When running a local web server for web app development, logs show that something is trying to GET /socket.io from localhost on port 3000. This happens when using puma inside a Docker container for a Rails app, as well as when using a simple local server with node. The traffic appears to be coming from somewhere, but it’s not clear where.
Rebooting the machine temporarily stops the traffic, but it eventually starts again. Background apps have been checked and it’s not coming from them. This issue does not occur on a similar laptop. It is unclear what is causing the traffic and what else can be done to find the source.
Samples:
In the Rails app log:
Started GET "/socket.io/?X_LOCAL_SECURITY_COOKIE=&EIO=3&transport=polling&t=1560455293858-21046" for 172.18.0.1 at 2019-06-13 19:48:13 +0000
ActionController::RoutingError (No route matches [GET] "/socket.io"):In a simple node http-server one-pager:
[Thu Jun 13 2019 16:15:44 GMT-0400 (Eastern Daylight Time)] "GET /socket.io/?X_LOCAL_SECURITY_COOKIE=&EIO=3&transport=polling&t=1560456944267-21720" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.30 Safari/537.36 NVIDIACEFClient/rel_03_17/c6b7277 NVIDIAOSCClient/3.17.0.126"
[Thu Jun 13 2019 16:15:44 GMT-0400 (Eastern Daylight Time)] "GET /socket.io/?X_LOCAL_SECURITY_COOKIE=&EIO=3&transport=polling&t=1560456944267-21720" Error (404): "Not found"Clearly, there’s something running on the machine that is doing this, but I can’t find it. What else can I do to try and figure out where it’s coming from?
3 Answers
Determining the source of traffic to /socket.io on a Windows 10 desktop
If you are running a local web server for web app development on Windows 10 and you notice that something is trying to GET /socket.io from localhost on port 3000, it could be an indication of an underlying problem. This issue can occur when using puma inside a Docker container for a Rails app, as well as when using a simple local server with node. The traffic appears to be coming from somewhere, but it’s not clear where. In this post, we will discuss how you can determine the source of this traffic.
Check for Background Apps
The first thing you should do is to check for any background apps that could be causing the traffic. This can be done by opening the Task Manager and checking the list of running processes. Look for any suspicious apps that you do not recognize. If you find any, try to Google them to find out what they are and whether they are known to cause this type of traffic.
Check for Malware
If you do not find any suspicious apps running in the background, the next step is to check for malware. Malware can cause this type of traffic, so it’s important to make sure that your computer is free of any viruses or other malicious software. You can use an antivirus program to scan your computer for malware and remove any threats that are found.
Check the Firewall
If you have checked for background apps and malware and you still cannot find the source of the traffic, the next step is to check the Windows Firewall settings. It’s possible that the traffic is being blocked by the firewall, but the logs are still being generated. To check the firewall settings, go to Control Panel > System and Security > Windows Defender Firewall. From there, you can check if any rules are blocking the traffic.
Check the Event Viewer
The Event Viewer is a built-in tool in Windows that can be used to view system logs. You can use it to find out more information about the traffic to /socket.io. To access the Event Viewer, type “event viewer” into the Windows search bar and open the app. From there, you can navigate to Windows Logs > System and look for any events related to the traffic. You can also use the search bar to search for specific keywords related to the traffic.
Use Wireshark
Wireshark is a free and open-source packet analyzer that can be used to capture and analyze network traffic. You can use it to capture the traffic to /socket.io and analyze it to find out where it is coming from. To use Wireshark, download and install it on your computer, then start capturing packets. Once you have captured the traffic, you can analyze it to find out the source IP address and other information about the traffic.
Reinstall the Operating System
If you have tried all of the above steps and you still cannot find the source of the traffic, the last resort is to reinstall the operating system. This will wipe your computer clean and remove any software that could be causing the traffic. However, this should only be done as a last resort, as it will erase all of your data and require you to reinstall all of your software.
In conclusion, if you are experiencing traffic to /socket.io on a Windows 10 desktop, there are several steps you can take to determine the source of the traffic. By checking for background apps, malware, firewall settings, using the Event Viewer, Wireshark, and reinstalling the operating system, you should be able to find the source of the traffic and resolve the issue.
There are a few steps you can take to try and figure out the source of the requests to /socket.io on your Windows 10 desktop:
- Check your browser extensions: Some browser extensions can cause unwanted connections. Try disabling all of your browser extensions and see if the requests to /socket.io stop.
- Check your network settings: Make sure your firewall is not blocking the requests. Also, check if your router has any port forwarding rules that might be causing the traffic.
- Use a network monitoring tool: Tools like Wireshark or Fiddler can help you see all of the network activity on your machine. This can help you identify the source of the requests.
- Check running process: Use a task manager tool such as Process Explorer to check all running process, and look for any process that might be causing the traffic.
- Check installed software: Check if any installed software might be causing the requests, for example, some VPN software or browser toolbars can cause unwanted connections.
- Compare the two machines: Compare the configuration of the two machines, both software and hardware, to try to identify what might be different between the two.
It’s also possible that the requests are coming from somewhere else on the network, such as another machine or device that is connected to the same network.
The solution to the issue of constant traffic to /socket.io from localhost on port 3000 is to turn off the In Game Overlay feature in NVIDIA GeForce Experience. If necessary, the latest drivers should also be installed or reinstalled.
This was determined by monitoring traffic while messing around with NVIDIA processes and stopping the NVIDIA Share processes. This immediately stopped the constant pinging on socket.io.
Some subsequent searching around with new keywords brought me to this article:
If you do want to disable some NVIDIA processes, toggling the “In-Game
Overlay” off in GeForce Experience is a guaranteed safe way to do it.
This will get rid of the NVIDIA ShadowPlay Helper process and the two
NVIDIA Share processes until you turn it back on. Again, we don’t
generally recommend disabling services from the Services menu—using
the program’s built-in options is generally a safer way to cut down on
these running processes.
After rebooting, an error occurred when attempting to open NVIDIA GeForce Experience to test the solution. The application would not open. This may have been a contributing factor to the issue. The driver was removed and the latest NVIDIA driver was installed, allowing the In Game Overlay feature to be turned on and off. When the feature was turned off, the NVIDIA Share processes stopped and there was no more pinging to socket.io on localhost from NVIDIA.