tcp/udp sessions.

hi all.

we have quite a few systems/phones/gaming consoles connected to the router in our house, and it was being clogged a few minutes ago. we went into the router page, and saw that one IP address had '300' under "UDP Sessions".

we blocked that IP from accessing the internet via "MAC Filtering", and now everything is working fine. can you tell us what this actually means, because we'd like to be sure? thank you.

 

A session is a link between two points. For example, if I hit up Google, my browser instantiates a TCP session so I can communicate with Google. Sometimes a single site will open multiple sessions and programs that connect to the internet can open both TCP and UDP sessions simultaneously.

 

hi lithus, thanks for the reply. so "300" would mean that that ip was hogging it, right?

 

You should secure your wireless connection instead of just leaving it open. It's very easy to change a MAC address to get around MAC filters.

 

it's not open, we have it secured (TKIP/AES). it was a house-mate who downloads loads of stuff all the time. like 10 torrents at a time. we have a 100 mbps connection, so most of the time it's not a problem, but sometimes it's not, and kicking him off does the trick.

 

You might suggest to your roomie that he do something to limit the number of torrents connections he has going at any one time (don't know if that's possible with torrents, but there it is); otherwise your only solution will be, as you've been doing, to kick him off when the network gets slow.

You could also check your router's configuration page to see if you can set a customized QoS setting that would give lower priority to UDP traffic, at least from his computer, than to other traffic. That would have the effect of making the router the traffic cop and having it throttle his access rate down when things get too congested.

The basic reason he's become a bandwidth hog is that a lot of torrents clients now use the UDP transport protocol instead of the TCP transport protocol, and UDP - unlike TCP - does not have built-in congestion control. The effect of the congestion controls in TCP is to slow down transmission rates when the network gets too congested, resulting in too many lost/dropped packets; that way, a completed TCP transmission gets finished in a shorter period of time even though it's transmitting at a slower rate because fewer of the transmitted packets are getting lost/dropped.

UDP - largely because it is a one-way protocol rather than a two-way protocol (i.e., the target doesn't call you back and tell you it's received all your packets) - doesn't have that sort of congestion control built-in and it will merrily keep firing off packets as fast as it can, regardless of how many are getting lost/dropped.

Basically, UDP acts like the really oblivious driver on the highway who just bulls on ahead, flashing his lights, blowing his horn, and expecting everyone else to get out of his way, while TCP acts more like the driver who conscientously slows down to match her speed to the overall flow of traffic on the highway.

So, to cut off my meandering narrative before you get too sleepy, it is your roomie's torrents traffic that is monopolizing too much of the available bandwidth, and if your router won't let you set a low QoS priority setting for his UDP traffic, then kicking him off when the network gets too slow is probably the most effective solution.

 

Number of connections (hence the number of TCP & UDP sessions) can be limited in any torrent client so that's a solution no 1- as suggested by Shyster1.

It's also possible that the house-mate is not to blame at all. Some routers track lost sessions for far too long- another words when someone disconnects (which happens all the time with P2P) router remembers this connection and keeps it open for far too long. Linksys used to have this value set to 3600 seconds while it should be 20-30.seconds for P2P user.

Default D-Link software doesn't allow this value to be changed but DD-WRT does and DIR-615 is supported. Just an option- I understand you don't want to play with these settings as it's not your problem but your house-mate may be interested in a setup that allows you all to use internet comfortably.

 

If it's bittorrent, it could be DHT clogging up the connection table in your router. The longer the torrent client is open the more connections and bandwidth DHT will take up. You can simply ask them to restart their torrent client application every day at least.

As downloads said the timeout for connections on the router can often be way too long (up to 3 days as the default!).

More details here at the bottom: RTorrentUsingDHT ? The libTorrent and rTorrent Project

 

thanks guys.

a friend has installed 'dd-wrt' on our router and put keywords in there in 'access restrictions'.

only question is how to block torrents? does anyone know?

thank you.

 

Remember that when an application closes, the OS doesn't necessarily close out the tcp/udp connections right away. Nor will the router. Things persist for a while, sometimes quite a while.

And to complicate things even more, just because a socket is open DOES NOT mean that traffic is flowing nor it it an indication as to how much traffic might have been flowing in the past.

There is a lot more to analyzing network loads than just looking at open sockets.