Press "Enter" to skip to content

Category: around the house

A Home Network Troubleshooting Journey

This week I moved from UniFi to a new setup that included OPNsense on the edge to handle firewall, NAT, and other such tasks on the home network. Built in to OPNsense is a basic NetFlow traffic analyzer called Insight. Looking at this and turning on Reverse lookup something strange popped out: ~22% of the inbound traffic over the last two hours was from just two hosts: dynamic-75-76-44-147.knology.net and dynamic-75-76-44-149.knology.net.

While reverse DNS worked to resolve the IPs to hostnames (75.76.44.147 to dynamic-75-76-44-147.knology.net and 75.76.44.149 to dynamic-75-76-44-149.knology.net), forward lookup of those hostnames didn’t work. This didn’t really surprise me as the whole DNS situation on the WOW/Knowlogy network is poor, but it did make me more curious. Particularly strange was the IPs being are so close together.

To be sure this is Knology (ruling out intentionally-misleading reverse DNS) I used whois to confirm that netblock is owned by them:

NetRange: 75.76.0.0 - 75.76.46.255
CIDR: 75.76.46.0/24, 75.76.40.0/22, 75.76.0.0/19, 75.76.44.0/23, 75.76.32.0/21
NetName: WIDEOPENWEST
NetHandle: NET-75-76-0-0-1
Parent: NET75 (NET-75-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS12083
Organization: WideOpenWest Finance LLC (WOPW)
RegDate: 2008-02-13
Updated: 2018-08-27
Ref: https://rdap.arin.net/registry/ip/75.76.0.0

My home ISP is Wide Open West (WOW), and Knology is an ISP that they bought in 2012. While I use my ISP directly for internet access (no VPN tunnel to elsewhere), I run my own DNS to avoid their service announcement redirections, so why would I be talking to something else on my ISP’s network?

Could this be someone doing a bunch of scanning of my house? Or just something really misconfigured doing a bunch of broadcasting? Let’s dig in and see…

First I used the Packet capture function in OPNsense to grab a capture on the WAN interface filtered to these two IPs. Looking at it in Wireshark showed it was all HTTPS. Hmm, that’s weird…

A couple coworkers and I have Plex libraries shared with each other, maybe that’s it? The port isn’t right (Plex usually uses 32400) but maybe one of them are running on it in 443 (HTTPS)… But why the two IPs so close to each other? Maybe one of them are getting multiple IPs from their cable modem, have dual WAN links configured on their firewall, and it’s bouncing between them… (This capture only showed the middle of a session, so there was no certificate exchange present to get any service information from.)

Next I did another packet capture on the LAN interface to see if it’s a computer on the network or OPNsense as the local endpoint. This showed it’s coming from my main personal computer, a 27″ iMac at 192.168.0.8 / myopia.--------.nuxx.net, so let’s look there. (Plex doesn’t run on the iMac, so that’s ruled out.)

Conveniently the -k argument to tcpdump on macOS adds packet metadata, such as process name, PID, etc. A basic capture/display on myopia with tcpdump -i en0 -k NP host 75.76.44.149 or 75.76.44.147 to show all traffic going to and from those hosts identified Firefox as the source:

07:39:57.873076 pid firefox.97353 svc BE pktflags 0x2 IP myopia.--------.nuxx.net.53515 > dynamic-75-76-44-147.knology.net.https: Flags [P.], seq 19657:19696, ack 20539524, win 10220, options [nop,nop,TS val 3278271236 ecr 1535621504], length 39
07:39:57.882070 IP dynamic-75-76-44-147.knology.net.https > myopia.--------.nuxx.net.53515: Flags [P.], seq 20539524:20539563, ack 19696, win 123, options [nop,nop,TS val 1535679857 ecr 3278271236], length 39

Well, okay… Odd that my browser would be talking so much HTTPS to my ISP directly. I double-checked that DNS-over-HTTPS was disabled, so it’s not that…

Maybe I can see what these servers are? Pointing curl at one of them to show the headers, the server header indicated proxygen-bolt which is a Facebook framework:

c0nsumer@myopia Desktop % curl --insecure -I https://75.76.44.147
HTTP/2 400
content-type: text/plain
content-length: 0
server: proxygen-bolt
date: Sat, 16 Jan 2021 13:22:57 GMT
c0nsumer@myopia Desktop %

Now we’re getting somewhere…

Finally I pointed openssl at the IP to see what certificate it’s presenting and it’s a wildcard cert for a portion of Facebook’s CDN:

c0nsumer@myopia Desktop % openssl s_client -showcerts -connect 75.76.44.149:443 </dev/null
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = Menlo Park, O = "Facebook, Inc.", CN = *.fdet3-1.fna.fbcdn.net
verify return:1
[SNIP]

As a final test I restarted tcpdump on the iMac then closed the Facebook tab I had open in Firefox and the traffic stopped.

