Network lag caused by IGMP messages

[lngtrn94]

I've recently bought a new laptop. Replaced the SSD and installed a brand new Windows 10 on it (so no OEM windows) and in online gaming I was getting an awful lot of network lag spikes. I downloaded wireshark and fired it up to see what's going on. The following packets get sent every two minutes and apparently they are causing the lag.

For example this happens, this happens while I'm playing Team Fortress 2 and running "ping 8.8.8.8 -t" in the background. Notice the big gap in the incoming UDP packets and the late ping reply.

I don't really know what the purpose of these packets is (joining a multicast group or something) but after running the ping and wireshark for a long time, I'm certain these IGMPv3 packets have something to do with the lags. Probably there is something running in the background doing something every two minutes that's sending this packets. But I have no idea how to find out what it is other than trial and error (so far unsuccessful).

This is happening on the WLAN interface, and unfortunately I have no means of trying it out on Ethernet currently. I tried both the 2.4GHz and 5GHz band of the router. My previous laptop didn't have this issue with the same router and network so it should be a problem on the new laptop.

Any help would be appreciated to find the source of this problem, because I've tried what I know and I jsut ended up being clueless. Thanks.

 

[bill001g]

Multicast is one of those things you see on certification test more than you see it in the actual world so I forget the details.

I am not 100% sure but I think your pc is joining the multicast groups. 151,152,& 153. The last one is part of IPV6 so it could be the IPV6 support in your nic card doing it. Maybe try to disable the IPv6 support

The resource monitor might show you the processid that is sending the packets.

In any case it is just a couple garbage packets being sent now and then. It likely causes no problems. If there was actually a multicast feed on those ports and the route/switch supported multicast you would see the actual multicast data being sent to your machine with a ip address of the source machine and the multicast address as the destination.

These packets are ignored by most consumer routers and switches. They never leave the local lan. A protocol called PIM is used to cross a router boundary but multicast has never been supported over the internet even though multicast has existed since the invention of the ip protocols. It is only used in enterprise installation and even that is now rare other than to run stuff like routing protocols.

 

[nigelivey]

Are you using chat whilst gaming, this is a one to many broadcast and is quite common. Are you seeing this broadcast when you are not gaming? I think you are barking up the wrong tree if you think this is a cause of lag.

 

[lngtrn94]

Multicast is one of those things you see on certification test more than you see it in the actual world so I forget the details.

I am not 100% sure but I think your pc is joining the multicast groups. 151,152,& 153. The last one is part of IPV6 so it could be the IPV6 support in your nic card doing it. Maybe try to disable the IPv6 support

The resource monitor might show you the processid that is sending the packets.

In any case it is just a couple garbage packets being sent now and then. It likely causes no problems. If there was actually a multicast feed on those ports and the route/switch supported multicast you would see the actual multicast data being sent to your machine with a ip address of the source machine and the multicast address as the destination.

These packets are ignored by most consumer routers and switches. They never leave the local lan. A protocol called PIM is used to cross a router boundary but multicast has never been supported over the internet even though multicast has existed since the invention of the ip protocols. It is only used in enterprise installation and even that is now rare other than to run stuff like routing protocols.

Thanks for the suggestions. But unfortunately disabling IPv6 support didb't make a difference and I tried, but I don't think I can use the resourse monitor to trace packets. Blocking IGMP packets via firewall does remove the lags, but it doesn't seem like an ideal solution to me, because I'd rather find the source and solve the problem there. Is it safe to fully block outbound IGMP packets?

 

[bill001g]

As I stated IGMP never leaves your house so it is not the cause of your lag. You likely have a gigabit of bandwidth so a few igmp packets here and there do not put out enough traffic to cause delays....you would see packet loss anyway if you were overloading a lan connection.

Strange it fixes it blocking it on the firewall but IGMP does nothing when there is no multicast traffic source.

 

[lngtrn94]

Are you using chat whilst gaming, this is a one to many broadcast and is quite common. Are you seeing this broadcast when you are not gaming? I think you are barking up the wrong tree if you think this is a cause of lag.

These packets are sent even when the pc is freshly booted and no chat program is started. Yes, this broadcast happens when not gaming aswell and still causes ping spikes. Even with Steam and Discord not running (uninstall the skype windows app aswell).

As I said, I'm certain that these packets have something to do with the lags. I was monitoring wireshark while playing and running the ping command and the lags and ping spikes occur whenever these packets are sent. Additionally, I tried completely blocking outbound IGMP packets with the firewall and there were no lags at all.

 

[lngtrn94]

As I stated IGMP never leaves your house so it is not the cause of your lag. You likely have a gigabit of bandwidth so a few igmp packets here and there do not put out enough traffic to cause delays....you would see packet loss anyway if you were overloading a lan connection.

Strange it fixes it blocking it on the firewall but IGMP does nothing when there is no multicast traffic source.

I'd imagine that it is not caused by IGMP directly, but something in the background that's sending these packets. And since the packets are blocked it can't do whatever it is that causes the lag? I really have no clue.

 

[bill001g]

As I stated IGMP never leaves your house so it is not the cause of your lag. You likely have a gigabit of bandwidth so a few igmp packets here and there do not put out enough traffic to cause delays....you would see packet loss anyway if you were overloading a lan connection.

Strange it fixes it blocking it on the firewall but IGMP does nothing when there is no multicast traffic source.

I'd imagine that it is not caused by IGMP directly, but something in the background that's sending these packets. And since the packets are blocked it can't do whatever it is that causes the lag? I really have no clue.

Yes it would be nice to find what is going it. Maybe the firewall will tell you something in the blocked messages. I could see if it actually got a response it might do something but the software sending it does not really know that it was sent out and got no response or it was blocked by the firewall and got no response.

Very strange....

 

[lngtrn94]

Okay, so I found out about the Microsoft Message Analyzer Tool, which can trace packets back to the process id. And I got the results below.

So most of the time it's an idle process. All of them have the event id of 1001 which comes from Windows Error Reporting. So I guess windows is broadcasting error reports? There are actually 1001 events in the Application Event Viewer that correspond to the packets that have a non-zero process id. I don't know what ETW is but I feel like this shouldn't be causing lags either. I can't really make anything out of this. Here are the captured packages if anyone can make sense out of them:
https://puu.sh/yfiNj/3d725faa6b.matp
https://puu.sh/yfiNv/6d83251d7a.cap

 

[bill001g]

That is interesting your router is sending out a query and your pc is responding to it. Can you disable multicast support in the router. Maybe the nic itself has a option to turn off multicast support

 

[lngtrn94]

That is interesting your router is sending out a query and your pc is responding to it. Can you disable multicast support in the router. Maybe the nic itself has a option to turn off multicast support

I should've realized that the membership request was coming from the router. I have a TP-Link Archer C50 AC1200 router. Maybe I didn't look hard enough but I didn't find the option to completely disable multicast. However, I found that IGMP snooping was enabled. After disabling IGMP snooping the lags are gone. The router is still sending out the query every two minutes and the pc responds accordingly, but it's not causing lagspikes anymore. So apparently this snooping on the router blocks inbound and outbound traffic and triggered by multicast packets. If I read it correctly IGMP snooping is protection against multicast flooding which isn't something I should be worried about in a home network, so I'll disable it for now. I don't know if there's a better solution than this. Thanks for all the help bill001g.