Hughesnet Community

Data is leaving! Trying to catch culprit!

cancel
Showing results for 
Search instead for 
Did you mean: 
Lab-Lover
New Member

Data is leaving! Trying to catch culprit!

I got home last night from Miami. My husband and I went to bed at 11:15pm. (Together) we both woke up, and I turned on the computer at 730am. I document my data twice a day currently. So, when I went to bed at 11:15pm, the Anytime Data was 9.8GB, and Bonus Bytes 3.5GB. This morning the Anytime Data is 11.9 GB and the Bonus Bytes was 3.6 GB.
I realize that 1.2 GB in 2hours and 45 minutes is not a lot for some. (I also know the data monitor is limited in watching data) HOWEVER, in keeping track of my data for the last 6 weeks, my data loss for that time period has never been over 400MB! (And usually that is because my husband is up way later then me, or vice versa)
So? How do I catch the culprit? I know that I was given a long list of directions (I don't remember who?) right before I was hospitalized and my plan this morning (before this even happened) was to print that out and do the list of things!
Question: if I installed GLASSWIRE (which admittedly I have refused to do) would. Be able to see what was happening? I am prepared to install GLASSWIRE... Because this is maddening.
Everything.... I mean everything is turned off, or any downloads are done with my knowledge, etc (I have them set to go at certain times)
Of course.... It is SATURDAY!!!!!!!!!!!

Thanks guys!!!

Kim
31 REPLIES 31
Gwalk900
Honorary Alumnus

Hi Kim,

The topic where we left off can be found here:

https://community.myhughesnet.com/hughesnet/topics/i-have-a-few-requests-for-hughesnet


I'll repost my last reply for you:



Hi Kim,

I hope all is going well this morning ?

In your last post you posed several questions. Let me try to answer them:


" I already tried contacting HN the day it happened?"

You would have been asked to run a modem isolation test to determine if the Hughes modem was using data on its own.

That having been done along with Amanda's suggestion to post here in the Community suggests that Hughes has determined that the usage is by SOMETHING  on your network and for a multitude of reasons can not dig deeper into your "network".

The "normal" process at this point would be to alert you to get "professional services"

Hughes has done referrals HTS (Home Technical  Services), a third party paid service that for a fee or a annual subscription will remote into your system.  Personally, No Thanks

Second option ..... That place that shall remain unnamed but is known to employee Geeks. No No No Thanks.

Third option: Take everything in your network to a known well respected local computer shop. Always an option of course but those types of places also vary in their skill levels and have zero understanding of just how important every tiny setting is while running on a high latency data capped service.

That leaves a fourth option and that is working with those members of the Community.


"My immediate question is... When this huge data amount occurs again, what do I do?"

Hopefully when that occurs we will have things in place to answer: Who, What, When and Where .. and then take steps to control or eliminate the culprit(s) as the situation calls for.


" I need to troubleshoot what to do when it happens again"

We need to start off with some Divide & Conquer

We need to understand a couple of  changes in the landscape regarding operating systems

We need to understand some Network basics so as to reduce our "usage exposure"

We need to keep and open mind and consider all devices and all software as "guilty until proven innocent".


Questions:

Of the computer: What are the Operating Systems ?

Of the computer: What Anti-Virus programs do you have installed ?

Of the computer: What Anti-Malware software do you have installed ?

Of the computer: What browser do you normally use ?

Your Router: Can you post the Brand, Model and Version so that I may download the manual for it ?

Your Plan: Can you confirm that you have the 50/50 Ultra plan ?

Your usage consists of two parts, Download and Upload. Can you post a screenshot of your usage history so that I can compare ratios of upload to download ? (and yes, that is a loaded question.)

This is pointing the cart before the horse but at the center of every Network is .... a Router. There can't be a Network without one.

Are you able too, have you given any consideration too, buying a Router that will track usage by device ID ?


The laptop that you referred too, it that the HP PC you listed or is that in addition to that machine ?


