High network traffic between Pi2 and Win7 PC

For a while now I have been seeing near constant bidirectional traffic of about 2Mb between My Pi2 running the latest OSMC and my Win7 Ultimate PC.

I have checked settings that I think may be relevant as follows;
------UPnP/DNLA = off
------This system = on
------Other systems = off
----Zeroconf = off
----Airplay = off
I can see nothing relevant under the OSMC settings section.

The following is a screencap showing the traffic pattern. The gaps are a couple of seconds.

My wife has an older XP system and is not seeing any traffic other than browsing. Is my Win7 64bit Ultimate doing this?

This does not appear to be adversely affecting either system but it is bugging me that I can not work out why.

Any thoughts/suggestions would be greatly appreciated.

You would need to use a traffic monitoring program such as wireshark to find out what kind of traffic it is, otherwise we could only guess.

Hmmmm. I just looked and I think you just asked me to do the equivalent to learning Chinese to read a single road sign but hey-ho - downloading.

Are you certain that graph is only showing traffic from your Pi to your Windows computer?



TLDNR - Shared folder with TOO many files causing LOTS of SMB traffic.

sam_nazarko - Yes as disconnecting the Pi LAN cable instantly returned traffic to expected levels.

DBMandrake’s suggestion of investigating using Wireshark appeared daunting but the first capture session showed that just about every packet was an ongoing SMB conversation between the two devices. Reading the files referred to in the packets revealed the cause.

I had set up a shared folder (Download) as the default IE and Firefox download location. Initially this was done to share videos to the Pi as I am on a SLOW rural connection which means that streaming is not an option.

Over time a lot of other things were downloaded and left there. WSCCPortable alone has over 700 files. The folder contained a total of 3,663 files in 1,017 folders!

I moved all the content to another location and the traffic immediately dropped back to expected levels.

Thank you for your help in solving this.

Well done on the detective work to solve that. :smile:

Yes wireshark is a bit daunting looking to begin with (hell, I only know how to use 1% of it’s features) if you can get far enough to get it capturing it’s not too difficult to then see where the packets are going, what protocol they are using etc. And in this case it jogged your memory that a PC was configured to download directly to your Pi. Apparently the browser keeps “checking” the download location to see if anything has changed…

Another option to wireshark would have been to install tcpdump on the Pi itself, then do something like:

sudo tcpdump -n -i eth0 not port 22

This will monitor all traffic going over eth0 (ethernet) except traffic on port 22 - this is needed otherwise your SSH session connecting to the Pi to run tcpdump will generate traffic on port 22 that will be monitored by tcpdump which will then generate even more traffic…bit of a viscous circle of useless traffic if you don’t filter it out.