About flatlander3

Some apps will count as internet data.   Here's the list from Xfinity: https://www.xfinity.com/support/articles/x1-internet-data-usage-details   I might also add that if you look at the manuals for some of the approved gateways, they have frightening default settings.  I have little confidence in the security of anything I can't see or control directly.   ... View more

It would not surprise me at all if an X1 box could pull streams and blow your data cap.  Others have reported high usage watching the peacock network for example.   Most, but not all apps on other devices like RoKu or Amazon allow you to set a 'soft' bandwidth limit, but commercials tend to ignore the control.  Major updates will reset your bandwidth settings though.  With a pfSense firewall, you can also throttle traffic to a max throughput on devices as a group, or individual devices.   Added benefit?  The stream doesn't buffer as much trying to test delivering content at the next higher bandwidth so overall playback is smoother. ... View more

I'm not using Xfinity gear, well...for a lot of reasons.  If you are, you are spending $14/month or $168/year.  In 5 years you will have spent $840.  You'll spend $30/month or $360 just the first year on unlimited.  What's an overage cost?  Maybe $200 max out of pocket cap?   You have budget to work with.   Buy a compatable gateway, run pfSense or opnSence (free) for a firewall on a dedicated x64 box or even an old laptop.  You can also buy a firewall appliance for less than $200 that will work fine.  Then buy a decent WiFi router and run all of your devices through the firewall.  Then you'll see everything.  The firewall is BSD based, so write any scipt you wish or use bsd tools like vnstat systat, even ifconfig  and toss it on a cron job if you want something else.  There are also addon graphing packages like ntopng and bandwidthd (free).   <- xfinity gateway ->< -firewall -><- internal wifi router -><- All Clients    I also split the internal network too, for things I don't trust all that much, that don't have to talk to anything else like streaming devices/smart TV's. ... View more

Welp.  That's roughly 29 Mbps if you pulled 300G in 6 hours.  Pretty much do able with 100Mbps service.  You can do it faster with better service.   I had an iPhone go insane while trying to download an update that failed from IOS 14.2 to 14.3.  That burned 90G speaking gibberish to Apple before I caught it, but my firewall emails me when excessive load is going on, and also daily status.  Software you install also likes to "phone home for updates", and that can hang too.    Been there, done that with centrylink.  Wasn't a big fan of DSL speeds.  StarLink is $499 up front for hardware and $100/month.  Maybe that will come down at some point.  ... View more

It really wouldn't surprise me if watching Xfinity cable on an xFi box uses more data than watching content on a 'smart tv' app over a wifi connection.  Just being hardwired in general on a 'smart tv' allows for a faster stream than with wifi, and since they are serving the content, there are very likely less "hops" between you and the streaming server location -- so more data can be shoved down the pipe faster than fishing it off a cloud server somewhere.   I don't use their cable lineup, so I have nothing to test with, and don't know if there is a setting to allow you to limit bandwidth used, or if it's just a full speed "pull what it can" device.  Perhaps there is a data rate limit setting on it you can try.  If there isn't, there was a beta app for RoKu, and perhaps others you could try on a smart TV and see if that was the issue.   Another problem could be if these xFi boxes have the same insecure horrid default settings as some of the gateways out there and they get hammered with sync-ack attacks and probes looking for a way to tip themover.  ... View more

@cfa2  Suggestion?  Sure.  Did this for a friend who had to find a hijacked device problem in his house.  Yeah.  A camera.  Firmware exploit:   Assuming you configured your gateway correctly and aren't using the horrid default settings causing the problem, (Firewall -- highest level, portscan block enabled, disable ICMP, disable UPnP, disable any kind of remote access,  disable any kind of file sharing like netgear readyshare, no port forwards, changed the admin password.....etc)   Advice is cheap.  Engineering time isn't. Here's a $0 data logger solution to help track the problem with stuff you already likely have:  Spare laptop x64, or one you aren't currently using.  8G USB stick minimum -- larger is better.  Ethernet cable. (i386 laptop solution is different) We don't care if the hard drive works, in fact, we won't be using it.  When you remove the USB stick we create, it's back to normal. We just want the CPU, WiFi and RAM on the laptop. Down and dirty.  Stock Linux.  Couple of packages.  Edit one text config file.  That's it. Hardware Setup:  Xfinity-Gateway ethernet port <-ethernet cable-> Laptop Theory:  We turn the laptop into a WiFi access point.  You connect groups of devices to it.  Phones/tablets first. See if they are the data pigs.  Then add stupid stuff like "alexa" and "smart devices..plugs/outlets/thermostats.." See if they are the problem.  Then remove those, and add a laptop at a time.  This has limitations.  About 9-12Mbps throughput max through the access point.  Enough to blow your 1.2T cap though in a month running 24/7. Also, lots of devices connected at the same time are hard on this setup on a USB stick.  If you actually install on a hard drive, it would work better, but you don't have to.  Just boot from the USB stick.  It also has limited physical range. This is not a whole house solution. You are going to make a bootable USB drive with a free utility called unetbootin.  Find it on github (search) or here is their website: https://unetbootin.github.io/  (windows/mac/linux).  From the top dropdown window, select Ubuntu for a distribution.  Select 18.04_Live_x64 for a version -- yes, use that one.  You want to  add a "Persistance" file so your install can remember your configuration between boots.  Type 3000 in the box  for 8G USB.  Type 4000 or more for larger USB sticks. (ubuntu itself will use 4+GB on the stick). It downloads and makes the bootable USB drive with one click.  This Erases the USB Stick! Now boot the USB stick.  F12 or F8 on power up to get a boot menu.  Sometimes F2 or Alt-[some key].   Depends on BIOS.  You may have to look it up for your laptop.  On the blue unetbootin menu that comes up, use default, or Try Ubuntu. NOT INSTALL!! When Ubuntu starts, the button in the lower left on the screen is where your programs are. show applications --> software & Updates Check the box that says "community-maintained free and open source software(universe)" -- you need stuff. Hit close, and then hit the button that says "Reload" to update the package cache. show applications --> terminal   Type this at the ubuntu@ubuntu:~$ prompt: sudo apt-get update sudo apt-get install net-tools sockstat darkstat vnstat tcpdump   (y=yes to install) Ubuntu can be an access point.  In the upper right corner, hit the down arrow symbol. Select the tool symbol  wrench/sdriver.  Now look at the top of that window. There are 3 horizontal lines between the switch off symbol and the window buttons (min, max close) on the top of the page.  It's a menu. Click it and Select turn access point/hotspot on.  The SSID=ubuntu.  The wifi-password is shown and is auto-generated. We're going to setup darkstat to listen to the ethernet interface.  In terminal type: ifconfig The ethernet interface is enp3s0 on this box -- you will be different. enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 192.168.10.48  netmask 255.255.255.0  broadcast 192.168.10.255 The wireless interface running the hotspot is here -- you will be different too. wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 10.42.0.1  netmask 255.255.255.0  broadcast 10.42.0.255 You need the device name for ethernet (enp3s0) on this laptop, and it's IP address 192.168.10.48. In terminal, edit darkstat's configuration file: sudo nano /etc/darkstat/init.cfg Remove the #'s to uncomment lines to make them work.  # is a comment and ignored.  Since my ethernet port address is 192.168.10.48 and the device is enp3s0, I change the INTERFACE, LOCAL and BINDIP lines to say   INTERFACE="-i enp3s0" LOCAL="l 192.168.10.0/255.255.255.0" BINDIP="-b 192.168.10.48" You change the last octet of the ethernet ip address on the LOCAL line to zero (192.168.10.48 to 192.168.10.0).  Your network topology may be different. Here is the complete configuration file -- match your network and devices, don't just copy and paste: # Turn this to yes when you have configured the options below. START_DARKSTAT=yes # Don't forget to read the man page. # You must set this option, else darkstat may not listen to # the interface you want INTERFACE="-i enp3s0" DIR="/var/lib/darkstat" PORT="-p 666" BINDIP="-b 192.168.10.48" LOCAL="-l 192.168.10.0/255.255.255.0" # File will be relative to $DIR: DAYLOG="--daylog darkstat.log" # Don't reverse resolve IPs to host names DNS="--no-dns" #FILTER="not (src net 192.168.0 and dst net 192.168.0)" # Additional command line Arguments: # OPTIONS="--syslog --no-macs" (CTRL-X to save) Will the enp3s0 ip address change?  Maybe when you lose power or reboot your gateway, but probably not often. You can make a dhcp reservation for the laptop from your gateway for it and it won't. Now in terminal, restart darkstat: sudo /etc/init.d/darkstat restart If everything went OK, you can open a web browser on your network to your ethernet ip address:port 666: http://192.168.10.48:666  If you get nothing, your config file isn't right, or you typed in the wrong IP:port.  Take another look at the config file, fix it, then restart darkstat. Quotes/syntax is important.   You get historical total graphs, and data tables that show you what is currently talking.  Also, every location talking to your laptop IP out there in the weberverse. It could be an evil connection from outside your network messing with you, or devices connected to the WiFi access point.  Look for it. OK great.  Now whatever connects to the access point is data logged, so lets start by connecting groups of things.  Make sure "AutoJoin" is off on your devices, or 'forget' your gateway wifi password so they don't switch to the regular wifi. Find your data pig. If it's in the group of devices currently connected to your access point, the data counter will go insane.  It's one of those.  You can also change the config file to just lisen to the wireless wlp2s0 interface (on my laptop) and 10.42.0.0 network, ip address 10.42.0.1 too (INTERFACE,LOCAL,BINDIP lines).  That will show you the specific device on your access point spewing data. You will only be able to see darkstat from the laptop then -- http://10.42.0.1:666  but you can narrow down specific devices.  You also have a full linux, portable distribution on a USB stick for other tools like wireshark if you really want to get into data probing. (sudo apt-get install wireshark)   By the way, if you've done this, you are one step away from a real time adaptive firewall / data throttling solution that fixes this issue for good.....but that's another story...... HISTORY       darkstat  was written in 2001, largely as a result of a certain Australian cable Internet provider intro‐       ducing a 3GB monthly traffic limit. --enjoy ... View more

@BobJ802  "I went from averaging about 300 MG monthly to suddenly over 1.2 TB since September. How is this possible when none of our online activity has increased?"   Quite easily, for dozens of reasons.  Being home, or watching the same amount of streaming content, or 'your internet habits', can have absolutely nothing to do with your sudden data increase.  It could be as simple as you are using insecure gateway settings, or that your gateway has extremely poor default security settings.   I'd start there.  What kind of equipment? (exact model #)  Xfinity rented?   ... View more

@Kayvee  A decent firewall IS the solution, but you have to route all the traffic through it including the WiFi.  Buy a WiFi router, they're cheap.   PFSense / Opnsense are free.  They both work fine, but support for i386 has been dropped.  You'll need at least an old 64-bit laptop or an old spare desktop now.  Although they don't like it, a USB dongle for a 2nd network interface works fine if you disable TCP hardware and software offloading.  With a reasonable processor, USB-2.0 can push enough data handling/filtering packets so you won't notice, and can push way over 1.2T of data in a month.   Then you'll see everything on your network in real time with historical graphs.  Don't forget to lock down your gateway -- disable uPnP, ICMP, any remote desktop feature it has, all remote access, netgear ready share....etc.  If it's got a firewall on it, use it too -- set to highest level.  If it does not, and does not have a port scan block option, pitch it in the trash and buy one that does.   You can also traffic shape streaming devices and limit the bandwidth they use from the firewall, instead of from the device app settings.  Either that, or pay the $340 for  unlimited, but if you're blowing over the 1.2T cap, and don't know how you are doing it, you probably have other network issues and perhaps some really bad security issues  going on. ... View more