Jump to content
Light-O-Rama Forums

Dual Nic Tricks and CommListener


colonel

Recommended Posts

I don't know why anyone would do this but this might save you some time? If you put that second NIC in your computer and say have a 0.1 and a 1.1 network and you disable  the e1.31 NIC (because you haven't hooked anything up). CommListener will load your LAN with 0.5 Mbps of traffic continuous. Your router LAN and WAN lights will go nuts. Now this part I am unsure of and it may just be a coincidence but my ISP sent me an email saying I was generating a DoS attack on myself and flooding his tower. I ran several AV's and I may or may not have had a virus. I run Kaspersky Internet 2014. Anyway don't disable that NIC or don't hook it to your LAN. I have to access mine remotely during the show.

Link to comment
Share on other sites

I don't know why anyone would do this but this might save you some time? If you put that second NIC in your computer and say have a 0.1 and a 1.1 network and you disable  the e1.31 NIC (because you haven't hooked anything up). CommListener will load your LAN with 0.5 Mbps of traffic continuous. Your router LAN and WAN lights will go nuts. Now this part I am unsure of and it may just be a coincidence but my ISP sent me an email saying I was generating a DoS attack on myself and flooding his tower. I ran several AV's and I may or may not have had a virus. I run Kaspersky Internet 2014. Anyway don't disable that NIC or don't hook it to your LAN. I have to access mine remotely during the show.

 

Working with my ISP, I can confirm that CommListener will start a DoS attack condition under the above conditions.

Link to comment
Share on other sites

I see something similar, but I'm not using dual NIC's. I'm on a VLAN so my show computer and SanDevices are on private sub-network, but this still allows me internet access on my show computer.

When I start up my control panel the CommListener starts up and starts transmitting 33 packets/sec per universe.  I'm setup for 7 universes (on 4 E6804s) right now and my performance monitor shows 1Mbps continues traffic. 

 

What really gets me about all this traffic is that I don't even have show playing at this point!

This situation is all the time for me, my network switch is going crazy and my router log is full of DoS attacks coming from my show computer.

If I log into one of my SanDevices it shows about 100 packets/sec being received.

 

After I saw your post I thought I would setup my laptop on the network and see if it was just my show computer(desktop). My laptop does the same thing when the CommListener starts up. I think this i something new that started with V3.11, I don't recall seeing all this traffic when I was running my Christmas light show.

Link to comment
Share on other sites

I threw a flag down in the Beta forum.

 

From my ISP: "Last night I
noticed that you were saturating your upload. It is still saturated right at
this very moment. Who knows how long it has been like this. Also, in
attempting to see if this constant upload is a valid connection (I thought
maybe you are uploading to a web server out on the internet), I found some
more suspicious activity. The connection originating from your network has
its source IP address spoofed (aka changed) to an invalid one and the
destination address is also changed to an invalid one.  Since both the
source and destination are invalid IP addresses you are essentially
generating traffic that is going nowhere and is returning nowhere. The only
thing it is doing is just using up the bandwidth on your network, our radio,
and our tower. This is what is known as a DoS attack, or Denial of Service
attack and is a common thing certain viruses do. Since your upload bandwidth
is saturated it makes it very difficult for you to use your download
bandwidth as well (since anything you download also uses a small amount of
upload to do validity checks and send requests for the next part of a file
download or video stream etc). So I'm thinking that if you can get this
virus stomped out your speed will seemingly increase several times over
since you will then have full access to all your bandwidth again."

 

And after I killed CommListener

 

"If it helps from what I can
remember during the suspected DoS attack the source of the attack was
192.168.1.5 and the destination was 192.168.0.2 (from what I can remember).
Do those IPs mean anything to you?"

 

1.5 was my LAN and 0.5 was what CommListener was looking for.

Edited by colonel
Link to comment
Share on other sites

That is strange that those IP are on different subnets. Is your netmask 255.255.0.0 by any chance?

I'm guessing 192.168.1.5 is your PC,

Is 192.168.0.2 your router?

Are you running your E1.31 unicast or multicast?

Link to comment
Share on other sites

That is strange that those IP are on different subnets. Is your netmask 255.255.0.0 by any chance?

I'm guessing 192.168.1.5 is your PC,

Is 192.168.0.2 your router?

Are you running your E1.31 unicast or multicast?

 

255.255.255.0. 192.168.1.5 is the pc hooked to my router then to the internet. 192.168.0.5 is a network card I put in to handle the e1.31 that I do not have anything hooked to. LOR Network config is set for e1.31 192.168.0.2 and 4 Universes. Nothing is hooked to that network yet but CommListener is happy until I disable that NIC then it starts sending data to to the LAN NIC and out thru the WAN. Kinda like Despartly Seeking Susan, where did 192.168.0.2 go?

Link to comment
Share on other sites

The part I find interesting is that your ISP is seeing any of it. In most consumer home LAN configurations, there is a router between the ISP and your local traffic (in many cases as part of your modem). There are a couple reasons for this. In your case it would appear that is not the case. One of the major things that your router does for you is to keep your local traffic LOCAL. For example if your computer sends something to the printer, or you transfer files from one local computer to another local one, there is absolutely no reason for that traffic to ever leave your local LAN (and a bunch of reasons for it not to). If this were the case, your ISP would not be seeing your E1.31 traffic at all.

It sounds like you have a wireless ISP in which case he is REALLY interested in you not chocking his bandwidth, and for security purposes you should be too.

Yes, the comm listener starts sending E1.31 frames as soon as it starts - I'm sure by design. The amount of traffic on your local LAN (even at 10 Base-T) is not all that much. For example, when I look at my managed switch, the traffic that runs 24x7 for the one universe does not even show on the bar graph of traffic on the switch. I can see that the the data light on, and the port traffic counter shows the traffic, but it's not really all that much. On your internet connection (normally a MUCH smaller pipeline) it would be a much higher percentage.

Colonel, If you need some help to fix your network problem, PM me with a phone number and I will see how I can help you.

Link to comment
Share on other sites

Jim,

I'm running 7 universes right now and it's using up 1Mbps of bandwidth, which really isn't that much.  My questions is why would the CommListener be sending out ANY packets when a show isn't even running?  They are UDP packets, so it's not like the CommListener is checking to see if the device is still online.

Just curious if you have any thoughts on this.

Link to comment
Share on other sites

colonel,

I agree with Jim on this, I'm not sure why your ISP would see this, I'm guessing your PC is directly on the ISP wireless and not behind a router. 

Curious, are you running your E1.31 multicast or unicast?

Link to comment
Share on other sites

It sounds like you have a wireless ISP in which case he is REALLY interested in you not chocking his bandwidth, and for security purposes you should be too.

Yes, the comm listener starts sending E1.31 frames as soon as it starts - I'm sure by design. The amount of traffic on your local LAN (even at 10 Base-T) is not all that much. For example, when I look at my managed switch, the traffic that runs 24x7 for the one universe does not even show on the bar graph of traffic on the switch. I can see that the the data light on, and the port traffic counter shows the traffic, but it's not really all that much. On your internet connection (normally a MUCH smaller pipeline) it would be a much higher percentage.

 

Yes I have a dedicated wireless "T1". I'm a retired ISP and my private network has 8 routers linked in wds on it. I'm 192. inside and on my ISP's 10.0 network too. I'm trying to tip toe into 1.31 on a new nework and isolate it there. With both NIC's running all is fine and I see no "blips" on the 1.31 nic and normal on lan side. CommListener is not playing nice and staying in the 1.31 network and looking anywhere it can. I'm sure they will fix it. I got it once to do this just by unplugging the cable but have not been able to reproduce.

Link to comment
Share on other sites

I might have an easy answer for you. First I want to make sure I know what you have. Your show computer has 2 NICs - one is on your "normal" network with an IP of 192.168.1.5, and the second NIC is on your E1.31 network with an IP of 192.168.0.5. Other than than the 2 networks both appearing on the 2 NICs in the show computer, the two networks otherwise do not meet. There is nothing plugged into the NIC for the E1.31 LAN. I think you inferred that your Sandevices card in 192.168.0.2. Do I have that right?

