Skip to main content
Question

Need some help - hijacked connection?

  • November 28, 2018
  • 10 replies
  • 38 views
A
Forum|alt.badge.img+1

Hi There,

First post here, driven from desperation! I am an end user who has a problem that my corporate IT seem unable to fix....

I am running a brand new MacBook Pro, with a software load that came from my company, including McAfee (yuck) and whatever managed services stuff they have put on - which seems to include some jamf stuff. Managed services is above my pay grade....

The problem I have is that every so often, it seems that something is hijacking my internet connection and crazily slowing down the connection.

To put it into perspective, I am at home, I have fibre straight into the building and normally get 300mbps down and 30mbps up, with latency around 7ms.

When this problem occurs, net speed slows down to around 200kbps and latency goes out to around 7 SECONDS. Obviously this is unworkable.

If I use the terminal and run a simple trace route command to the BBC website (bbc.co.uk), I expect to see my home router (192.168.1.254) as the first hop on the trace route. However, when this problem is happening, the first hop is always 172.20.10.1 instead.

So it seems to me as if something is acting like a VPN and rerouting all traffic via somewhere it shouldn't be and massively slowing down the connection the process.

This worries me - I am not sure if there is some kind of malware on the machine that is activating every few hours and causing this issue. I have run both McAfee and Intego scans and both come up 100% clean.

I have another company MBP sitting here (in fact I am writing this on it) and it does not exhibit the same problem on the same network - the connection is good as gold and all packets seem to go to the right place.

So - does anyone know what this problem could be? Or how I can determine what process is hijacking my connection? I am all out of ideas......

Thanks in advance!

    10 replies

    R
    Forum|alt.badge.img+8
    • rblaas
    • Contributor
    • 118 replies
    • November 29, 2018

    What is the uptime for the machine?

    I am asking this because we have a similar issue here on macs which have a high uptime (as in more than days) where Network speeds drop significantly. (Also connections to internal fileserver slow down)

    A reboot fixes this issue but we are unable, thus far, to pin point this problem and fix it.

    M
    Forum|alt.badge.img+7
    • mack525
    • Contributor
    • 91 replies
    • December 13, 2018

    Curious on this as well. Have been unable to find this anywhere.

    S
    Forum|alt.badge.img+15
    • sshort
    • Valued Contributor
    • 301 replies
    • December 13, 2018

    I’m guessing this is related to an “always on” VPN or an SSL-decryption service like Symantec DLP vs JAMF itself.

    You mentioned it’s a new machine, the above mentioned software/services might be throwing a fit if it’s scanning something like a shared Dropbox/Box/Google Drive folder that’s still syncing. Digging into Activity Monitor might give some clues.

    G
    Forum|alt.badge.img+16
    • gachowski
    • Honored Contributor
    • 1054 replies
    • December 15, 2018

    @mack525 We have seen this too...

    What VPN and AV are you using?

    https://www.jamf.com/jamf-nation/discussions/30439/mojave-10-14-2-sometimes-network-connection-cuts-out

    C

    M
    Forum|alt.badge.img+23
    • milesleacy
    • Valued Contributor
    • 512 replies
    • December 16, 2018

    “Always on” proxy or VPN would also be my best guess of culprit, without looking at your environment/speaking to your endpoint and network security teams.

    M
    Forum|alt.badge.img+13
    • Malcolm
    • Valued Contributor
    • 277 replies
    • December 17, 2018

    it does sound like you have a VPN set.

    The thing about routers is, if they have an open port on them, you can send a broadcast of traffic as upload and not really have any control over it.

    One consideration would be to also erase and firmware update your router.

    C
    Forum|alt.badge.img+1
    • cody_anderson
    • New Contributor
    • 7 replies
    • December 17, 2018

    I used to run into an issue similar sounding at my old job but it was always due to the AntiVirus scanning a network mounted drive from the server. If you have any Google Drive/DropBox/Network shares mounted Make sure IT adds them to the Antivirus whitelist.

    On a different troubleshooting line, does this seem to happen to any other machines on your network around this time same time? Does the computer itself slow down when this is going on or just the internet connection?

    Next time it happens make a note of the time and have your IT team check the JAMF logs, you might be being VPNing back to the main office so your computer can check in properly with JAMF or some other internal service.

    D
    Forum|alt.badge.img+2
    • demitrious.o
    • New Contributor
    • 11 replies
    • December 17, 2018

    Have you tried booting your Mac into safe mode , which should load the minimal number of services and drivers needed for operating it and seeing if the issue still occurs ?

    I'm assuming you're the only one at you work place reporting this. Does this issue only occur when you're at home ? or in the office as well? or any internet connection that is not your work connection?

    It might be a good idea to get a copy of WireShark installed https://www.wireshark.org
    This will allow you to capture the traffic as the issue is going on and get a more detailed view of what might be going on.

    G
    Forum|alt.badge.img+16
    • gachowski
    • Honored Contributor
    • 1054 replies
    • December 17, 2018

    We have seen that a reboot is a temp fix, however this issue will return within a few hours ....

    C

    D
    Forum|alt.badge.img+2
    • demitrious.o
    • New Contributor
    • 11 replies
    • December 17, 2018

    Also is this issue only happening at home ?


    Terms & ConditionsCookie settingsAccessibility statement