Fixing Unprioritized packets

[Kwee]

Anyway to get received packets to 0? 
 

I swear when I first had this router installed a year ago I always had 0 packets under unprioritized for both transmitted and received

 

could this be a setting I changed or a bad firmware update causing packet loss showing up now? 

 

You can view the amount of data transferred since your router was switched on, including unprioritized packets (packets which did not reach their destination).

this is right after a reboot on the XR1000, it’s showing unprioritized packets right after it reboots 

[Netduma Fraser]

Have you enabled any options for blocking such as blocking on the device manager or traffic controller for example? It could also be the ethernet cables you're using, if you have any spare it would be a good idea to swap them out just to be sure.

[Kwee]

I switched out the Ethernet cables and it’s still showing unprioritized packets. The only Ethernet cable I can’t switch is the one from the garage that’s on the ONT going into my closet that connects to the modem. I can switch out the ones to the computer and modem only. I don't have any blocked devices and never set any traffic rules
 

So maybe it’s a possibility the ethernet cable I can’t switch out  from the garage is causing the packet loss? 

 I get 6 unprioritized packets every 3 seconds and it never stops 

 

what's up with all these DoS attacks? I swear these things just flood the entire log all day long.

[Admin login] from source 10.0.0.3, Saturday, Jan 29,2022 21:05:27
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:15
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:15
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:14
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:14
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:13
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:13
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:12
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:12
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:11
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:11
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:10
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:10
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:09
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:09
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:08
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:08
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:07
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:07
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:06
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:06
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:05
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:05
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:04
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:04
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:03
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:03
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:02
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:02
[DoS attack: UDP Flood] from source 147.135.65.144,port 53655 Saturday, Jan 29,2022 21:01:01
[DoS attack: UDP Flood] from source 147.135.65.144,port 47423 Saturday, Jan 29,2022 21:01:01
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:58:44
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:58:34
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:58:24
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:58:13
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:52:22
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:52:12
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:52:02
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:51:51
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:51:41
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:47:36
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:47:24
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:47:14
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:47:03
[DoS attack: snmpQueryDrop] from source 146.88.240.4,port 35946 Saturday, Jan 29,2022 20:45:54
[DoS attack: snmpQueryDrop] from source 185.94.111.1,port 37790 Saturday, Jan 29,2022 20:45:37
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:45:06
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:44:51
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:44:40
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:44:30
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:44:20
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:42:35
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:42:24
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:42:12
[DoS attack: NetBiosReplyDrop] from source 10.0.0.3,port 137 Saturday, Jan 29,2022 20:42:02
[DHCP IP: (10.0.0.8)] to MAC address C0:E4:34:71:20:B5, Saturday, Jan 29,2022 20:39:31
[DoS attack: ACK Scan] from source 168.181.147.5,port 14054 Saturday, Jan 29,2022 20:38:25
[Admin login] from source 10.0.0.3, Saturday, Jan 29,2022 20:30:02
[DHCP IP: (10.0.0.12)] to MAC address 0E:01:B6:16:3F:1D, Saturday, Jan 29,2022 20:27:04
[Admin login] from source 10.0.0.3, Saturday, Jan 29,2022 20:25:11
[DHCP IP: (10.0.0.11)] to MAC address 0A:75:44:69:7E:C9, Saturday, Jan 29,2022 20:21:51
[DoS attack: ACK Scan] from source 23.47.150.53,port 443 Saturday, Jan 29,2022 20:20:37
[DoS attack: ACK Scan] from source 205.234.175.102,port 443 Saturday, Jan 29,2022 20:12:03
[DoS attack: ACK Scan] from source 205.234.175.102,port 443 Saturday, Jan 29,2022 20:11:27
[DoS attack: ACK Scan] from source 205.234.175.102,port 443 Saturday, Jan 29,2022 20:10:40
[DoS attack: ACK Scan] from source 35.81.239.229,port 443 Saturday, Jan 29,2022 19:58:35
[DHCP IP: (10.0.0.3)] to MAC address A8:A1:59:26:95:4E, Saturday, Jan 29,2022 19:53:53

[Netduma Fraser]

Possibly, easiest way to tell would be to unplug the XR then connect your PC direct and use PingPlotter to see if you're still getting that packet loss. DoS entries are false flags, they show connections you've crossed paths with for example, it looks like you may have been playing a game during the log times

[Kwee]

I notice on some of the hops I do get packet loss with the Nighthawk.