Here is what I think is happening. When you have nothing plugged into the E1.31 network NIC, the computer does not directly know how to route traffic to 192.168.0.2, so it does exactly what it's supposed to do - I sends it to it's default gateway (which is most likely the IP address for the NAT router on your "normal" network - most likely 192.168.1.1). That router doesn't know how to get to the 192.168.0.2 either so it sends it to it's default gateway which is your ISP. Your ISP most likely has a a smart enough router to know that 192.168.x.x is in a non-routable private address space so it dumps it in the bit bucket - however it is tying up your rather limited internet pipeline. BTW most consumer routers as it turns out are not smart enough to know what the private address spaces are and not to try to send them to the internet.

A couple of questions / suggestions for you.

1) Are the IP addresses on the show computer static or DHCP? Making them static may by itself solve the problem.

2) Is the intent to have the SanDevices card plug directly into the computer on NIC 2 or will there be a hub / switch / router in between? Having anything out there on the 192.168.0.x network in conjunction with #1 will give the computer someplace to send traffic destined for an 192.168.0.x address. Since it's UDP, it does not care if it's actually getting anywhere.

3) From your background I assume you know more about routing than the average bear, check your routing table (route print is a good start). See if what I said makes sense.

Link to comment
Share on other sites

>I might have an easy answer for you. First I want to make sure I know what you have. Your show computer has 2 NICs - one is on your "normal" network with an IP of 192.168.1.5, and the second NIC is on your E1.31 >network with an IP of 192.168.0.5. Other than than the 2 networks both appearing on the 2 NICs in the show computer, the two networks otherwise do not meet. There is nothing plugged into the NIC for the E1.31 LAN. I >think you inferred that your Sandevices card in 192.168.0.2. Do I have that right?

 

Yes that is right. I have no sandevices, no nothing plugged into the 192.168.0.2 nic.

>Here is what I think is happening. When you have nothing plugged into the E1.31 network NIC, the computer does not directly know how to route traffic to 192.168.0.2, so it does exactly what it's supposed to do - I sends it to

>it's default gateway (which is most likely the IP address for the NAT router on your "normal" network - most likely 192.168.1.1). That router doesn't know how to get to the 192.168.0.2 either so it sends it to it's default

 

No, CommListener doesn't seem to care if anything is plugged in or down stream of the nic. I have it running that way now and all is fine and there is no data showing.

 

 

You can reproduce this if you have 2 nic's, one lan and one e1.31. Just open you Network adpater settings and disable the e1.31 adapter with task manager running and networking tab open. The lan side nic will get all kinds of traffic from CommListener. Now what happens after that is probably how your network and internet is setup. I'm out in the sticks and don't have a typical setup.

Link to comment
Share on other sites

I can reproduce this just by turning off my E1.31 devices.  Leaving the hub running.  I also think that the computer sees noting on the E1.31 network and routs to the default gateway.  I can see the traffic switch NICs via the task manager's network tab.

 

Edit:  Traffic only switches NICs for the controllers that are turned on, i.e. if you have 2 controllers on the E1.31 network and one is powered up it's traffic head to the E1.31 network and the others to the default gateway.

Edited by khawes
Link to comment
Share on other sites

Cool! This is going to prompt me to do what I intend to do before Christmas - put a second NIC in my show computer and move the E1.31 to it. Then I can do some of these tests!! Right now I only have one E6804 running on my landscape lighting (on one universe), but in a couple months there will be a second one (on one or more likely two universes). For Christmas this year I will have the E682 with universes on the pixel tree that I had for the last 2 years, and new this year about 220 GE Color Effects on another E682 using 2 universes for a grand total of 11 universes. I have all the controllers so I can do some tests as soon as the second NIC is added...

Link to comment
Share on other sites

I wonder if having a router on the E1.31 network would solve the problem since it would advertise itself as handling that subnet.   I think I have an old router laying about to test with.

