Need some help - hijacked connection?

adentonmiller
New Contributor

Hi There,

First post here, driven from desperation! I am an end user who has a problem that my corporate IT seem unable to fix....

I am running a brand new MacBook Pro, with a software load that came from my company, including McAfee (yuck) and whatever managed services stuff they have put on - which seems to include some jamf stuff. Managed services is above my pay grade....

The problem I have is that every so often, it seems that something is hijacking my internet connection and crazily slowing down the connection.

To put it into perspective, I am at home, I have fibre straight into the building and normally get 300mbps down and 30mbps up, with latency around 7ms.

When this problem occurs, net speed slows down to around 200kbps and latency goes out to around 7 SECONDS. Obviously this is unworkable.

If I use the terminal and run a simple trace route command to the BBC website (bbc.co.uk), I expect to see my home router (192.168.1.254) as the first hop on the trace route. However, when this problem is happening, the first hop is always 172.20.10.1 instead.

So it seems to me as if something is acting like a VPN and rerouting all traffic via somewhere it shouldn't be and massively slowing down the connection the process.

This worries me - I am not sure if there is some kind of malware on the machine that is activating every few hours and causing this issue. I have run both McAfee and Intego scans and both come up 100% clean.

I have another company MBP sitting here (in fact I am writing this on it) and it does not exhibit the same problem on the same network - the connection is good as gold and all packets seem to go to the right place.

So - does anyone know what this problem could be? Or how I can determine what process is hijacking my connection? I am all out of ideas......

Thanks in advance!

10 REPLIES 10

rblaas
Contributor II

What is the uptime for the machine?

I am asking this because we have a similar issue here on macs which have a high uptime (as in more than days) where Network speeds drop significantly. (Also connections to internal fileserver slow down)

A reboot fixes this issue but we are unable, thus far, to pin point this problem and fix it.

mack525
Contributor II

Curious on this as well. Have been unable to find this anywhere.

sshort
Valued Contributor

I’m guessing this is related to an “always on” VPN or an SSL-decryption service like Symantec DLP vs JAMF itself.

You mentioned it’s a new machine, the above mentioned software/services might be throwing a fit if it’s scanning something like a shared Dropbox/Box/Google Drive folder that’s still syncing. Digging into Activity Monitor might give some clues.

gachowski
Valued Contributor II

@mack525 We have seen this too...

What VPN and AV are you using?

https://www.jamf.com/jamf-nation/discussions/30439/mojave-10-14-2-sometimes-network-connection-cuts-out

C

milesleacy
Valued Contributor

“Always on” proxy or VPN would also be my best guess of culprit, without looking at your environment/speaking to your endpoint and network security teams.

Malcolm
Contributor II

it does sound like you have a VPN set.

The thing about routers is, if they have an open port on them, you can send a broadcast of traffic as upload and not really have any control over it.

One consideration would be to also erase and firmware update your router.

cody_anderson
New Contributor

I used to run into an issue similar sounding at my old job but it was always due to the AntiVirus scanning a network mounted drive from the server. If you have any Google Drive/DropBox/Network shares mounted Make sure IT adds them to the Antivirus whitelist.

On a different troubleshooting line, does this seem to happen to any other machines on your network around this time same time? Does the computer itself slow down when this is going on or just the internet connection?

Next time it happens make a note of the time and have your IT team check the JAMF logs, you might be being VPNing back to the main office so your computer can check in properly with JAMF or some other internal service.

dorellano
New Contributor III

Have you tried booting your Mac into safe mode , which should load the minimal number of services and drivers needed for operating it and seeing if the issue still occurs ?

I'm assuming you're the only one at you work place reporting this. Does this issue only occur when you're at home ? or in the office as well? or any internet connection that is not your work connection?

It might be a good idea to get a copy of WireShark installed https://www.wireshark.org
This will allow you to capture the traffic as the issue is going on and get a more detailed view of what might be going on.

gachowski
Valued Contributor II

We have seen that a reboot is a temp fix, however this issue will return within a few hours ....

C

dorellano
New Contributor III

Also is this issue only happening at home ?