Can you/have you installed Glasswire on all computers ?

Do you feel comfortable in setting and using GlassWire ? If not or if you need some tips see all of my responses to Yorkytown in this topic:

https://community.myhughesnet.com/hughesnet/topics/data-drain-cannot-find-the-cause


I mentioned at the beginning we need to institute Divide & Conquer and that means that at the start we need to remove your router from the equation for a short period of time.

I know that that is a painful disruption and it want you to understand why this is needed.

It won't last long but it is essential.

A router really complicates finding data leaks because it opens up soooo many potential connection avenues.

Lets look a block diagram of a router to help visualize these avenues:



The first area has to do with the "internals" of the Router itself:

Its firmware

Its "access" security settings

Its enabled "features"

The point is the Router itself can use data ... without you being aware.


The second area is related to the Routers wired LAN ports and multiplied by the number of wired devices connected.


The third area is the Routers wireless connection channels and settings.

In the whole, having a Router connected at the start really complicates things to no end.

Therefore it is essential that it be disconnected at the beginning of our troubleshooting. It will, be reintroduced soon and its functions re-enabled in stages as we go through each of its functional areas.

Our first step is to directly connect a single computer that has GlassWire installed and see what programs and processes are connecting and using data.



In response to your questions posed in this topic:


"So, when I went to bed at 11:15pm, the Anytime Data was 9.8GB, and Bonus Bytes 3.5GB"


"This morning the Anytime Data is 11.9 GB and the Bonus Bytes was 3.6 GB."


I'm confused:

  End: 11:15 PM: Anytime   9.8 GB: Bonus 3.5 GB

 Start:    this AM: Anytime 11.9 GB: Bonus 3.6 GB

                           --------------------      -------------------

                                   UP 2.1 GB          UP 0.1 GB


I fail to see an issue if you had MORE data in the morning at startup than when you shut down the previous night.

Also please post a screenshot of the "meter" that you are using as there are THREE USAGE METERS  and THREE HISTORY PAGES.  Each of them has differing "resolutions" and a history of course is just that, a history and is not intended nor can be a "real time" display.

Also you had reported some weather related connectivity issues. The modem is going to report to the Gateway its "usage", the Gateway will update the "meters" in this order:

1st: Dashboard meter: (the most accurate)



#2: That will in tern update the Modems SCC usage display (192.168.0.1)


#3: The Modem will then update the Download Status Meter display:









GabeU
Distinguished Professor IV

Are you sure that whatever devices are connected to the service aren't using the cloud?  I don't know what you have, but Apple devices are known connect to the iCloud service, sometimes using quite a bit of data.  And you don't have a satellite TV receiver connected to Hughesnet, right?   

And, although Glasswire will only measure the data on the computer it's installed on, it's sill helpful.  Are you averse to using Glasswire, and if so, why? 

Lab-Lover
New Member

First thing I checked... Believe me, I know what to check immediately. And honestly, iCloud back ups are not ever bigger then 400mb. They rarely get that high actually. But, yes, thank you for asking, I checked. 🙂
GabeU
Distinguished Professor IV

Well, as long as you have something to measure them, that's good.  I remember on another thread where someone's iCloud backups were chewing through a ton of data, and a lot more than 400MB. 

Lab-Lover
New Member

Give me a few to work on your post GWALK.. But, I did not communicate my data loss numbers clearly, I apologize. When I went to bed, my data for anytime was 9.8 used, when I woke up, 11.9 was used.. Same goes for the bonus bytes. I went to bed, 3.5 was used... When I woke up, 3.6 was used.. Does that make sense? I apologize for the way I worded it. I don't know if it is all the medications, but I feel like I am not explaining myself well to anyone.. Not just on here. So bare with me! I am going to tackle your post in about 30 mins or so, I need to wake up a little more.. Thank you very much for the responses. I do appreciate it very much. You guys have certainly rocked in my book the last month.
Lab-Lover
New Member

You know what? Disregard what I said... I am not sure where I got that number, I see it in my notes, but...? That is not a lot of data? That doesn't make sense... So, your original question, yes, all clouds are turned off on all devices! That much I know for sure!
GabeU
Distinguished Professor IV

Well, "a lot" is relative.  I don't have any Apple devices, nor any devices to speak of, save my computers.  I don't know what constitute a lot when it comes to cloud services, as I don't use them, so I don't know if 400MB is a lot or not, for that particular thing, that is.  2.1GB is certainly a lot. 

