About flatlander3

Saw that.  Bookmarked him.  Got his PGP key too.   Thanks!   After letting it slip on this form that I'm actually logging data with a firewall after noticing a 30% unaccounted for traffic increase, my bandwidth useage reduced immediately and it appears they were correcting for a week or so while on the "usuage" site.  Now, at the end of the month, we're pretty close on agreement of what I used in the month of Sept.   Going forward?  We'll see. ... View more

I don't know man, paying for bandwidth you're not using is silly, especially if it's an upstream issue.  For the folks that are having problems with increasing bandwidth when the modem is unplugged?  Yeah, well that's problematic -- and there's a lot of those on this form and others.  A Sync or Unicast ranging ought to be in bytes,  Not 100's of Gigs worth of traffic.    More people who are doing Internet Only, need to put in an actual firewall and we could probably crowd source the logs and packet captures live when these events happen.  At least we can figure out if it's really physical traffic from some DoS type attack, and you'll know for sure it's not your use or not -- assuming all of your devices including wifi are behind your firewall.   Do this: Internet <--> Cable modem <--> pfSense firewall <--> Internal pfSense Lan <--> rest of your stuff including wifi.  Don't use the wifi on the Cable modem.  Pass all traffic through your firewall.   The box running your firewall doesn't have to be anything special.  Now I'm just using a junk laptop with a USB 2.0 Nic for my internal Lan connections.  Ought to get you 130-150Mbs at least, which is plenty.  It's an old Pentium B960 CPU with 4G ram.  I'm using 12-14% of the memory, and <4% of the CPU usually.  I suspect you could do it on an old Netbook too.   Streaming 2Mbps 24/7 will rack up 986G worth of traffic in a month.  You are probably not doing that, but now you'll be able to see everything on your network and graph them all to find out.   You'll also have logs and totals from every source as well as combined total use.  Do a packet capture.  Look for weird data.   Now you have something to talk about with the security folks -- if they even care. ... View more

@grday2 wrote: Obviously, xfinity is watching this forum or otherwise they wouldn’t removed the postings-mine wasn’t the only one removed. The data error is obviously on their side. They just don’t want admit it. Unless they delete this, you can file a complaint with the franchise authority it is listed on your bill.   All, I was saying there are two many people having the same issue for it not to be an error. Xfinity owns the domain.  They delegate the FQDN.  They signed the SSL certificate.  It's hosted on Xfinity equipment.  They mod the board.  They remove the posts that get a bit too technically close to the problem, or suggest you route all of your traffic through an internal firewall for data usage comparison.   You will get a chatbot that says, your neighbor might be using your wifi, or are you using a backup service.  Other than that, you're on your own.  I'd suggest keeping your own traffic stats.    The funny part?  The "I'm <s>not</s> a comcast employee" part.  (wink) ... View more

@Markeydusod wrote: I, and apparently many customers have done everything you posted and still are experiencing an incremental rise in data usage in homes that have not altered or added devices to their data usage . You don't need to be a "Comcast expert" To see a clear pattern of abuse. You should be asking better questions, like... Does the Comcasts "always on" feature contribute in anyway. As a no kids, non gamer, no large download customer I say there's absolutely no way I use a terra byte of data monthly.      Well, they didn't like my previous post and removed it.  How about we try again?    Instead of trying to guess what is using data,  find out.  Turn the wifi off on your router if it's a wifi router.  Now install a free firewall like pfSense or Untangle on an spare desktop PC with two network ports in it.  It will install a dedicated OS that does the routing/firewall on your spare PC.  Connect your new firewall appliance to your cable modem, then connect a different wifi access point to the the 2nd port.   Now you can see every single packet you generate, and which device it came from.   All traffic gets logged.  You can even see source and destination.   The manuals are pretty good.   Make sure you block remote access on your router.  Block all ICMP ping traffic.  Drop the firewall on your cable router so all packets from the ouside get logged on your firewall, instead of being blocked where you can't record them.   Perhaps you'll find your internal network gremlin, or an external one you don't control.   ... View more

How is it possible with everything in your house off except for the router?   A botnet attack on the IP address of your router.  If you have the ability to ping your external ip address, or if there are any open ports on your router, there is an open attack vector.  Got a friend with a Linux box?  Have them portscan your IP with a tool like nmap.  Some sites run online nmap scanners too.  You can search for those, put in your IP address and try it yourself.  Launch it with a web page.   (Do Not Port Scan Someone Elses Gear without Permission....that's bad JuJu)   If it's an xfinity owned router, and you can reboot your router from the account management web page, you've got a security problem built right in!!  How neat!!   SYN flood attacks are common.  They are also easily throttled and should be on Xfinity's networks, but I suspect they are not.   A SYN flood is when remote machine establishes a TCP  connection to your security hole, it will reply, then the remote machine requests again.  With sufficient bandwidth on the remote machine, it can cause denial of service (DoS).   Xfinity is probably just adding to your bill as inbound data, and would account for you using up your data cap when nothing else could possibly be using data. ... View more

Autoplay vids?  Naaa, I'm not doing that sort of filtering or domain filtering/net nanny type of stuff so they'll blow right through to the natd client.  I'll leave silly net filtering to the corp guys.  I just run adblock and no-script on the clients.   This does seem to be a pretty widespread problem though with many people and inexplicable bandwidth usage issues.  Do you suppose SYN flood attacks or passive port scans from botnets count as traffic on your account?   Cable modem would block it (with firewall on).  My appliance wouldn't see it.    Is comcast recording that as inbound traffic and billing people overages for it?   ... View more

Erm.....   You're proposing I unplug the cable modem?  Sure.  Cutting off my internet access completely would solve the problem.  I'm not sure how that would work with youtube.  So would canceling Xfinity and getting a DSL line.    I can also do it with celluar I suppose, but generally, that's going to cost quite a bit and your data caps will be 4G or so running a hot spot.   No.  I have no X1 devices.  I don't have Xfinity TV or phone service.  I'm paying for Internet only.   As far as what I'm using for monitoring software and for anyone else looking to monitor the situation themselves  and you don't have access to commercial cisco/other firewall appliance gear, you can get pretty close with a FreeBSD box and a dual 1GB network card.    Install FreeBSD or OpenBSD on a spare PC.  Doesn't have to be anything special, although if you want to capture and log all network traffic, horsepower never hurts.  Doing that CPU intensive, not so much memory or disk intensive but 2+G's of memory helps.  Freebsd (dot) org.  There's plenty of documentation on how to do it.   There are dozens of network monitoring solutions you can install.  Simple:  vnstat, iftop, mrtg, darkstat, just look at the daily logs for usage......(lots more).  More horse power? Try ng_netflow.   Use OpenBSD's PF for the Natd (bridge between the internal and external network), firewall and traffic shaping.  You're going to have to read up on PF a bit if you want to do bandwidth throttling and other advanced uses, but you should be able to get a decent firewall and network setup properly with the documentation online.  Goes like this:   Internal network ----> FreeBSD box network port 2 --->  Freebsd box Network port 1 ---> Xfinity cable modem.    Put your wifi router on your internal network.  Yes, don't use the one on the cable router/modem.  Now you have two firewalls.  The cable box modem that will  probably be exploted by some zero day hack someday with firmware that is unmaintained, and an actual firewall you control the software for.   My original question was to try to figure out what a 1TB data cap actually was.  700GB of actual data because the line burns 30% in the background?  Less?   Fine.  I'd call that deceptive advertizing, and fraud if they're billing for overages, but whatever.  I can create adaptive traffic shaping rules that will throttle my internet connection based on previous use/current usage.   What should I be using for an actual target?   ... View more

I'm using an approved xfinity cable modem connected directly to a security appliance via cat6.   The rest of the internal network -- Wifi, Lan, DMZ connects to the security appliance.  There is no physical way a packet on the internal network can get to the internet, or be received without going through both the security appliance and the cable modem.   Both the cable modem and security appliance keep statistics.  The statics are rather detailed on the security appliance (port, protocol etc), but aggregate traffic counts agree with the traffic stats on the cable modem.   Only thing that's left is overhead from the connection itself. ... View more

I'm logging all data passing through my internal network to the router.  The router itself has it's own logging capability.   As of right now, I've used exactly 126.620GB of data.  My internal logging and my router are in agreement on that.   If I look at your data usage page, it claims I've used 180GB of data.  That's a 30% disagreement. I've been tracking this for 3 months, and find our "disagreement" can vary quite a bit, but you always seem to overshoot what I can possibly be sending or receiving.   Looking at the Bonded channels, I'm not seeing a lot of correctables on any given link, so rebroadcasting packets or a failing channel connection isn't the problem.   What's is the expected overhead on your channels, and does that count towards my data cap? ... View more