I see a LOT of Traffic upload/download

toomuchtraffictoomuchtraffic Member Posts: 3
First Comment
Hello,
I have activated my deep packet inspection to look at fingbox data. I was really surprised : (see picture embedded):
1. there is a A LOT OF TRAFFIC outbound, what kind of data are you pulling ?
2. unknown protocol sounds weird to me, any explanation ?
Thx, 


Tagged:

Answers

  • MarcMarc Moderator, Beta Tester Posts: 2,153
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    @toomuchtraffic, 165gb does sound excessive but wondering over what time period?  How long was it running?  I could run this against mine As a sanity check for you but would need to know what parameters you chose and what app your using. 
    Thats Daphnee, she's a good dog...
  • toomuchtraffictoomuchtraffic Member Posts: 3
    First Comment
    I am trying to find out what it and keep you posted (looks like it's been around a month since I enable Deep Packet Inspection counters), unfortunately I am not able to find out with my tool.
    Anyway, I am really puzzled by this two capture with this dailyview. 
    > 1G.B transmitted appears to be a lot ... as well with around 300MB received.
    On top I don't see what protocols are in used. Any clue ? 
  • MarcMarc Moderator, Beta Tester Posts: 2,153
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    Maybe throw on wireshark and see what’s traversing your network?
    Thats Daphnee, she's a good dog...
  • ProTecKProTecK Member Posts: 55
    10 Comments First Anniversary 5 Agrees First Answer
    ✭✭
    You should have led with what the photos you were attaching came from. I know it's the unifi controller, but lots of others wouldn't have. I'd suggest getting to know how the unifi controller works, really well, ASAP. And be prepared for what you know to change from one version to another, it's endless homework. Online tutorials are full of bad or outdated info so you gotta pick and choose what applys to what your using.

    That said, that looks like totally normal network traffic for a fingbox. Those numbers can dramatically change depending on how your fingbox is setup or how you use it. Little changes to fingbox settings can make huge differences in how much traffic it generates. That goes back to how fingbox works on the network. Running speed tests and Bandwidth Analysis is going to create traffic. If the fingbox is actively blocking anything that's going to create traffic. Device scans are going to create traffic. And fingbox sends all this info out so you can view it on your fing app or fing desktop.

    As far as the unknown protocol, that goes back to understand the unifi controller. There are tons of protocols that unifi just doesn't know, and probably never will. If and when they app proprietary protocols is based on demand, it requires something just short of an act of God for them to add a lesser used protocol. FYI when they say unknown protocol it could be a known "protocol" or service running on a port normally used for another type of traffic.

    A huge factor is how one controller version differs from the next. They upgrade the way it compiles that info all the time. I've watched the same device on a network, a device that basically does not ever change how much data it transfers over a given amount of time.  The stats in the unifi controller for that single device change everytime I upgrade the usg firmware or controller. And even for something like this device, that throttled data can take a huge jump if something was causing it to reconnect and pull a new IP over DHCP every time.

    If you really want to track it down, the recommendation to use Wireshark can do that for you. It will show you the traffic, but it's not always going to filter it as being one type or another. Wireshark is a beast, make sure you understand how that works before basing anything off of it.

    I guess if you have nothing better to do and are still dealing with a lockdown, it's a great time to learn.
    Good luck

    Marc
  • Lee_BoLee_Bo Member Posts: 273
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭✭
    Remember, Fingbox is monitoring ALL data traffic on your network.  For example, if you have 4 people in your household and all 4 have Facebook installed and are on Facebook all the time, the data results for Facebook are going to be astronomical.   I also haven't rebooted my Unifi security gateway in about 6 months to my data is in the PB range.  I also have 4 adults in the house, all with social media accounts, and all stayed glued to their devices.  :-)
  • RobinRobin Administrator, Fing Team Posts: 3,734
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    admin
    Hi @toomuchtraffic
    In addition to what other advice, For uploading of data, Automated Internet Speed tests are set as a default for all Fingbox users. This is the reason, Fingbox is able to send the Internet performance report every month. The scheduled test takes about 30 seconds. It figures out your internet speed by measuring how much data can move through your connection in that time, in download and in the upload. The test uses different amounts of data depending on how fast your connection is and where you do the test. For example, a typical test in the U.S. can use up to 20 MB- 20Gb of data. If you turn off the scheduled Internet performance, it will stop the traffic but you will not be able to obtain the Internet performance report every month. I hope it clarifies your doubt. 
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • toomuchtraffictoomuchtraffic Member Posts: 3
    First Comment
    Thanks guys ! I plan also to wireshark and break ssl to look into the protocol in use. I'll keep you posted soon.
Sign In or Register to comment.