I started to have a look at all devices on my network after my ISP was informing me of abnormally high data usage.
While I found the main culprit to an AV package that was constantly trying to download definitions and failing, I found that my SmartThings hub is generating a lot of data and I was wondering if this is normal or not.
And if it it normal and I were to block it, what would happen to my functionality.
Below you can find what I’m seeing on my firewall as far as traffic is concerned:
The lights are Sengled Element Classic’s
The switches are GE toggle switches
The hub is a v2
No smart apps or anything else special set up
OTA is not enabled
What does “7.36 MB/3.58 MB” refer to? Data xferred in and out (or vice-versa)? And is this activity happening in bursts, or it is pretty consistent all day every day?
Data Sent/Received
So it looks like it is trying to send data or logs off and is failing or something.
And every 2 minutes it is trying again, but adding slightly more data to it, since the size keeps going up over time.
ok, so really strange thing.
This has persisted for a couple weeks now, even survived a reboot of the hub.
I blocked that IP in my firewall about an hour ago and new connections to 18.221.140.171 took their place.
The original requests completely stopped after a couple failures.
The connections to 18.221.140.171 are only a couple KB in size and stay within the 1-5KB in size, as one would expect.
I unblocked the other IP, but it is no longer being contacted.
Very strange…
So I’m guessing on of the ST servers is having issues or a misconfiguration.
I’ll certainly keep an eye on this to see if this returns or not.
Looks like some weird code issue with load balancing, where it keeps retrying as long as the IP is available, but when it’s not then it switches to a secondary IP?
I guess that’s the problem with closed source software
Although I suppose you can shoehorn mitmproxy or something in there and try to see what the hub is doing.
Someone internally pointed out that this screenshot may reflect an increasing sum over time. That would certainly more closely match the expected data usage. For example, between lines 5 and 6, there was a ~10 Kb data sent.
No, since posting this here, things have been normal.
The IP smartthings connected to changed a couple times after reboots, but all traffic looks normal now.
This is what is looks like right now:
I thought about the idea of increasing sum over time as well, but then it would show the same way in the logs now as well.
Also, when I looked up traffic usage by biggest receiving IP addresses, the IP from the original screenshot was always number 1 in the list of received traffic.
So, this was a very strange thing. Glad it fixed itself though.
I’ve been seeing similar issue with my hub as well. Trying to throttle it down, but then I start seeing odd issues. The bandwidth down is steady at 500mb/day.
After a couple restarts, the smartthings unit connected to a different cloud ip. The issue stopped after that happened. Not resurfaced either. So my guess is something was wrong on one of their servers at that time.