I hope that you are eventually able to use some type of software on every individual device you have.  It would be interesting to find out what's using it, and more importantly, why.  I guess the only thing that could easily narrow it down is one of those more expensive routers with the Merlin software, but that's spending a lot of money on something that really shouldn't be needed.   

Liz
Moderator
Moderator

Good morning Lab-Lover,

Welcome back, glad to see you're already working with our experts here in the community. In short, I would also suggest using GlassWire as that program will show you what is connecting to the internet, as well as provide historical data, whereas we cannot. 

Stick with the community and I'm sure the culprit(s) will be found.

Good luck!

-Liz
If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

Rich1
New Poster

I have been tracking my data usage with the handy hour to hour graph Gwalk pointed out on an earlier post.   One curious thing I have noticed from several days, although not consecutive days, is that between the hours of 4:00 am and 6:00 am PST, I show a large spike 219-417 MB.   I have my computer off and no Iphone/Ipad on.   In my prior work life, server maintenance was typically on Sundays between the hours of 2:00 am and 5:00 am.   I don't know where the gateway server for HN on the west cost is, if there is one, but is it possible a  maintenance window is involved?  I haven't tracked the data used during that timeframe to any of my devices.  Here is a snapshot of the 219.
Liz
Moderator
Moderator

Hi Rich,

Our maintenance windows are also generally early Sunday mornings, but that's just for billing. I'm currently unaware of any recent and major network changes.

-Liz
If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

Gwalk900
Honorary Alumnus

Hi Rich,


"I don't know where the gateway server for HN on the west cost is, if there is one,"

For Echostar17 there are about 17 Gateways in total plus 2 NOC's

For a greater understanding of beam/gateway architecture and finding the location of the one that handles your traffic see the beginning and very end of my topic here:

https://community.myhughesnet.com/hughesnet/topics/beams-gateways-and-loading-overloading


 "but is it possible a  maintenance window is involved?"

Its not impossible it is however unlikely.

Engineering will at times run some remote speed tests on a users system that has an elevated compliant. That will use some data  however they compensate the user by adding in Tokens.

The time frame you mentioned is also a favorite of many wireless devices (tablets, iphone, ipad ...). to awake from hibernation (as compared to a true "power off" state)  and check for updates and there has been some .. and will be more according to the latest US CERT.gov report:

https://www.us-cert.gov/ncas/bulletins/SB16-242


In fact there is even a Dlink 822 family firmware vulnerability listed that may lead to either "issues" or Dlink routers "calling home" and getting firmware updates:


The fact is, there is always a bunch of background process activity going on that many users simply are unaware of.

By the way, you can subscribe to the uscert.gov security bulletins.


Lab-Lover
New Member

Good Morning Liz,
I chatted directly with Glasswire and this is their response,

"GlassWire can currently only see data on the device it's installed on and GlassWire can only currently be installed on Windows PCs. Therefore if you install GlassWire on your Windows PCs you can see what data they are using in detail and see if they are the culprits. Then if you find your PCs aren't causing the problem you can narrow the major data usage down to your other devices."

While Glasswire can and probably will give me more information, it really will not tell me exactly what was happening unless the data being lost is being caused by my PC or my husband's laptop. I have 4 wire less devices connected to the internet, nothing else. (No TV, No Printer, No game systems (don't own), nothing else.) My 4 wireless devices have everything, locked down, nothing is updated, nothing communicates, etc. (Sad, because this is what we purchased these devices for) So-- yes, if I used Gwalks awesome, very explanatory, detailed diagrams using deduction and reasoning, I could "Maybe" get a good "guesstimate" of what is using the data. HOWEVER--- going to my original issue with hughesnet, back in July... the amts of data lost were so incredible, that wireless devices could not have downloaded that much, in that short of time.

I stand firmly behind my conviction, that we, (our household as a system) did not download that amount of data. Of course, I have no proof, sadly. the proof is somewhere.. and maybe Hughesnet will work on it. 

Either way, I am leaving HughesNet on the last day of my billing cycle which is the end of this week.

I have to say, THIS COMMUNITY has BEEN ABSOLUTELY INCREDIBLE, PATIENT, AND ever SO Knowledgeable!  I truly appreciate EVERYONE that I interacted with!!!

YOU ARE ALL AWESOME! I THANK YOU ALL FOR THE AMOUNT OF TIME AND HELP YOU GAVE ME!!!

Your dedication to a company that you do not work for, yet you have so much belief in, is extremely admirable. I hope every one of you has extreme success in your futures!   

THANKS AGAIN!!!

Kim
Liz
Moderator
Moderator

Good morning Kim,

You're correct, GlassWire can only account for the computer it's installed on. At the very least, you can rule out computers if you find insignificant usage there, before looking at the wireless devices.

Happy to see you've found help here in the community. This is why we are here. 🙂 Good luck with your future ISP.

Thanks,
Liz
If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

BirdDog
Assistant Professor

If I may, on my system if something was downloading at the speed I often get (20 Mbps) then it would take only about half an hour to download 5 GB. That's a lot in a short time.

Gwalk900
Honorary Alumnus

Kim,

In our original postings I would have posted this:


Divide and Conquer is the name of the game ... and it is essential.

A typical "home network" looks like this:


It is much too complicated to determine the "leak"

The Modem has access ... but we already performed an isolation test

The Router "guts" have access

Anything and everything with wireless range .. both authorize AND unauthorized devices COULD have access

Fi nally all wired computers have access.


During the troubleshooting phase the "network" MUST be reduced to the minimum number of variables.

It needs to have the router removed from the equation so as to look like this:

The number of variables has been brought down to a manageable level.

The main take-away of the above is to illustrate the absolute need to reduce the number of "data paths" to ONE.


I then go on to say:


"It now is time to download and install some software to track usage and identify what program and what process is or has been running and using data.

For this we need Glasswire:

https://www.glasswire.com/ help/

An important point here .....

GlassWire will only monitor the single computer upon which it is installed.

Later as the router is reintroduced, GlassWire will have to be installed on every Windows computer that is connected to the router"



Later on in that post I addressed the problems associated with wireless devices:


"Now comes the stickey part the re-introduction of the routers wireless function.

Its tough because I know of no software that will load on the variety of devices that CAN connect ... cell phone, tablet and so forth.

On laptop computers you can od course load GlassWire but that still leaves many potential avenues open.

The "Poor Mans" method requires great discipline. ALL devices other than a single one have to be and remain in a "hard off" state and that is not easy to do.

Run that single device over time and monitor usage carefully while still running Glasswire and the "difference" is ... the amount used by THAT device."



Honestly, the biggest problem faced is the reluctance of users to remove the router in the early phases of the investigation.

Not removing the router allows for a large number of "end around" connections that can use data.

The idea was to:

#1: Simplify the network by removing the router and connecting a single computer to the modem.

#2: Installing Glasswire on THAT computer to measure and record Who, What, When and Where data was being used on THAT machine .... and only THAT machine.

#3: When the first computer is "under control" we move on to the next computer repeating steps #1 & #2

#4: Finally when all wired computers are known to be running well ..... we need to make a guided assessment of your routers GUI settings BUT THE "RADIO" DISABLED.

