Why is HE trying to find a host that doesn't exist?

I was running a packet sniff on my HE to help diagnose a different issue, but saw that it's spamming ARP queries to try and resolve a host that doesn't exist. Screencap below from WireShark shows the gory details.

The HE has a DHCP reservation that places it at X.Y.Z.45, why is it so keen to find X.Y.Z.1 when that host doesn't even exist on my network?

Probably because the X.Y.Z.1 address is usually the Gateway address for a LAN. The hub tries to connect itself to the Hubitat Cloud Endpoint server, so it can allow for updates, cloud based integrations, and so the Hubitat Mobile App can connect while you're away from home. Since the hub needs to make an outbound connection to do so, it has be routed through the LAN's Gateway (i.e. the Router).

1 Like

Side note: Just saw in your profile the following

"Still have fond memories of the PDP 11/34A in the lab that I first encountered in my second (sophomore) year at University."

When I started working back in 1991, my company was still using PDP11s running the RSX-11S real-time operating system. These system booted over DECnet, 10base2 coax, from a VAX-VMS server. I programmed these systems in F77 Fortran for a few years, before we finally migrated them to VAXELN running on RT-VAX SBCs in a VME chassis.

Good memories! :slight_smile:

1 Like

More DEC PDP 11/34A's folks here yea! Learned RSTS/E when I was 16 years old. Then graduated to VAX/VMS DECnet and lots of clusters. Those days are long gone now. I still have some LAT/Coax communications gear stored in Michigan. Lots of history.

1 Like

Some things seem to linger...

We're still running a Tru64 UNIX server on an emulated AlphaServer running on an Intel x64 Linux physical host! :wink:

Well no more Tops 10 or Tops 20's like we had at GM. 36 bit computing.

You can change the gateway address in Settings/Network Setup

1 Like

:sob: :sob:

1 Like

I know how to do this, and I already did just that. I redacted the IP addresses on my internal network, but even so, if you look at it carefully, you can see they have the form 1XX.YY.Z.0/24 . That immediately rules out the possibility of it being one of the "standard" 192.168.X.0/24 blocks that are so common. Which in turn means that I completely re-worked the LAN IP setup, or as is said in certain other industries, I did a "full rip and re-build".

Why do I do this? I'm running with a fairly conventional X.Y.Z.0/24 CIDR block on the inside, and have the following logical allocations:

.1 through .99 are set aside for "reserved" DHCP addresses, i.e. devices that I do not want to ever move. E.g. the HE at .45, some WiFi smart bulbs at .50 through .58, Printer at .35, etc. etc. etc.

.100 through .250 are set aside for the regular DHCP pool.

Router is at the very top in the .251 through .254 section.

Irrespective of how I have my network laid out, pinging a random IP address is an absolutely hideous way to try to determine the gateway address. Especially considering that the HE will have already learned the gateway address from the DHCP exchange. It's all covered in RFC 2132. And since the HE can download firmware updates, I'd say we can conclude without doubt it knows where the gateway is. And what happens if I DO place a host at X.Y.Z.1? e.g. a small microcontroller such as an ESP8266 or ESP32, or a Pi Pico W? Are Hubitat going to be so stupid they assume "Aha there's a host at X.Y.Z.1, it must be the gateway, so I'll try and route all traffic through it." That's not going to end well, is it?

Last but not least, If they don't get a reply after ten tries or so, give up! There is a school of thought that defines insanity as doing the same thing over and over, expecting a different result. By that metric, this rates as seriously insane.

1 Like

I never realized someone could get so fired up by some ARPs on their home network.

1 Like

Nothing wrong with ARPs when appropriate. What is a problem is spamming them at the rate of one a seconds all day every day. Forever.

You don't use Wireshark, do you much? When these spurious ARPs are so damn thick on the network they start interfering with my ability to quickly parse an HTTP session, they're a serious problem. Sure I could set up a display filter and get rid of them, but I shouldn't need to.

1 Like

You can stop the ping to the router with this setting in networks, I turned it off on my hubs. After I did that I found one of the app's I used that was brought over from SmartThings was still pinging. It took a bit of disable / enable work to find that app and remove the ping command from their code.

Also there is darn bad practice of pinging as a keep alive. Saw that in a API call to a certain dashboard URL I was using and it had javascript in it.

1 Like

I can’t speak for @djw1191, but I would hazard a guess that most Hubitat users do not. The one or two times I have, I nearly got motion sick from watching all the packets speeding by on my screen.

If you want it to be a competition.. I am very much familiar with wireshark, I work professionally in the security space and have spent many an hour reviewing pcaps. I run an enterprise tier firewall at home, have run IDS systems, have an over complicated network segmentation in my home network, etc. So yes I do use wireshark, am very much familiar with network traffic on my home network, but what I don’t do is arbitrarily look at captures. A network isn’t going to be effected by this ARP traffic and as you’re probably aware devices on a network generate all sorts of strange network traffic you wouldn’t expect.

If you aren’t making use of wireshark’s follow TCP streams to follow an HTTP session, more power to you I suppose, feels like pretty much a requirement. Let’s also not pretend that all network traffic doesn’t quickly overwhelm any wireshark session. I guess we just have different definitions of serious problems.

I’m much more annoyed by all the consumer devices that force google DNS as their resolvers forcing me to NAT outbound dns from devices to enforce my own internal dns server.

In the end, you do you, not really looking to get into an internet fight. I just enjoy seeing the minor things that people find bothersome.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.