RT-N66U and Windows not playing well together recently

soho1 · 01 Aug 2014

I recently upgraded my ASUS RT-N66U router firmware and since then have had a number of problems. I cannot say that the firmware is the culprit for sure, as a number of software programs have come and gone, but I am left with periodic failures where nobody on the LAN can access the internet. Rebooting the router (daily now, sometimes multiple times per day) seems the only workaround.

MalwareBytes and MSE both assure me there is no malware on any of the LAN computers.

I am not a big network guy, so please try to work with me here.
What procedures or utilities can I run to test and diagnose my situation?

I see a lot of router log entries like these (my IP intentionally redacted here):
The MAC looks absurd to me.

Jul 31 20:23:59 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:3c <1>SRC=69.112.15.44 DST=(redacted)<1>LEN=60 TOS=0x00 PREC=0x20 TTL=53 ID=38377 DF PROTO=TCP <1>SPT=2390 DPT=23 SEQ=3486532413 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0155D6D40000000001030305)
Jul 31 20:24:01 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:62 <1>SRC=74.125.70.189 DST=(redacted)<<1>LEN=98 TOS=0x00 PREC=0x20 TTL=43 ID=24820 PROTO=TCP <1>SPT=443 DPT=52254 SEQ=3658324567 ACK=2329232711 WINDOW=670 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:06 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:7c <1>SRC=74.125.225.97 DST=(redacted)<<1>LEN=124 TOS=0x00 PREC=0x20 TTL=56 ID=13604 PROTO=TCP <1>SPT=443 DPT=52286 SEQ=469847203 ACK=502500745 WINDOW=965 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:10 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:47 <1>SRC=31.13.74.128 DST=(redacted)<<1>LEN=71 TOS=0x00 PREC=0x20 TTL=88 ID=39970 DF PROTO=TCP <1>SPT=443 DPT=63565 SEQ=3844553389 ACK=450501661 WINDOW=15544 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:11 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:62 <1>SRC=74.125.70.189 DST=(redacted)<<1>LEN=98 TOS=0x00 PREC=0x20 TTL=43 ID=24821 PROTO=TCP <1>SPT=443 DPT=52254 SEQ=3658324567 ACK=2329232711 WINDOW=670 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:16 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:7c <1>SRC=74.125.225.97 DST=(redacted)<<1>LEN=124 TOS=0x00 PREC=0x20 TTL=56 ID=13605 PROTO=TCP <1>SPT=443 DPT=52286 SEQ=469847203 ACK=502500745 WINDOW=965 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:21 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:62 <1>SRC=74.125.70.189 DST=(redacted)<<1>LEN=98 TOS=0x00 PREC=0x20 TTL=43 ID=24822 PROTO=TCP <1>SPT=443 DPT=52254 SEQ=3658324567 ACK=2329232711 WINDOW=670 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:31 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:46 <1>SRC=74.125.192.125 DST=(redacted)<<1>LEN=70 TOS=0x00 PREC=0x20 TTL=47 ID=39860 PROTO=TCP <1>SPT=5222 DPT=63198 SEQ=3614349253 ACK=3483476994 WINDOW=42746 RES=0x00 ACK PSH URGP=0
Jul 31 20:24:31 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:46 <1>SRC=74.125.192.125 DST=(redacted)<<1>LEN=70 TOS=0x00 PREC=0x20 TTL=47 ID=39861 PROTO=TCP <1>SPT=5222 DPT=63198 SEQ=3614349253 ACK=3483476994 WINDOW=42746 RES=0x00 ACK PSH URGP=0

Also, the router seems to loose the time sometimes and I see entries like this:

Dec 31 18:10:45 rc_service: wanduck 414:notify_rc restart_wan_if 1
Dec 31 18:10:45 rc_service: waitting "restart_nasapps" via ...
Dec 31 18:10:50 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:4f <1>SRC=74.125.201.188 DST=(redacted) <1>LEN=79 TOS=0x00 PREC=0x20 TTL=45 ID=50085 PROTO=TCP <1>SPT=5228 DPT=42092 SEQ=1350845155 ACK=1096759407 WINDOW=670 RES=0x00 ACK PSH URGP=0 OPT (0101080A1FDB8EF101221EC6)
Dec 31 18:10:55 rc_service: skip the event: restart_wan_if 1.
Dec 31 18:10:56 rc_service: wanduck 414:notify_rc restart_wan_line 0
Dec 31 18:10:56 rc_service: waitting "restart_nasapps" via ...
Dec 31 18:11:00 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:4f <1>SRC=74.125.201.188 DST=(redacted)<1>LEN=79 TOS=0x00 PREC=0x20 TTL=45 ID=50086 PROTO=TCP <1>SPT=5228 DPT=42092 SEQ=1350845155 ACK=1096759407 WINDOW=670 RES=0x00 ACK PSH URGP=0 OPT (0101080A1FDBB60101221EC6)
Dec 31 18:11:07 rc_service: skip the event: restart_wan_line 0.
Dec 31 18:11:10 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:4f <1>SRC=74.125.201.188 DST=(redacted) <1>LEN=79 TOS=0x00 PREC=0x20 TTL=45 ID=50087 PROTO=TCP <1>SPT=5228 DPT=42092 SEQ=1350845155 ACK=1096759407 WINDOW=670 RES=0x00 ACK PSH URGP=0 OPT (0101080A1FDBDD1101221EC6)
Dec 31 18:11:20 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:4f <1>SRC=74.125.201.188 DST=(redacted)<1>LEN=79 TOS=0x00 PREC=0x20 TTL=45 ID=50088 PROTO=TCP <1>SPT=5228 DPT=42092 SEQ=1350845155 ACK=1096759407 WINDOW=670 RES=0x00 ACK PSH URGP=0 OPT (0101080A1FDC042101221EC6)
Dec 31 18:11:37 kernel: DROP <4>DROP IN=vlan2 OUT= MAC=88:ae:1d:4d:e0:14:00:01:5c:24:29:81:08:00:45:20:00:30 <1>SRC=212.103.189.125 DST=(redacted)<1>LEN=48 TOS=0x00 PREC=0x20 TTL=110 ID=17042 PROTO=TCP <1>SPT=20616 DPT=22 SEQ=2569923595 ACK=1914729564 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Dec 31 18:12:45 Samba Server: daemon is started
Dec 31 18:12:46 mt-daapd[872]: Starting signal handler
Dec 31 18:12:46 mt-daapd[872]: Loading playlists
Dec 31 18:12:46 mt-daapd[872]: Initializing database
Dec 31 18:12:46 mt-daapd[872]: Starting mp3 scan
Dec 31 18:12:46 iTunes Server: daemon is started
Dec 31 18:13:07 rc_service: wanduck 414:notify_rc restart_wan_if 0
Dec 31 18:13:07 stop_wan(): perform DHCP release
Dec 31 18:13:07 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:13:07 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:13:07 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:13:07 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:13:07 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:13:07 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:13:09 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:13:09 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:13:09 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:13:09 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:13:09 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:13:09 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:13:10 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:13:10 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:13:10 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:13:10 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:13:10 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:13:10 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:13:10 dhcp client: bound (redacted) via (also redacted) during 226236 seconds.
Dec 31 18:13:11 rc_service: wanduck 414:notify_rc restart_wan_if 1
Dec 31 18:13:11 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:13:11 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:13:11 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:13:11 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:13:11 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:13:11 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:13:11 kernel: vlan2: dev_set_allmulti(master, -1)
Dec 31 18:13:11 stop_wan(): perform DHCP release
Dec 31 18:13:12 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:13:12 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:13:12 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:13:12 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:13:12 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:13:12 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:13:15 mt-daapd[872]: Short file: /tmp/mnt/sda1/64GB_SD_CARD_Snapshot_2012-07-18/Notes/2012-06-26_1221.55_Untitled.mp3
Dec 31 18:14:07 rc_service: wanduck 414:notify_rc restart_wan_if 1
Dec 31 18:14:07 stop_wan(): perform DHCP release
Dec 31 18:14:09 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:14:09 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:14:09 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:14:09 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:14:09 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:14:09 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:14:11 rc_service: wanduck 414:notify_rc restart_wan_line 0
Dec 31 18:14:11 dnsmasq[425]: read /etc/hosts - 6 addresses
Dec 31 18:14:11 dnsmasq-dhcp[425]: read /etc/ethers - 20 addresses
Dec 31 18:14:11 dnsmasq[425]: using nameserver 2001:558:feed::2#53
Dec 31 18:14:11 dnsmasq[425]: using nameserver 2001:558:feed::1#53
Dec 31 18:14:11 dnsmasq[425]: using nameserver 208.67.222.222#53
Dec 31 18:14:11 dnsmasq[425]: using nameserver 75.75.75.75#53
Dec 31 18:14:12 start_nat_rules: apply the nat_rules(/tmp/nat_rules_vlan2_vlan2)!
Dec 31 18:14:12 pptpd[964]: MGR: Config file not found!
Dec 31 18:14:12 pptpd[964]: MGR: Maximum of 100 connections reduced to 10, not enough IP addresses given
Dec 31 18:14:12 pptpd[964]: accel-pptpd-0.8.5 compiled for pppd-2.4.5, linux-2.6.22.19
Dec 31 18:14:12 pptpd[966]: MGR: Manager process started
Dec 31 18:14:12 pptpd[966]: MGR: Maximum of 10 connections available
Dec 31 18:14:12 bcrelay[967]: Running as child
Dec 31 18:14:12 kernel: vlan2: dev_set_allmulti(master, 1)
Dec 31 18:14:12 miniupnpd[492]: received signal 15, good-bye
Dec 31 18:14:12 syslog: SNet version started
Dec 31 18:14:12 miniupnpd[989]: HTTP listening on port 34660
Dec 31 18:14:12 miniupnpd[989]: Listening for NAT-PMP traffic on port 5351
Dec 31 18:14:12 ddns update: ez-ipupdate: starting...
Dec 31 18:14:12 ddns update: connected to ns1.asuscomm.com (103.10.4.108) on port 80.
Dec 31 18:14:14 ddns update: Asus update entry:: return: HTTP/1.1 200 OK^M Date: Sat, 02 Aug 2014 00:41:06 GMT^M Server: Apache/2.4.9 (Unix) PHP/5.5.14 OpenSSL/1.0.1h^M X-Powered-By: PHP/5.5.14^M Content-Length: 0^M Connection: close^M Content-Type: text/html^M ^M
Dec 31 18:14:14 ddns update: retval= 0, ddns_return_code (,200)
Dec 31 18:14:14 ddns update: asusddns_update: 0
Dec 31 18:14:14 ddns: ddns update ok
Dec 31 18:14:15 rdnssd[960]: Get IPv6 address from DHCPv6 & DNS from DHCPv6
Dec 31 18:14:15 rc_service: rc 995:notify_rc start_dhcp6c
Dec 31 18:14:15 rc_service: waitting "restart_wan_line 0" via wanduck ...