So I should be looking for PL on any of the hops when running the test with just the modem and watching the graph for spikes?

When I run pingplotter with the XR1000 I notice I get a few spikes every few moments when flooding the network. I get a avg ping of 13ms and the spikes 20-29ms 

[Newfie]

7 hours ago, Kwee said:

I notice on some of the hops I do get packet loss with the Nighthawk.

So I should be looking for PL on any of the hops when running the test with just the modem and watching the graph for spikes?

When I run pingplotter with the XR1000 I notice I get a few spikes every few moments when flooding the network. I get a avg ping of 13ms and the spikes 20-29ms 

That’s fine, no QoS can eliminate latency to a 0 degree and 20 to 29ms is fine. It’s also not unusual to see some hops  show latency, it’s when the latency follows on from your first or second hop and is shown on all hops when you then need to investigate.

NG routers constantly show scans in their logs. We all get scans through the day no matter what router we have and it shows the router is doing it’s job to protect you. Some results will be false positives but seeing scans and probes is nothing to worry about as long as you are up to date on the latest firmware which normally includes security updates to protect you.
 

 

[Kwee]

How do I allow the modem to give the router the public IP address? I'm using IP passthrough right now, is DMZ another method to get the public IP from the modem to the XR1000?

Every time I do a hard reset on the router I always get this notice saying the router has been changed to 10.0.0.1, So now I need to type 10.0.0.1 to login to the router. . This changed my WAN IP on the XR1000 to WAN IP 23.122.XXX.X instead of the modems 192.168.XXX.X

Is this new WAN IP the public IP address sent from the modem?

 

[Netduma Liam]

17 hours ago, Kwee said:

How do I allow the modem to give the router the public IP address? I'm using IP passthrough right now, is DMZ another method to get the public IP from the modem to the XR1000?

Every time I do a hard reset on the router I always get this notice saying the router has been changed to 10.0.0.1, So now I need to type 10.0.0.1 to login to the router. . This changed my WAN IP on the XR1000 to WAN IP 23.122.XXX.X instead of the modems 192.168.XXX.X

Is this new WAN IP the public IP address sent from the modem?

 

DMZ would be a good option to achieve this, it means the upstream modem/router would forward all traffic to the XR1000.

Is the LAN IP of the modem/router above the XR also 192.168.1.1? If so, that's why it's changing to 10.0.0.1. 

If the WAN IP is changing on the XR to 23.122.X.X, that would suggest the current IP passthrough method is working. Let me know if I've misunderstood you there.

[Kwee]

4 hours ago, Netduma Liam said:

DMZ would be a good option to achieve this, it means the upstream modem/router would forward all traffic to the XR1000.

Is the LAN IP of the modem/router above the XR also 192.168.1.1? If so, that's why it's changing to 10.0.0.1. 

If the WAN IP is changing on the XR to 23.122.X.X, that would suggest the current IP passthrough method is working. Let me know if I've misunderstood you there.

Ya I understand what you are saying, Let's run those test you were talking about. I would love to pin point this unprioritized packet loss I'm getting on the receiving side.

I wanna try the DMZ method and see if this helps at all. I'm just open to trying new things since whatever I've been doing is not changing  a single thing at the moment 

[Netduma Fraser]

Passthrough can be finicky sometimes - the modem mode on my ISP router isn't reliable and I use the DMZ and find it to be much better so that's a good step to try.

