User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Excessive data use on my internet plan and troubleshooting question

Like many others, I've been struggling to figure out why my data consumption has jumped drastically from December to January.


I've done the following so far and have found an IP Address that seems to be consuming a lot of data.

  • Changed my Wifi passwords
  • Identified all IP addresses using my router
  • Turned off all IP addresses to see if data consumption reduced remarkably - it did indeed drop the day to day usage immediately (observed over night)
  • Turned some IP addresses back on and correlated increase in data consumption as devices were turned back on (observed over the period of several days)
  • Lodged a request to my ISP - multiple phone calls and Chat Agent interactions so far, assuring me they're investigating and will call me back but nobody has yet; confirmed in writing to me that I will not suffer a charge associated with any overage while under investigation
  • Consulted the Apple Community to see what resolved others' concerns - haven't seen anything yet that definitively resolved the issue but got ideas
  • Investigated MoCA - still on my list of possible things to try (not itching to spend any money to fix an issue I don't know root cause yet)
  • Investigated IP traffic monitoring apps and ended up downloading Wireshark - learned Wireshark over the past couple days
  • Created pcap files and used Statistics feature of Wireshark to look at all IP addresses on my network to see if any stood out as having a large amount of chatter on them
  • Used filter to watch any conversation on the network which had a specific IP address of interest and traced that conversation to my main iMac device which I'm using currently with Wireshark
  • Noticed an IP address that had the absolute highest amount of total packets of 114,690 over 4.5 minutes
  • Total data from A->B was 115 MB over 4.5 minutes (the external IP address to my computer)
  • The IP address in question is 17.248.190.140 which I used an IP WHOIS lookup web site and tracked it down to an Apple owned IP but I don't know what it does and that's where my trail ended
  • All other devices are quiet with one exception. I saw a very small amount of communication within my own network from an AppleTV device to my main computer
  • I grabbed a 2nd pcap to confirm I'm still seeing the same level of traffic coming from 17.248.190.140 and it is indeed, still happening.


I know it's not definitive but I think I could be onto something. It seems interesting to me that 115MB of data was sent to my machine in a 4.5 minute data log while I was using Wireshark trying to figure out what's happening.


Worth noting is that on 1/4/24, I turned in all my Comcast equipment for the TVs in our home and had Comcast TV turned OFF. I also added YouTube TV on 1/5/24 but we haven't spent much time on that app through any of our TVs. I went so far as to log into YouTube TV on each device, then exit the apps (but not log out) like we do all streaming apps on AppleTV devices and iPhones or iPads.


Also worth noting is that I've increased our data speed from 800 GB/s to 1000 GB/s also on 1/5/24. Data cap is 1.2TB for each month (1/1/24 through 1/31/24 I believe - Comcast measures upload/download data for any given month which is asynchronous with their billing cycle).


Does anyonoe have any ideas where I go from here and if I'm on the right trail with what I've done so far? Comcast has been completely useless, not to mention terribly frustrating. I don't know what that IP address is that I mentioned above but it's something to do with Apple. It seems to be a high amount of data being used in the background and if this is something always happening on my computer, surely that would add up fast. For example, 60 minutes in 1 hr so 60/4.5 =13.3333 pcap measurement intervals in an hour. 115 MB X 13.33333 = 1.533 GB/hr of data consumption. Multiply that by 24 hours in a full day and I get 36.8GB. My average daily consumption this month is around 50 GB/day with only a few hours of Netflix in the evenings. Prior consumption per day was about 1/2 to 1/3 what it has been this month.


Could it be this one IP address causing me all this grief and coming from an Apple IP address?


This issue began as far as I can tell, as soon as January started but BEFORE I turned in equipment to Comcast as far as I can recall but I didn't take any screenshots of data utilization before I turned in equipment.


I'm running an antivirus program, always, and periodically use VPN which comes with the SaaS subscription I signed up for a few years ago which I'm very happy with.


I'm desperate for help!



