High latency, "Open Sessions" through the roof

Hello,

I'm having issues with my latency and I think I know the cause.
Today while trying things to fix the problem, I stumbled upon this page in my router telling how many open sessions each connected device currently has.

On my network, there are 2 connected devices, both are pc's. One (mine) has a wired connection, while the other (roommate) has a wireless connection.
My amount of open sessions ranges from ~50 to ~100 (with peaks to ~300), while my roommate has ~500 to ~900 (with peaks to 999).

I read up on the internet, and came to the conclusion that this is not good. I also read that these issues are often spyware/virus related. There is only one problem in fully determining the cause: I don't have any access to my roommates' computer. If I'm sure of the cause, I can alert him about it, but otherwise there's nothing I can do about his end.

One last thing I read about it was that the router may also be doing something wrong with the sessions, but I don't quite understand what that was. Something about 'keeping' old sessions or something, maybe someone else knows more about this.

Any help would be massively appreciated,

Marty

P.S. I ran "CurrPorts" on my computer when about 70 sessions were running, and it came up with a list of around 15 'unkown' processes, 40 'system' processes and 15 'chrome' processes.

The unknown processes are sockets which have been closed and awaiting to be cleared - - not to worry, BUT
which CurrPorts column heading are you seeing this in?

btw: Your OS and the version of CurrPorts?

'open sessions' is used several places in our PCs.
Here's the most important usage:
Admin Tools-> Computer Management->Shared Folders
there you will see Shares, Sessions and Open Files

• Clicking Sessions shows remote access to the Shares on your system and
• clicking Open Files shows which files are actively being accessed

For Networks, a session is just a connection between to end points, some will even be connections between processes running on your pc (eg: anti-virus programs will use this to create a proxy to allow scanning incoming email and/or weblinks).

How did you count 'Open Sessions'?

Guess you need to also report the make/model of your router

- Windows 7
- Latest, downloaded like 10 minutes before my message here
- I counted them by looking in my routers page, it lists open sessions per device. Mine had about 70 at that moment, and the other computer had about 400.
- ZyXEL P-2812HNU-F1, it's a router + modem combined.

The pages in admin tools under 'Shared folders' all list nothing. Which makes sense because I haven't shared anything on this computer.

I think that about answers your questions

Forget counting inside the router (even if it shows all connections for both PCs).

a} your windows firewall stops all bogus inbound access so every session is from a process YOU started via
a startup program (like Google.Update), an email reader asking for new email, or a browser request.

b} a single program (like a browser) can create multiple connections.
{likely your roommate is running a Torrent connection or streaming like crazy}

c} worst case for your PC would be a virus phoning home with data captured from you. With the correct firewall configuration, you can for your email program (say Outlook) to be the only allowed program to use port 25 and thus block virus sending.

d} CurrPorts (run as admin) sees every connection and version 2.* shows the program with the connection.
You can also CLOSE any connection you suspect or even KILL the process with a given connection.
If you click on the column heading Remote Address twice, real connection will show up at the top of the window.
As I type this, I only have FireFox, Thunderbird and AvastSvc programs with remote connections

Btw: Network Latency is measure using PING of the target domain.name or IP address.
Ping is a one time attempt performed three times- try this first.

To get a good picture of the path to a resource, use PATHPING (name or ip) and it will take ~200 seconds or more - - WAIT for it. You will see the delay at each node, loss at each node and even the losses between notes.
As an example, here's my results to Techspot.com:

Code:

Tracing route to techspot.com [50.22.252.218]
over a maximum of 30 hops:
  0  jeffPC7 [192.168.0.5]
  1  localRouter [192.168.0.1]
  2  gateway-system [xx.yy.zz.zzz]
  3  tge7-7.wlvgcabn-cer02.socal.rr.com [76.166.19.217]
  4  tge0-8-0-10.vnnycajz-ccr01.socal.rr.com [72.129.13.100]
  5  72.129.13.0
  6  ae-6-0.cr0.lax00.tbone.rr.com [66.109.6.212]
  7  ae-0-0.pr0.lax00.tbone.rr.com [66.109.6.135]
.
16  techspot04.techspot.com [50.22.252.218]
 
Computing statistics for 400 seconds...
 
            Source to Here  This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                          jeffPC7 [192.168.0.5]
                                0/ 100 =  0%  |
  1    0ms    0/ 100 =  0%    0/ 100 =  0%  localRouter [192.168.0.1]
                                0/ 100 =  0%  |
  2    9ms    0/ 100 =  0%    0/ 100 =  0% gateway-system [xx.yy.zz.zzz]
                                0/ 100 =  0%  |
  3    9ms    0/ 100 =  0%    0/ 100 =  0%  tge7-7.wlvgcabn-cer02.socal.rr.com [76.166.19.217]
                                0/ 100 =  0%  |
  4  18ms    0/ 100 =  0%    0/ 100 =  0%  tge0-8-0-10.vnnycajz-ccr01.socal.rr.com [72.129.13.100]
                                0/ 100 =  0%  |
  5  19ms    0/ 100 =  0%    0/ 100 =  0%  72.129.13.0
                                0/ 100 =  0%  |
  6  19ms    0/ 100 =  0%    0/ 100 =  0%  ae-6-0.cr0.lax00.tbone.rr.com [66.109.6.212]
                                0/ 100 =  0%  |
  7  16ms    0/ 100 =  0%    0/ 100 =  0%  ae-0-0.pr0.lax00.tbone.rr.com [66.109.6.135]
                                0/ 100 =  0%  |
                                0/ 100 =  0%  |
                                0/ 100 =  0%  |
16  80ms    0/ 100 =  0%    0/ 100 =  0%  techspot04.techspot.com [50.22.252.218]
 
Trace complete.
 
