I did not attempt a factory reset, I did want to update my router to Merlin after I spotted a compatible firmware upgrade for my router model, but I was a bit scared to do it in case I brick my router by some chance.
But I also downloaded the original Asus firmware for my router for when I do go forward with the custom firmware upgrade and need to revert.
So I took your original command and instead of setting it to “1024” connections, I just said screw it and set the nf_conntrack_expect_max to “10240” and the nf_conntrack_max to “20480”. Which stopped the nf_conntrack: expectation table full messages, but I was still getting ping spikes.
At this point, I pulled in Grok AI to assist.
It gave me a command to list all of the connections on the router. I took the thousands of connections and saved it to a text file and then uploaded that text file to Grok.
Here was the result from Grok:
(1,178 TCP + 158 UDP + 1 ICMP)Breakdown by Internal Device (192.168.50.x)
|
Internal IP
|
Device Description
|
TCP Connections
|
UDP Connections
|
ICMP
|
Total
|
|---|---|---|---|---|---|
|
192.168.50.30
|
(Main user device?)
|
28
|
0
|
1
|
29
|
|
192.168.50.49
|
Highly suspicious
|
1,134
|
158
|
0
|
1,292
|
|
192.168.50.82
|
Normal device
|
7
|
0
|
0
|
7
|
|
192.168.50.8
|
(Possibly Apple device)
|
1
|
0
|
0
|
1
|
|
192.168.50.143
|
(Google/XMPP related)
|
2
|
0
|
0
|
2
|
|
192.168.50.164
|
(Apple iCloud)
|
1
|
0
|
0
|
1
|
|
192.168.50.182
|
Unknown
|
1
|
0
|
0
|
1
|
|
Total
|
1,178
|
158
|
1
|
1,337
|
As you can see on “192.168.50.49″ it has over a thousand connections. 192.168.50.49 is my Android TV box. My first assumption was that the Android TV box has malware on it that is trying to phone home over and over again, overwhelming the router, therefore causing the ping spikes. But the Odd thing was, even if I turned off the Android TV box or rebooted it, the ping spikes did not stop, and the connections on my router did not get cleared or removed. The Android TV box is purely used for only YouTube and Netflix, no strange or unknown apps were installed on it.
Grok AI thought it was malware as well, so it then gave me a SSH command to count all of the connections just for 192.168.50.49 every 5 seconds, expecting the number of connections to keep growing, but it did not; it just kept steady.
So the AI gave me this command “conntrack -D --orig-src 192.168.50.49" to drop all the connections from 192.168.50.49, I ran that and cleared the router’s Ram Cache “sync && echo 3 > /proc/sys/vm/drop_caches“(Which dropped the Ram from 60mb free to 150mb free)
After a reboot, my ping spikes went back to normal.
I’ve been monitoring the connections on my router for a couple of days now and it has not crossed over 700 total connections. So I am unsure as to what the fix was, and at this moment, it does not look like the problem will come back since the TV box’s number of connections remains extremely minimal and steady, not as crazy as it was a few days ago.
Part of me still wants to update the router to Merlin, and maybe I will go forward with that in December when I am on leave from work… or maybe just get a new router but don’t know what to get since I don’t really follow what is the new and greatest router models out there.
Just want to thank you for making this post @UK Sentinel, I don’t think I would’ve ever fixed this issue if it wasn’t for you.
-
This reply was modified 7 months ago by
.
-
This reply was modified 7 months ago by .
-
This reply was modified 7 months ago by .
-
This reply was modified 7 months ago by .
You need to login in order to vote