Total · 01 Aug 2014

What is your routers firmware ? I had to update the firmware manually on my Rt-65U , A earlier firmware update stopped the router from connecting the update site . My firmware is 3.0.0.4.374_4561-g5f5c8d8

Here is a link to the downloads . You could always downgrade the firmware to a earlier version ..

soho1 · 01 Aug 2014

I was under the impression that I could not downgrade, as the router was issuing a complaint message (did not capture it) about trying to load a file less than the most current BIOS. However, on a call with Tech Support I did successfully downgrade the BIOS to a previous version and will watch over the next 24-48 hours for the usual "hang" (or not, hopefully.)

The upgrade was previously at: 3.0.0.4.376.1071
The downgrade is now at: 3.0.0.4.374.5517

I have some related questions for the Windows driver configuration side of things, but I will post them separately. Thanks.

See you Sunday with a Solved or To Be Continued...

Total · 01 Aug 2014

soho1 said:

I was under the impression that I could not downgrade, as the router was issuing a complaint message (did not capture it) about trying to load a file less than the most current BIOS. However, I did successfully downgrade the BIOS to a previous version and will watch over the next 24-48 hours for the usual "hang" (or not, hopefully.)

I have some related questions for the Windows driver configuration, but I will post them separately. Thanks.

See you Sunday with a Solved or To Be Continued...

I see that you are using opendns for your dns could check to see if they are having any issues . I hope that downgrading fixes your problem ..

soho1 · 01 Aug 2014

For your amusement, here are some interesting clips from the router log:

Dec 31 18:00:08 kernel: Physically mapped flash: CFI does not contain boot bank location. Assuming top.
Dec 31 18:00:08 kernel: number of CFI chips: 1
Dec 31 18:00:08 kernel: cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.

and...

Dec 31 18:00:08 kernel: Freeing unused kernel memory: 196k freed
Dec 31 18:00:08 kernel: Warning: unable to open an initial console.
Dec 31 18:00:08 kernel: et: module license 'Proprietary' taints kernel.

and...

Dec 31 18:00:08 kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
Dec 31 18:00:08 kernel: All bugs added by David S. Miller <davem@redhat.com>

I feel so confident in ASUS when reading this stuff.

soho1 · 03 Aug 2014

COMCAST, in rare honesty, just admitted to problems on their network corresponding to each of my problem dates and times from the 28th of June to the 3rd of August.

I will just leave it at that.

Total · 03 Aug 2014

soho1 said:

COMCAST, in rare honesty, just admitted to problems on their network corresponding to each of my problem dates and times from the 28th of June to the 3rd of August.

I will just leave it at that.

Sometimes I believe this is what happens , The ISP has a problem for a split second , your router has a IP address , the ISP changes the IP . Guess what ,the router has the wrong IP .

Great that you got it figured out ..