2nd pcap, Statistics, Communication... Longer period of time for this capture but it looks like 124MB in this case and 115MB in the above case. Something's happening and I don't know what it is or how to stop it. HELP! TIA!




UPDATE: Looks like that IP Address is an Apple Data Center.


iMac (2017 – 2020)

Posted on Jan 21, 2024 1:24 PM

Reply
Question marked as Top-ranking reply
User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Posted on Jan 23, 2024 2:43 PM

Wow, that was super cool! Here's the high level insight from downloading and running EtreCheckPro.


Major Issues:


    Anything that appears on this list needs immediate attention.


    Automatic updates disabled

- Automatic updates are disabled. This computer is at risk of malware infection.


    Security updates disabled

- Security updates are disabled. This computer is at risk of malware infection.


    Heavy CPU usage - Some processes are using an unusually high amount of CPU.


    Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.


 


Minor Issues:


    These issues do not need immediate attention but they may indicate future problems or opportunities for

improvement.


    System extensions installed

- This computer has system extensions installed. System extensions can be difficult to uninstall.


    Heavy RAM usage - Apps are using a large amount of RAM.


    Apps with heavy CPU usage

- There have been numerous cases of apps with heavy CPU usage.


    Unsigned files - There are unsigned software files installed. These files could be old, incompatible, and cause problems. They should be reviewed.


    System modifications - There are a large number of system modifications running in the background.


    Runaway user process - A user process is using a large percentage of your CPU.


    Limited permissions - More information may be available with Full Disk Access.


    Sharing enabled - This computer has sharing services enabled that could be a security risk.


Hardware Information:


    iMac (Retina 5K, 27-inch, 2020)


        Status: Supported


    iMac Model: iMac20,2


    3.6 GHz 10-Core Intel Core i9 (i9-10910) CPU: 10-core

128 GB RAM - At maximum


Video Information:


    AMD Radeon Pro 5700 XT - VRAM: 16GB

iMac (built-in) 5120 x 2880


 (I'm omitting Drives section where my disk and partitions are explained in detail and my Security details. If this is useful information, please let me know which part is useful. I'm trying to be conservative about what info is made available for the world to see.)


System Launch Daemons:


    [Not Loaded] 39 Apple tasks

    [Loaded] 186 Apple tasks

    [Running] 170 Apple tasks

    [Other] 4 Apple tasks

 


System Launch Agents:

    [Not Loaded] 20 Apple tasks

    [Loaded] 212 Apple tasks

    [Running] 189 Apple tasks


(I'm omitting Launch Daemons, Launch Agents, User Launch Agents, User Login Items which we can go back to if needed.)


Applications:


    637 apps

    73 x86-only apps

    5 unsigned apps


Performance:


    System Load: 5.54 (1 min ago)

5.95 (5 min ago) 5.34 (15 min ago)


    Nominal I/O usage: 4.76 MB/s

    File system: 24.34 seconds

    Write speed: 2698 MB/s

    Read speed: 2542 MB/s


CPU Usage Snapshot:


    Type Overall


    System: 3 %

    User: 12 %

    Idle: 84 %


Top Processes Snapshot by CPU:


    Process (count) CPU (Source - Location)

    remindd 110.02 % (Apple)

    suggestd 49.08 % (Apple)

    coreduetd 31.02 % (Apple)

    WindowServer 15.72 % (Apple)

    EtreCheckPro 15.26 % (Etresoft, Inc.)


Top Processes Snapshot by Memory:


    Process (count) RAM usage (Source - Location)


    BDLDaemon 2.89 GB (Bitdefender SRL)

    EtreCheckPro 1.22 GB (Etresoft, Inc.

    MTLCompilerService (5) 895 MB (Apple)

    plugin-container (9) 574 MB (Mozilla Corporation)

    mds_stores 525 MB (Apple)


Top Processes Snapshot by Network Use:


    Process Input / Output (Source - Location)

    corespeechd 3 KB / 15 MB (Apple)

    exchangesyncd 343 KB / 565 KB (Apple)

    apsd 125 KB / 525 KB (Apple)

    mDNSResponder 117 KB / 100 KB (Apple)

    firefox 107 KB / 104 KB (Mozilla Corporation)


Top Processes Snapshot by Energy Use:


    Process (count) Energy(0-100) (Source - Location)

    remindd 45 (Apple)

    suggestd 21 (Apple)

    coreduetd 17 (Apple)

    corespotlightd 4 (Apple)

    biomed 4 (Apple)


Virtual Memory Information:


    Physical RAM: 128 GB

    Free RAM: 99.93 GB

    Used RAM: 16.25 GB

    Cached files: 11.81 GB

    Available RAM: 111.75 GB

    Swap Used: 0 B


Please let me know if any of what I've shared gives any clues. There's more info in the report than what I've included above but I'm really nervous about publishing in a general forum like this for all to see. I saved a copy onto my computer in a Word doc so I have the full report handy to go back to.


Thank you very much for your help! I'm reaching the end of my troubleshooting skills for problems like this at this point but I certainly don't mind putting in the time to learn and figure out what's happening.

View in context

Similar questions

23 replies
User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Jan 22, 2024 5:22 PM in response to steve626

Hello steve626 and thanks for your message.


I'm on the 1000 Mbps plan (up to 1000 Mbps download speed). Sorry about the confusion. I wasn't thinking straight when I was typing after staring at figures all day pulling my hair out trying to learn Wireshark, analyze data, etc. All this is new to me as I haven't had to fiddle with anything since I set the system up and it's been many months.


I'll do what you've suggested and unplug everything tomorrow and methodically troubleshoot from there. I've been hoping that my slightly more random approach could give me something obvious but it hasn't so it's time to get more procedural about it. Will report back what I find.


To answer your last question, I'm not sure but I'll have a look tomorrow. I hadn't gotten that far yet in learning all the router capabilities. I was able to log in and see all the settings but didn't notice any diagnostics capability. It's one of the more capable routers which is more than this household needs so it probably has something I just haven't learned how to use yet.


More to come. Thank you for your help!

Reply
User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Jan 24, 2024 7:52 AM in response to Old Toad

etrecheck new run this morning

Hi Old Toad,


Here's a fresh report from this morning. I had an issue where my mouse wasn't being responded to and I had to do a hard reboot. As a result, it seems there's some sort of kernel panic that happened which this report shows but yesterday's did not. I've not been having any issues with this computer and I hope it's not a sign that something is starting to happen.


In any case, full report is attached. I'm very gracious for your help! I did not edit any of it but I took a close look to see if there was any identification info in this report and I didn't see any. My concern yesterday was unwarranted. I apologize for the delay. I know you're only trying to help. THANKS!!

Reply
User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Jan 24, 2024 4:09 PM in response to Old Toad

Thanks Old Toad, I'll consider your advice on removal of bitdefender. Do you think that's what's causing issues on my computer? I'm running it on all my Apple devices and none of the others are having any issues. It's just the one computer where I seem to see a high amount of CPU usage (125% for one process) and a high amount of data streaming for one process as well (different name than the other process with high CPU usage).


From the report, aside from removing bitdefender, what else should I be looking for? TIA!

Reply
User profile for user: Nyobie
Nyobie Author
User level: Level 1
25 points

Jan 24, 2024 6:59 PM in response to Old Toad

I've uninstalled bitdefender's suite using their uninstall tool. Nothing changed. I still see CPU > 100% and my fan kicked on. I uninstalled 4 other apps that I don't need. At first, CPU % dropped but after a couple minutes, it popped right back up again but random process names I hadn't noticed before were highest utilization. I powered off the computer for the night. Will turn it back on tomorrow and rerun the debug app and post another report. Have a good night!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Excessive data use on my internet plan and troubleshooting question

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up