So there’s our answer. All this traffic is to Facebook CDN instances on the Wide Open West / Knology network. It sure seems like a lot for a tab just sitting open in the background, but hey… welcome to the modern internet.


I could have received more information from OPNsense’s Insight by clicking on the pie slice shown above to look at that host in the Details view, but it seems to have an odd quirk. When the Reverse lookup box is checked, clicking the pie slice to jump to the Details view automatically puts the hostname in the (src) Address field, which returns no results (it needs an IP address). I thought this was the tool failing, so I looked to captures for most of the info.

Later on I realized that filtering on the IP showed a bunch more useful information, including the endpoints within the network and that HTTPS was also running over UDP, indicating QUIC.

Comments closed

Pi-hole via Docker on Synology DSM with Bonded Network Interface

With consolidating and upgrading my home network I’m moving Pi-hole from a stand-alone Raspberry Pi to running under Docker on my Synology DS1019+ running DiskStation Manager (DSM) v6.2.3.

This was a little bit confusing at first as the web management UI would work, but DNS queries weren’t getting answered. This ended up being caused by the bonded network interface, which is ovs_bond0 instead of the normal default of eth0.

Using the official Pi-hole Docker image, set to run with Host networking (Use the same network as Docker host in the Synology UI), setting or changing the following variables will set up Pi-hole work from first boot, configured to:

  • Listen on ovs_bond0 (instead of the default eth0).
  • Answer DNS queries on the same IP as DSM (192.168.0.2).
  • Run the with the web-based management interface on port 8081 with password piholepassword.
  • Send internal name resolutions to the internal DNS/DHCP server at 192.168.0.1 for clients *.internal.example.com within 192.168.0.0/24.
  • Set the displayed temperature to Farenheit and time zone to America/Detroit.
  • Listen for HTTP requests on http://diskstation.internal.example.com:8081 along side the default pi.hole hostname.

DNS=127.0.0.1
INTERFACE=ovs_bond0
REV_SERVER=True
REV_SERVER_CIDR=192.168.0.0/24
REV_SERVER_DOMAIN=internal.example.com
REV_SERVER_TARGET=192.168.0.1
ServerIP: 192.168.0.2
TEMPERATUREUNIT=f
TZ: America/Detroit
VIRTUAL_HOST: diskstation.internal.example.com
WEB_PORT: 8081
WEBPASSWORD: piholepassword

Additionally, setting up volumes for /etc/dnsmasq.d/ and /etc/pihole/ will ensure changes to the UI persist across restarts and container upgrades. I do this as shown here:

Note: If you stop the Pi-hole container, clear out the contents of these directories, and then restart the container, Pi-hole will set itself up again from the environment variables. This allows tweaking the variables without recreating the container each time.

Comments closed

Pi-hole (and PiVPN) with Ubiquiti UniFi

Pi-hole

My home network is based around Ubiquiti’s UniFi, with a Security Gateway (USG) handling the NAT/firewall/routing duties. For ad blocking and to have better control over DNS I use Pi-hole running on a Raspberry Pi.

With the following settings you can have the two working well together with UniFi doing DHCP and Pi-hole doing DNS. Internal forward and reverse resolution will work, which means hostnames will appear properly for internal devices on both consoles while requests are still appropriately Pi-hole’d.

Here’s how:

  • Set up the Pi-hole and put it on the network at a static IP.
  • In Pi-hole, under SettingsDNS turn on:
    • Never forward non-FQDNs
    • Never forward reverse lookups for private IP ranges
    • Conditional forwarding with IP address of your DHCP server (router) as the USG
    • Local domain name (optional) as your internal DNS suffix
  • In the USG, set DHCP to hand out the Pi-hole’s IP for DHCP Name Server.
  • In USG, under ServicesDHCPDHCP Server, set Register client hostname from DHCP requests in USG DNS forwarder to On.
  • Leave the WAN interface’s DNS set to something public, such as what the ISP provides or Google’s 8.8.8.8/8.8.4.4 or whatever. This ensures that if the Pi-hole goes down then the USG can still resolve DNS.