Link to comment
Share on other sites

Last season I used a sandevices E682 connected to my router that is connected to my internet modem and I noticed that the internet speed decreased a lot to the point that I can not surf on internet when mega tree and ccr are on, so I decided to buy a second router just to run E682/ccr/lor shows and don't surf while shows are on, it really was my solution, about surf on internet while show time? I have a second computer and a laptop connected to my first router that is connected to my internet modem.

Link to comment
Share on other sites

  • 3 weeks later...

I am not able to access the internet thru wireless at all when the control panel is activated and Comm Listener running. Once the Control Panel is removed I can get full access via wireless. Ran XP system last year and did not have issues. Went to Windows 7 this year and have not been able to run a 6804 hooked up direct to PC with or without hook ups to LAN. With wireless off, LAN disconnected and network cable only to the E6804 I can test fine in config page for controller. When start up control panel and try to run sequence the lights do not match the sequence at all. I cannot stop sequence unless I uncheck Control the Lights either. I do have a USB adapter hooked up during this as well. This comm listener evidently is killing things. Any work arounds?

Link to comment
Share on other sites

This comm listener evidently is killing things. Any work arounds?

It is definitely not well behaved and spikes both of my NIC's at 750Kbps. It also is hit or miss in controlling my universes, sometimes fine, sometimes not. xLights works everytime. Lor is aware and this is what Dan recently said:

 

"Much time this week was spent on implementing and bench marking a bulk transfer of data to the listener program (not sure why it is call listener ?)... That is the program that sends data out for Raw DMX.."

Link to comment
Share on other sites

The Listener is doing exactly what it needs to do when you have one or more E1.31 universes defined:  Sending DMX control frames.  The DMX spec requires frames to be sent every so many MS, regardless if the data is changing or not (IE, you have a show running).  That is why you see data even without anything 'running'.

 

The issue is how you have routed that data.  Routing is a VERY complex area to learn -- there are multiple college level classes that dive into the nuances of IP routing.

 

For example (and this list is NO WHERE complete since even I'm not an IP guru), you need to be setting the routing metrics for your network properly.  You'll also need to create your own routing tables

 

If you don't properly set up the network, IP is going to do what IP does best -- it's going to try to find a route based on what it does know.  If you don't have things properly set up, data is going to flow out the best way possible:  If you turn OFF a NIC that is connected to a network, IP will see that and try sending the data out a DIFFERENT or default NIC.  If the device is OFF on a particular network, IP will assume it can't reach the device due to a routing problem and will send the data out a DIFFERENT ROUTE (in this case NIC).  If the routing tables don't specify a particular route for a packet, IP will send the packet out to the DEFAULT gateway.  If that default gateway can not find a route to a network, it will send it to its DEFAULT GATEWAY, and so on.....

 

The ISP is indeed seeing a DoS attempt from you - and you are the one generating it.  When it gets up to THEIR router (which is properly configured), it flags the packets and then tosses them.  The issue is not the Listener or the packets it is generating - it's that you are failing to catch those packets and route them properly.

 

In a nutshell, everything is working perfectly fine.  The issue is that you have not correctly specified the IP configuration on all your network devices (switches/routers/computers), and/or are doing things that are contrary to the way IP is supposed to work.

 

IP (and since it is carried over IP, E1.31) is a very complicated topic.  It will require extensive knowledge of networking, network topologies, routing, and equipment.  E1.31 is not nearly as simple as just hooking some CAT 5 up to a switch/router and expecting it to work.  It is the price you pay for the flexibility and speed E1.31 provides.

Link to comment
Share on other sites

The Listener is doing exactly what it needs to do when you have one or more E1.31 universes defined:  Sending DMX control frames.  The DMX spec requires frames to be sent every so many MS, regardless if the data is changing or not (IE, you have a show running).  That is why you see data even without anything 'running'.

 

Thanks for the clarification Mike. There seems to be a lot of complaints. One vendor shows leaving the gateway blank for the NIC feeding the 1.31's, so that doesn't help.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...