-
Heavy UDP Traffic
client is seeing heavy UDP traffic on a system that is installed/running. Packet capture shows a destination address of 239.34.109.155 and the packet contains 21 bytes of data. What is this (multicast) packet used for, is it required and if not, is there a way to turn it "off"?
thanks
-
It's RA2, yes, so there's a main repeater on the network... what else? Another repeater? A Connect Bridge? Are they configured for DHCP or static IP addresses?
-
I might be able to help.
Do you have Essentials? I am working with Lutron System Support on an unrelated issue and discovered my logs are filled with failed outgoing UDP connections. Apparently my main repeater is trying to connect with Alarm.com and keeps retrying. I believe it is back when you had the option of remote connection with Lutron Home instead of Lutron Connect with the bridge.
My entire log file is filled with events similar to below due the fact that I have my firewall set to a default of block all and is blocking these outgoing connections.
Code:
00024 | 07/06/17 | 11:09:49 | 0165995190 | WRKA | 00000 | REMOTE CONN | WRKA: Retries exceed max - Reset UDP
00025 | 07/06/17 | 11:09:49 | 0165995192 | WRKA | 00000 | REMOTE CONN | WRKA: Remote access inactive
00026 | 07/06/17 | 11:09:49 | 0165995237 | TERM | 00000 | REMOTE CONN | TERM: DNS resolving
00027 | 07/06/17 | 11:09:49 | 0165995237 | WRKA | 00000 | REMOTE CONN | WRKA: Cached Host Address = 216.36.42.33
00028 | 07/06/17 | 11:09:49 | 0165995286 | TERM | 00000 | REMOTE CONN | TERM: Connecting to remote server
00029 | 07/06/17 | 11:09:49 | 0165995289 | WRKA | 00000 | REMOTE CONN | WRKA: Initializing encryption key
00030 | 07/06/17 | 11:09:49 | 0165995289 | WRKA | 00000 | REMOTE CONN | WRKA: Starting UDP connection
00031 | 07/06/17 | 11:09:59 | 0166000340 | WRKA | 00000 | REMOTE CONN | WRKA: TX Retry last command (count = 1)
00032 | 07/06/17 | 11:10:10 | 0166005390 | WRKA | 00000 | REMOTE CONN | WRKA: TX Retry last command (count = 2)
00033 | 07/06/17 | 11:10:20 | 0166010440 | WRKA | 00000 | REMOTE CONN | WRKA: TX Retry last command (count = 3)
00034 | 07/06/17 | 11:10:30 | 0166015490 | WRKA | 00000 | REMOTE CONN | WRKA: TX Retry last command (count = 4)
00035 | 07/06/17 | 11:10:40 | 0166020541 | WRKA | 00000 | REMOTE CONN | WRKA: TX Retry last command (count = 5)
00036 | 07/06/17 | 11:10:50 | 0166025590 | WRKA | 00000 | REMOTE CONN | WRKA: Retries exceed max - Reset UDP
00037 | 07/06/17 | 11:10:50 | 0166025592 | WRKA | 00000 | REMOTE CONN | WRKA: Remote access inactive
A WireShark capture shows that my main repeater is trying to connect to 239.106.201.27, 216.36.42.33, 224.0.37.42 usually with ~22 bytes of data.
Apparently in Inclusive in the part of the software where you find your main repeater you can hit advanced and you have the option of disabling this. At this time there is no way to disable this within Essentials.
-
Post Thanks / Like - 1 Thanks, 1 Likes
-
Originally Posted by
johngalt
Apparently in Inclusive in the part of the software where you find your main repeater you can hit advanced and you have the option of disabling this.
Where is this? I'm looking in Inclusive and not seeing anything mentioning alarm.com.
Is it the checkbox labeled "Restrict communications with Processor to Local LAN only"?
Good catch using Wireshark and the firewall rules. I think most folks don't realize just how much outgoing traffic is being sent by various devices...
-
Sorry for the VERY long response time. I am sure you have figured it out, but for others.
You are correct "Restrict communications with Processor to local LAN only" will prevent the UDP packets from trying to connect with Alarm.com."
Thanks: 1
Likes: 1
wkearney99 thanked for this post
wkearney99 liked this post
Posting Permissions
Reply With Quote