Very High Network Traffic since the beginning of the Week

I have recently noticed an extreme spike in my routers (own) 2.4GHz Wi-Fi activity, normally it’s around the 40-50% mark, which is pretty high in itself, but since the start of the week, it skyrocketed to +90% allocation. This is an absolutely insane number, considering all other 2.4GHz devices (ZigBee, Bluetooth, Proprietary Wireless, etc.) also share bandwidth with 2.4GHz Wi-Fi! The consequence of this is basically nothing else on 2.4GHz works in the entire house, neighbours Wi-Fi goes down, Bluetooth becomes very short-ranged and ZigBee basically doesn’t work at all anymore (the biggest problem).

I have done some analysis, unplugging every single device in my house from Wi-Fi and testing the difference in Traffic. I came to the conclusion that Homey is single-handily responsible for the additional 40-50% of Wi-Fi traffic! When I unplug Homey Traffic goes back to normal instantly.

I have gone on and did a (~10min) package capture on my router, to see what sort of traffic is happening here, and it seems to be lots (1000+ per hour) of TLS requests to some Amazon (AWS) Server in Ireland, which I assume is for the Athom cloud connectivity.

Is anyone else experiencing this lately, and can anything be done besides completely blocking Athom Cloud access?

Athom uses their own servers in house, and don’t use amazon for this, so it most likely is something else.

Only thing amazon related I can think of is the Alexa intergration.

I though that too, but when I do a tracert to (which is the first and only DNS request my Homey makes when rebooting) it goes through about 10 different (USA) AWS Servers and ends up at the exact IP of the Irish AWS Node that sends all of the TLS-packets.

1 Like

All public Homey-related websites are hosted by AWS, so which parts are not using Amazon?

FWIW, here’s an excerpt of a tcpdump:

15:09:21.808584 IP > Flags [S], seq 3367426034, win 29200, options [mss 1460,sackOK,TS val 2967876186 ecr 0,nop,wscale 6], length 0
15:09:21.831228 IP > Flags [S.], seq 2686537665, ack 3367426035, win 26847, options [mss 1412,sackOK,TS val 1005326866 ecr 2967876186,nop,wscale 8], length 0
15:09:21.835145 IP > Flags [.], ack 1, win 457, options [nop,nop,TS val 2967876220 ecr 1005326866], length 0

My Homey is not running any apps or services that require AWS access, and AWS is the first provider it contacts for “regular” traffic (the others being Google’s DNS servers and an NTP pool server).

I checked my homey right now:
Uptime: 23 days
Downstream: 201 GB
Upstream: 17.8 GB

Any idea what homey is doing with this amount of data? :thinking:

I have tried blocking in my routers firewall, to see if that reduces the traffic at all (sacrificing cloud connectivity until there is a better solution), but that just splits the TLS requests into multiple different chains to and from (Internet-dependent) app-specific servers (LIFX, Spotify, etc.).

This seems very strange to me since when I first noticed this behavior I disabled all apps on my Homey and saw no difference to network traffic (or TLS-Packets) at all. I will try disabling everything again and do another packet capture during the reboot.

Doing this stops nearly all TLS-Packets, but now I just get my traffic filled with corrupted TCP-Packets (going and coming from the same server in Ireland)

There are other hostnames that Homey connects to as well, like

I have tried disabling all my apps again with and without blocking access to the Athom Cloud, now I am seeing thousands of TCP re-transmission errors, mostly coming from AWS Servers and supposed to go to Homey (but failing to do so correctly, hence the re-transmission) with nearly zero successful TCP transmissions in-between. Maybe the Server tries to push data to apps, that are no longer running (because I have disabled them all) and that’s why the traffic does not stop regardless of what apps I have installed or not? I am not sure if this is intentional behavior, it seems kind of pointless to me to push data to an app that is not running…

My Homey doesn’t do DNS requests for these URLs though, so I don’T think blocking them in the Router’s firewall should change anything, as far as I know.

I saw that mine did perform a lookup for that hostname, that’s why I mentioned it.

Must be the Athom LIFX app then. My LIFX app does not use the cloud :smiley: