really dislike xfinity, their data limits and their inability to admit when something is wrong on their end. 

 

With that being said, again, Xfinity keeps telling me I should be able to view the amount of data EACH CONNECTED DEVICE is using. It does not, it shows an across the board total which doesn't help at all. I have never paid this much for internet and not have the ability to track usage per device, but I also have a data limit! I wish I had other options but I work from home and Xfinity doesn't care. They just have excuses and then when they fix it, they will act like nothing was ever wrong. 

darkangelic

Expert

 • 

2K Messages

2 y ago


@coles1 wrote:
Not everyone here has the technical expertise to do more than monitor their own devices for what those devices say are being used and some of them not even that. 

I, like the other forum Experts and Problem Solvers are very well of that,  having been involved with extensive troubleshooting of user issues for many years now, and with many of said users not being very well versed in  tech.  That's why there are security software suites available for people to use, including Comcast's own Xfinity xFi and xFi Advanced Security, and Symantec's Norton Security Online, which is free to Comcast users

 

I have very little technical expertise of how automobiles work under the hood as well, but that's why I take my car to a mechanic when it has issues.

 

Unfortunately nowadays people HAVE to learn how to manage their networks. With the advent of ever more sophistitcated current security threats like cryptomalware and targeted phishing, if you don't learn to cope with them, you will find yourself in the same situation as thousands who have lost large amounts of work, time and money, not to mention their very identities. 

 


@coles1 wrote:
 I've done everything that I know how to do and that was easy to Google and I'm pretty sure that like me other people posting here have spent hours on the phone with Comcast already doing their "troubleshooting" and are sick of it already when there's ample documentation that this is a metering issue on Comcast's side.

Is it? It's relatively easy to point the finger at Comcast but if that were true, why isn't this being relfected across the board? My data usage "spiked" in September as well - Comcast reported 659 GB (as opposed to my usual 400 GB ), even with a weekend away when I discovered my Netgear CM1150V modem crashed and my network was offline. 

 

Guess what though? My ASUS RT-AC88U's Traffic Analyzer reported 609 GB - a slight difference from Comcast, but nevertheless within expected results.  In fact, outside of this,  my reported Comcast usage has never differed from my Traffic Analyzer by more than 20 GB in any one month. 

Upon close examination, I found that my iMac ran nearly 200 GB worth of iTunes updates, mostly from movies I had downloaded and a bunch of new music.  My Home Security router got a lot of extra traffic as well, thanks to the neighboring house running repairs on their fence and thus spiking activity on my two 24/7 cameras. And there's the three XBox consoles that all ran game updates and downloads. 

 

In theory, I shouldn't be seeing any weird spikes in my network usage as I have everything locked down - I don't even have remote access enabled on both my router and my NAS and they don't advertise their presence on the internet - and sure enough, I've never seen any. 

 

Certainly the issues you're seeing may originate on the Comcast side, but without any substantive evidence to go on, there's not much we can do on this forum.  Comcast doesn't monitor your internal LAN for traffic and usage, and frankly, if they did, I wouldn't be a customer, as I wouldn't tolerate such intrusive practices. 

 

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!tick
Mike6623

Contributor

 • 

30 Messages

2 y ago


@lesmikesell wrote:

If you have xFi and an xfinity modem/router you should see devices here:

https://internet.xfinity.com/devices

Clicking on each should show recent usage, then click on the right arrow for a 30 day view.  Just a low/high graph, but better than nothing.


I hate to be rude but you sound EXACTLY like every single tech I wasted my time with. I tell them over and over, just like in this thread, that I am not using the modem as a router and they all told me, "as long as you use xfi, it will see how much data is being used and from which device. I was told this over and over and over and over. Then I post here, over and over about my router and get this response. To be then followed up with "oh, it won't work unless you use their modem". How many different things will I be told in a 24/hr period. I am just beyond ticked. And the fact that you cannot say c r a p on this forum is as stupid as the people who answer the phones at Xfinity support. 

 

They all said that they could see my modem had been restarting 20 times a day, but will not correlate the spike in data usage to the Internet drops. I bet 100000000% they are related. I never once had a drop, now when out of the blue I am using 60gb in 12 hours, my Internet drops every 10 minutes. But hey, it isn't Xfinity or the data usage spike...restart the modem. I am not mad at you, just at this whole situation. As I sit at work and check my data usage while no one is home it is still going up and up and up and up and xfinity will never admit anything. Watch

lesmikesell

Valued Contributor

 • 

527 Messages

2 y ago

If you have xFi and an xfinity modem/router you should see devices here:

https://internet.xfinity.com/devices

Clicking on each should show recent usage, then click on the right arrow for a 30 day view.  Just a low/high graph, but better than nothing.

lesmikesell

Valued Contributor

 • 

527 Messages

2 y ago

Answered in another thread, but if your router isn't xFi your aren't going get xFi features.  The router provides that functionality.

Mike6623

Contributor

 • 

30 Messages

2 y ago


@lesmikesell wrote:

Another thing to consider is that at the TCP/IP level, errors or drops are corrected by resending the whole packet.  So if some device on a bad wifi connection is doing an update it could result in much more data being sent than you'd expect because of the retries.    Still,  a TB is a lot of retries...


But there are clearly people on here that have diconnected everything, but the modem still on and are still getting huge data usage. With no pc, phone, or anything connected via wifi or ethernet.

flatlander3

Regular Contributor

 • 

176 Messages

2 y ago

Just to be clear, the potential bad cable I'm talking about is the coax between your cable modem, and the little box they stuck on your house.  Loose ends.  Frayed ends.  Something along those lines.  Perhaps corrosion.  Splitter in there with water leaking on it......something like that.  You want a clean run to your house from the street, and a clean run right to your cable modem -- well OK, maybe a wall jack connector.  Otherwise, no splitters.

 

 

New to the Community?

Start Here