[Kwee]

1 hour ago, Netduma Fraser said:

Passthrough can be finicky sometimes - the modem mode on my ISP router isn't reliable and I use the DMZ and find it to be much better so that's a good step to try.

what steps do I take to try DMZ mode?

[Netduma Fraser]

Copy the WAN IP from the System Information page and enter it in the DMZ on the modem, then you're good to go!

[Kwee]

1 hour ago, Netduma Fraser said:

Copy the WAN IP from the System Information page and enter it in the DMZ on the modem, then you're good to go!

looks like my only option is IP passthrough. Don't see any DMZ options on the 

ARRIS

Model NumberBGW210-700

[Netduma Fraser]

48 minutes ago, Kwee said:

looks like my only option is IP passthrough. Don't see any DMZ options on the 

ARRIS

Model NumberBGW210-700

Okay no worries, that's quite similar to the DMZ, if needed there is a guide for how to set that up here: 

https://forums.att.com/conversations/att-internet-equipment/bridgemode-vs-ip-passthrough-setup-information/5defbfffbad5f2f606ad5ed2?source=ESSZ0SSPR00facsEM&wtExtndSource=20191122160807_AT&T Internet Features_Wireline_LITHIUM_2855910569=

but it should be a similar process with the same IP being used.

[Kwee]

8 hours ago, Netduma Fraser said:

Okay no worries, that's quite similar to the DMZ, if needed there is a guide for how to set that up here: 

https://forums.att.com/conversations/att-internet-equipment/bridgemode-vs-ip-passthrough-setup-information/5defbfffbad5f2f606ad5ed2?source=ESSZ0SSPR00facsEM&wtExtndSource=20191122160807_AT&T Internet Features_Wireline_LITHIUM_2855910569=

but it should be a similar process with the same IP being used.

Thanks

 

 

 

[Kwee]

should I keep the DHCP lease the same as the DHCP IP passthrough lease? I changed the passthrough DHCP to 99 days. The other one is set at 1 day 

 

This is just for a home network.

[Netduma Fraser]

You can't change the lease on the XR unfortunately but what you've done is good!

[Kwee]

3 hours ago, Netduma Fraser said:

You can't change the lease on the XR unfortunately but what you've done is good!

I was meaning the DHCP Lease on the modem has two options. One lease is under IP passthrough setting, Which I changed to 99 days instead of the default 10min

then under subnets & DHCP the DHCP lease is at 1 day. Should I change this to 99 days as well or leave it alone? 

[Netduma Fraser]

Ah I see, yes change that to 99 as well but if you've set a static IP for the XR it shouldn't matter

[Kwee]

is this type of packetloss normal?

 

[Newfie]

Do you mean on the hops?

looks ok to me, your round trip looks good. You can see 2 blips on the time line graph but everything else looks fine.

[Kwee]

38 minutes ago, Newfie said:

Do you mean on the hops?

looks ok to me, your round trip looks good. You can see 2 blips on the time line graph but everything else looks fine.

ya on the hops

[Newfie]

Just now, Kwee said:

ya on the hops

Thanks. It’s fine, that’s out of your control as it’s the peering and it’s not unusual to see that.

[Kwee]

I've been running pingplotter in the background pinging google.com when playing warzone. Will this show any issues when playing or should I be pinging the server I'm playing on?

How can I locate the CA server IP's from warzone if that's the case?

[Newfie]

1 minute ago, Kwee said:

I've been running pingplotter in the background pinging google.com when playing warzone. Will this show any issues when playing or should I be pinging the server I'm playing on?

How can I locate the CA server IP's from warzone if that's the case?

It’s really meant for looking at Networking issues. You don’t need to worry about this when playing as you have the routers software that does that for you. That’s the idea behind Duma.

Pingplotter is a good tool for seeing how congestion control works when you saturate your line. You can see if there is a latency issue or fine tune it. 
 

Try this, saturate your line the best you can or at least try a speed site or downloading a large file from say thinkbroadband and watch how it reacts.