[SOLVED] What is a way of finding what device is crippling my internet ping at certain hours every day

[WoahAName]

So at certain times during the day, 7:30pm, and 10:30pm to 11pm, the ping on my internet sky rockets to a few thousand ms. When pinging the router I get around 7ms, but then pinging Google's DNS, it's massively high during these times. Normally it will sit at about 20ms before this, but after about 7:30pm, the first spike, it will sit at about 100 till about 1am, where it will go back down to 20ms. Anyway I can see on my network which device is causing this without individually disabling each one?

 

[Grobe]

Wich kind of network do you have?

You may opt for using Wireshark. Here is a nice tutorial on how to use that program

View: https://www.youtube.com/watch?v=TkCSr30UojM


Disclaimer: You probably have to use Wireshark on a computer in your network that is forwarding packets since a network switch doesn't broadcast IP packets.

 

[WoahAName]

Wich kind of network do you have?

You may opt for using Wireshark. Here is a nice tutorial on how to use that program

View: https://www.youtube.com/watch?v=TkCSr30UojM


Disclaimer: You probably have to use Wireshark on a computer in your network that is forwarding packets since a network switch doesn't broadcast IP packets.

I already tried using Wireshark, but wasn't able to really figure it out, tonight I'm gonna try using the aircrack-ng framework, and then if I see a MAC broadcasting a lot of frames when the ping skyrocket, I'll head to that first.

The network if this helps, consists of 3 routers, each using WPA2-PSK, up until about last week this setup has been fine for a long time, I get 40down and 10up, usually a ping of about 20ms, and there is about 20 devices on it in total

 

[bill001g]

Any form of wifi sniffing is pretty much a complete waste of time. The problem is the data is chopped up and sent over multiple streams...ie mimo. So even if you get a wifi chip that can be set to promiscuous mode the chip will not give you partial or damaged packets. This was true even before the days of mimo and would be useful for troubleshooting. Not sure why it works this way but unless the packet is valid the chipset does not give it to you.

When you use mimo the odd tend to be much less that you get all the parts. The communication between the router and the end device do not have the same exact path as the path between these devices and your machine. It tends to make it close to impossible to get much meaningful data.

Does your router not have a traffic monitor this has become a fairly common feature. It does not save long term data but you can watch it and see what is active when it happens. If yours does not have this feature does it have any option to load third party firmware like openwrt or ddwrt.

 

[WoahAName]

I already tried using Wireshark, but wasn't able to really figure it out, tonight I'm gonna try using the aircrack-ng framework, and then if I see a MAC broadcasting a lot of frames when the ping skyrocket, I'll head to that first

Any form of wifi sniffing is pretty much a complete waste of time. The problem is the data is chopped up and sent over multiple streams...ie mimo. So even if you get a wifi chip that can be set to promiscuous mode the chip will not give you partial or damaged packets. This was true even before the days of mimo and would be useful for troubleshooting. Not sure why it works this way but unless the packet is valid the chipset does not give it to you.

When you use mimo the odd tend to be much less that you get all the parts. The communication between the router and the end device do not have the same exact path as the path between these devices and your machine. It tends to make it close to impossible to get much meaningful data.

Does your router not have a traffic monitor this has become a fairly common feature. It does not save long term data but you can watch it and see what is active when it happens. If yours does not have this feature does it have any option to load third party firmware like openwrt or ddwrt.

It's a very old Sky SR102, so as far as I know it does not

 

[bill001g]

It has a dsl modem in it which makes pretty much any third party firmware impossible. The devices provided by ISP tend to be simplistic since they feel that someone who wants more advanced stuff would have opted to use their own router.

I think you already know your best option next which is disabling devices to see which ones i causing it. Otherwise you need to buy a better router that has traffic monitors. Many of the tplink devices and asus devices have these features. Read the manuals some of the very low end devices do not but the rest run the same firmware images on all the other devices.

 

[WoahAName]

I was thinking of getting an ASUS router, currently on the network is 2 Sky SR102, and an Apple Airport, I would prefer an ASUS router for all the advanced features that it would have

 

[Ketchup79]

What kind of Internet do you have (Cable, DSL, Satellitle, Fibre, etc)?