Once the router main settings have been reviewed we can reconnect the router (sans "radio") and connect all the WIRED devices to the router and check operation of the network. It is important for a user to understand that there are portions of the router itself that connect to the Internet and can use data. This is in ADDITION to any connected devices.

I don't expect you to know this, I don't expect you to make those setting changes by yourself. That is why I asked you previously .... DO YOU KNOW HOW TO TAKE A SCREENSHOT AND POST IT HERE IN THE COMMUNITY ...

As I said: a LINIEAR, GUIDED effort to find the leak.

With 65,536 comm ports PER computer, PLUS router GUI settings PLUS innate router vulnerabilities PLUS wireless channel vulnerabilities PLUS wireless connected devices. both authorized and unauthorized. and their many varied apps and background processes it becomes Mission Impossible to find the cause with out breaking to network down to the simplest most common connection ... a single computer directly connected, monitored and proven "clean and fit for duty.

I never misled you on the function and scope of Glasswire and what and how it monitored.

It appears that you just didn't read what a wrote, chose to "pick % choose" what steps you wished to follow in spite of my having said it was a progressive linear designed to be sure of a solid foundation before proceeding to the next step .... or you simply didn't understand something .... at which point you should have stopped, posted the question or asked for clarification.

    





BirdDog
Assistant Professor

She is leaving HughesNet so all kind of moot now. Best wishes with new ISP.
Gwalk900
Honorary Alumnus

True, hopefully it will not have data limits.

It is said that fully 25-30% of all computers are infected with virus/malware/adware infections ... despite running an A/V program.

That's a high percentage.

We never did get an output of what Glasswire found running on the PC's let alone Router GUI settings/security or wireless settings/encryption.

As you say, moot point for Kim at this point but there are many others that will read this thread and wonder at the "failure".

The root cause of the failure in this case was a reluctance to follow the steps outlined.


Lab-Lover
New Member

Oh come on GWALK! I compliment you all over the place, up one side and down another for trying to help me and taking so much time with me and how I greatly appreciate it and you chastise me ? You chastise me and equate me to the same people who come to the community with one post, cuss out hughesnet and then leave, to never even try to listen? Seriously, am I just like them?

Once again, the post above this one is huge and overwhelming TO ME. It is full of a lot of information and words that are foreign to me. Please excuse me for not being on the same level of intellect, concerning computers and networks , as you are. I have tried, I have given up a lot of time, my hobbies, and many a family outing, to try and work on this. In all honesty, I said it before, and I will say it again, I truly think my "obsession" of trying to learn and solve this, literally made me sick. Perhaps you have not noticed, (and truly why would you need to notice) but I have greatly reduced my time on this community because it has become so stressful for me. I don't know how I can explain to you that what is easy for you and others, is NOT easy for me, and I suspect many others. Maybe HughesNet needs to give a proficiency test to see if we can "learn" how to use the system!? I know... I would not pass!

To ANY NEW MEMBER of this community, that may truly get this far in reading. this post...GWALK may appear rough around the edges and grumpy at times, but, he is truly a very knowledgable man who knows what he is talking about. He uses awesome graphics and diagrams to demonstrate his point. His advice is spot on... Unfortunately, due to my own limited knowledge on how computers work, I was not able to solve my issues. Good luck to you and I hope you fare better!

So once again, I will THANK YOU GWALK and I will THANK THIS COMMUNITY, and each member and each employee, FOR ALL OF THE HELP THEY HAVE GIVEN ME! I appreciate each and every one of you. I have learned a lot, never enough, but a lot about how data works, and how sneaky it can be. While this experience has been frustrating at times, it has been educational, and there is nothing wrong with knowledge. I wish all of you the best in your future endeavors. I am out.... Drops the mic...
Kim
Lab-Lover
New Member

This is interesting info! Can I ask what website?
Lab-Lover
New Member

And, BirdDog.. The offer still stands, I gave you my email and you can find me on Facebook, if you and or your wife want to fight rheumatoid arthritis together, with me, my door is open, always. Thanks again for all of your help. Kim Byrne