 

Wow, the run as admin did the trick for CurrPorts, it now lists over 500 ports. I've attached a copy of the log as a private message, you'll probably understand it way better than I would.

Also, do you mean you have only 3 open ports? Or a few open ports for each process? When I look at the log, I see a heck of a lot of open ports for "Pando Media Booste" which is a process related to the League of Legends client. Currently I'm having high latency issues in that game, so maybe it's related?

Three Programs with multiple sessions. Here they are

Code:

 
Procees Name    pid  protocol lclPort        local addr      remPort        remoteAddr      hostname      state          product
AvastSvc.exe    1860    TCP    12080        127.0.0.1:12080    43177        127.0.0.1:43177    JeffPC7:43177    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        Reserved 
AvastSvc.exe    1860    TCP    12080        127.0.0.1:12080    43175        127.0.0.1:43175    JeffPC7:43175    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        Reserved 
AvastSvc.exe    1860    TCP    12080        127.0.0.1:12080    42786        127.0.0.1:42786    JeffPC7:42786    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        Reserved 
firefox.exe    7232    TCP    41985        127.0.0.1:41985    41986        127.0.0.1:41986    JeffPC7:41986    Established    Firefox        11/6/2012 2:55:06 PM        Reserved 
firefox.exe    7232    TCP    41986        127.0.0.1:41986    41985        127.0.0.1:41985    JeffPC7:41985    Established    Firefox        11/6/2012 2:55:06 PM        Reserved 
thunderbird.exe    8028    TCP    36240        127.0.0.1:36240    36241        127.0.0.1:36241    JeffPC7:36241    Established    Thunderbird        11/6/2012 2:55:06 PM        Reserved 
thunderbird.exe    8028    TCP    36241        127.0.0.1:36241    36240        127.0.0.1:36240    JeffPC7:36240    Established    Thunderbird        11/6/2012 2:55:06 PM        Reserved 
firefox.exe    7232    TCP    42786        127.0.0.1:42786    12080        127.0.0.1:12080    JeffPC7:12080    Established    Firefox        11/6/2012 2:55:06 PM        Reserved 
firefox.exe    7232    TCP    43175        127.0.0.1:43175    12080        127.0.0.1:12080    JeffPC7:12080    Established    Firefox        11/6/2012 2:55:06 PM        Reserved 
firefox.exe    7232    TCP    43177        127.0.0.1:43177    12080        127.0.0.1:12080    JeffPC7:12080    Established    Firefox        11/6/2012 2:55:06 PM        Reserved 
AvastSvc.exe    1860    TCP    42069        192.168.0.5:42069 80    http    77.234.44.51:80    r-051-044-234-077.avast.com:80    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        Czech Republic 
AvastSvc.exe    1860    TCP    43176        192.168.0.5:43176 80    http    74.125.239.0:80    lax04s09-in-f0.1e100.net:80    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        United States 
AvastSvc.exe    1860    TCP    43178        192.168.0.5:43178 80    http    74.125.239.0:80    lax04s09-in-f0.1e100.net:80    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        United States 
AvastSvc.exe    1860    TCP    42792        192.168.0.5:42792 80    http    aa.bb.cc.dd:80 techspot04.techspot.com:80    Established    avast! Antivirus    avast! Antivirus    11/6/2012 2:55:06 PM        United States 

Notice Avast has the REAL remote connections (last 4 lines)

btw: CurrPorts reports 84 total ports, 3 remote connections

Hmm: I see tons of Pando Media Booster connections and from the description, I would expect LOTS of connections and your network to be highly utilized.

I don't really understand what I should make of that. Is there a solution/fix/anything in there?

STOP playing the game and/or uninstall Pando Media Booster.

If that's not acceptable, there's nothing to do and this behavior is your NEW NORMAL.

It's odd though, because these issues started randomly when I started my computer one day. Everything used to work just fine.

Also, seeing how I've been playing the game for 2+ years straight, I'll stop playing when hell freezes over

I completely understand. Try to correlate the first time you experienced the lag to the possible move-in date of your roommate. If he/she is active while you're playing, there's got to be some impact and this is easily it.

I did that, but I figured out that's not the issue. Whenever I ping google.com with the command prompt, I get a steady response of about 30ms. Thing is, the game itself indicates ~200ms ping, while cmd simultaneously says 30ms. So I think some setting in my modem/router is blocking something which causes the higher-than-normal latency. I just can't figure out what that setting is.

Edit: Could it be that a ridiculously slow upload speed is causing lag issues? Like I'm unable to send sufficient packages back to the host server or something? Because Several different tests indicate me having a ~0.40Mbit/sec upload speed, which is about 50KB/s I guess.

that's a good number and shows the network is just fine.

IMO, that is indicative of the game server being overloaded (ie too many concurrent players).

[quote="Marty9231, post: 1249678, member: 183658"Several different tests indicate me having a ~0.40Mbit/sec upload speed, which is about 50KB/s I guess.[/quote]I'm on a high speed Cable with 27.72Mbps down and only 0.98Mbps up,
so your not that bad on the upload.

I'm quite sure the League of Legends servers can handle all the players they get. Also, everyone else seems to be able to play just fine. I didn't even find this on their forums. It's something to do with me, my modem/router settings, and/or my ISP.

I think it's not the ISP because I've been able to play perfectly fine before (with the same ISP). I have not reset the modem to factory settings yet, but I'm unsure if it will help because I went through every single setting on the router page several times now, and couldn't find anything out of place.

Hope you find the answer you want . . .

Yeah =/ thanks... I'm also communicating with the Game Developers, but they're not exactly fast responders...