search

jontio / JAERO

Demodulate and decode Aero signals. These signals contain SatCom ACARS messages as used by planes beyond VHF ACARS range
https://jontio.zapto.org/hda1/jaero.html
MIT License
219 stars 39 forks source link

Network latency every 10 seconds #36

Open rodavrow opened 5 years ago

rodavrow commented 5 years ago

After setting up Spy Server, I realised that there was no network connection every 10 seconds. Ping test showed that precisely every 10 seconds the network connection stops responding, this became very obvious when trying to stream of course.

I then captured about a minute of data in Wireshark and in Procmon and correlated the data to find the application makes some sort of network request every 10 seconds. I isolated it via the time stamps to this specific operation:

QueryNameInformationFile C:\Windows\System32\rpcrt4.dll

0 FLTMGR.SYS FltDecodeParameters + 0x193c 0xfffff8056ead66fc C:\WINDOWS\System32\drivers\FLTMGR.SYS 1 FLTMGR.SYS FltDecodeParameters + 0x14dc 0xfffff8056ead629c C:\WINDOWS\System32\drivers\FLTMGR.SYS 2 FLTMGR.SYS FltDecodeParameters + 0x5f4 0xfffff8056ead53b4 C:\WINDOWS\System32\drivers\FLTMGR.SYS 3 FLTMGR.SYS FltDecodeParameters + 0x3ee 0xfffff8056ead51ae C:\WINDOWS\System32\drivers\FLTMGR.SYS 4 ntoskrnl.exe IofCallDriver + 0x59 0xfffff800bcd24e69 C:\WINDOWS\system32\ntoskrnl.exe 5 ntoskrnl.exe CmCallbackGetKeyObjectIDEx + 0x21d 0xfffff800bd1731fd C:\WINDOWS\system32\ntoskrnl.exe 6 ntoskrnl.exe CmCallbackGetKeyObjectIDEx + 0x3f0 0xfffff800bd1733d0 C:\WINDOWS\system32\ntoskrnl.exe 7 ntoskrnl.exe CmCallbackGetKeyObjectIDEx + 0x786 0xfffff800bd173766 C:\WINDOWS\system32\ntoskrnl.exe 8 ntoskrnl.exe SeQuerySecurityDescriptorInfo + 0x1375 0xfffff800bd174db5 C:\WINDOWS\system32\ntoskrnl.exe 9 ntoskrnl.exe NtAllocateVirtualMemory + 0x1d51 0xfffff800bd18d2f1 C:\WINDOWS\system32\ntoskrnl.exe 10 ntoskrnl.exe NtAllocateVirtualMemory + 0x14b1 0xfffff800bd18ca51 C:\WINDOWS\system32\ntoskrnl.exe 11 ntoskrnl.exe setjmpex + 0x6f63 0xfffff800bce46743 C:\WINDOWS\system32\ntoskrnl.exe 12 ntoskrnl.exe KeSynchronizeExecution + 0x2940 0xfffff800bce39aa0 C:\WINDOWS\system32\ntoskrnl.exe 13 ntoskrnl.exe FsRtlKernelFsControlFile + 0x862 0xfffff800bd2276b2 C:\WINDOWS\system32\ntoskrnl.exe 14 ntoskrnl.exe NtSetInformationProcess + 0x5937 0xfffff800bd1d2a27 C:\WINDOWS\system32\ntoskrnl.exe 15 ntoskrnl.exe NtSetInformationProcess + 0x4df0 0xfffff800bd1d1ee0 C:\WINDOWS\system32\ntoskrnl.exe 16 ntoskrnl.exe setjmpex + 0x6f63 0xfffff800bce46743 C:\WINDOWS\system32\ntoskrnl.exe 17 ntdll.dll NtQueueApcThreadEx + 0x14 0x7ffe77a5d534 C:\WINDOWS\SYSTEM32\ntdll.dll 18 RPCRT4.dll NdrServerCallNdr64 + 0x1ae 0x7ffe75ac4d0e C:\WINDOWS\System32\RPCRT4.dll 19 RPCRT4.dll RpcServerInqCallAttributesW + 0xaaad 0x7ffe75afc3fd C:\WINDOWS\System32\RPCRT4.dll 20 RPCRT4.dll RpcServerInqCallAttributesW + 0x71b8 0x7ffe75af8b08 C:\WINDOWS\System32\RPCRT4.dll 21 RPCRT4.dll NdrFixedArrayBufferSize + 0x215 0x7ffe75b24465 C:\WINDOWS\System32\RPCRT4.dll 22 RPCRT4.dll RpcServerInqCallAttributesW + 0xabb5 0x7ffe75afc505 C:\WINDOWS\System32\RPCRT4.dll 23 RPCRT4.dll RpcStringBindingComposeW + 0x532d 0x7ffe75ad818d C:\WINDOWS\System32\RPCRT4.dll 24 RPCRT4.dll I_RpcSend + 0x248 0x7ffe75add158 C:\WINDOWS\System32\RPCRT4.dll 25 ntdll.dll RtlReleaseSRWLockExclusive + 0x19ae 0x7ffe779e7c9e C:\WINDOWS\SYSTEM32\ntdll.dll 26 ntdll.dll RtlReleaseSRWLockExclusive + 0x298 0x7ffe779e6588 C:\WINDOWS\SYSTEM32\ntdll.dll 27 KERNEL32.DLL BaseThreadInitThunk + 0x14 0x7ffe74e63034 C:\WINDOWS\System32\KERNEL32.DLL 28 ntdll.dll RtlUserThreadStart + 0x21 0x7ffe77a33691 C:\WINDOWS\SYSTEM32\ntdll.dll

I wondered if you had any idea of what is causing this and the resolution please? I am still investigating myself so will update if I have further findings.

And of course, thanks for the amazing application :-)

jontio commented 5 years ago

JAERO uses an audio connection. Googling spy server it seems to be something for having the SDR receiver on a different computer than SDR#. JAERO only deals with what's coming out of the SDR# application not what's going into it. But I've never used spyserver and wouldn't be sure while you having connection issues between spy server and SDR#. It could be that you are sending data to fast over the Ethernet/Wi-Fi connection. Try setting a lower sample rate on the SDR card which I assume you can do in spyserver.

rodavrow commented 5 years ago

Actually the use of spy server is moot, as the network issue is present whenever running JAERO and irrelevant to Spy Server being used. I only noticed because the connection between Spy Server and SDR# breaks as well so I can't decode. The audio is piped from SDR# as normal to JAERO and there is no difference as far as it's concerned. It just sends the IQ samples over the network instead of being collected locally. Even if I used a local USB stick then the network connection failing every 10 seconds for a few seconds is inconvenient anyway. The Wireshark and Procmon analysis showed that JAERO is the source of the network failure every 10 seconds.

jontio commented 5 years ago

I'm not sure if I totally understand you. Are you saying that JAERO is somehow freezing all network connections periodically? If so I have no idea how that would be happening. The only network stuff that JAERO does is all selectable so you should be able to disable all of it (basestation output etc) and see if the problem still happens. If you can isolate what part of JAERO is doing that would be really helpful.