After setting this up clients will use Pi-hole for DNS, as configured via DHCP. Requests for hostnames and addresses on the local network (shortnames or local suffix) will get forwarded to the USG, ensuring ensures that internal requests work properly.

PiVPN

Taking this a step further, I also have PiVPN running on the same Pi, to provide an endpoint for connecting into my home network via Wireguard. Pi-hole and PiVPN integrate very nicely and are designed to work together, making the setup very smooth.

By default, PiVPN sets the Pi-hole as the DNS via a DNS option in the [Interface] section of the config. To ensure appropriately geolocated search results when connected to VPN, use a DNS which supports Extended Client Subnet (ECS) (under SettingsDNS) on the Pi-hole.

(For reference, I’m running Pi-hole on a Raspberry Pi 4 Model B with 2GB of RAM and it has plenty of overhead for both Pi-hole for ~20 devices and sustaining 50 MByte/sec via Wireguard. The Pi-hole section of this was originally written up here on Reddit.)

Comments closed

Easy Carpet Spikes for iMovR Freedom Base

I recently purchased an iMovR Energize corner standing desk which came with the Freedom base. It works well, but had a bit of a wobble when placed on the relatively-thick carpet in my office. Because the leveling legs are relatively wide (35mm) they’d sit on top of the carpet and the desk didn’t have great support.

To solve this I picked up four M8-1.25 x 25mm hex head screws from Home Depot and fitted them in place of the leveling feet. This resulted in ~20mm tall, narrow feet sticking down off the legs, pressing firmly through the carpet to the wood floor below, and no more wobble.

This is the same principle as carpet spikes, used to for speakers and other tall/narrow cabinets, to make them more stable on soft carpet by pressing through the carpet to the hard floor below. (Carpet spikes, for speakers, have all sorts of other acoustic isolating purposes which sometimes border on audiophile woo, but increased physical stability is an easily demonstrated effect.)

Comments closed

2017-2018 Trainer Setup: CycleOps Hammer

For winter 2017-2018 I’ve put together a revamped, and much improved, trainer setup in my basement. Since the last setup with a Kurt Kinetic Road Machine things have been changed pretty significantly. I had previously set things up in front of a CRT HDTV which I’d previously used as a gaming / home theater setup but over the years I didn’t really use it for anything other than movies while on the trainer and basement music; just kind of a waste. This fall I sold the CRT HDTV and stands, picked up a cheap LCD TV (with built-in Netflix and Amazon apps), and put the whole setup on a metal stand in front of the trainer.

The result is a nice setup where a movie plays at eyes-on-the-road level and TrainerRoad is just a glance below. A CycleOps Hammer smart trainer provides resistance when riding, a nice step up from using a power meter, fluid trainer, and shifting to reach power targets. Four speakers (plus two over the workbench) are connected to a home theater receiver / amp, making for great audio from movies, or music via the AppleTV (and iTunes), although I tend to have subtitles on while watching movies to keep the audio at a reasonable level. A squirrel cage fan blows from a distance to keep me cool while riding. To ensure good ANT+ connectivity I’ve located the Garmin USB adaptor to a table next to the bike where it has a short path to the trainer, power meter, and my heart rate strap.

Since I have a Stages power meter on the Vaya, I have the option of using TrainerRoad’s PowerMatch. This uses the on-bike power meter and adjusts the smart trainer so that everything matches. I understand how this will benefit those wanting the same power numbers indoors and out (since no two units match exactly), but I’m still undecided if it’s a good setup for me. I’ll be working that out over the next few rides.

So far this setup is working out very nicely. While expensive initially (almost the cost of a bike) I vastly prefer the feel of a direct drive smart trainer to the fluid trainer with power meter. Both are effective, but I’m really enjoying not having to shift and chase power targets. Both Kristen (she also bought a Hammer) and I are following TrainerRoad plans over the winter, and as it moves into more over-under workouts, especially those with very short high intensity intervals, having a smart trainer is a huge bonus. It’s very difficult to effect radical changes in power and stay on target when shifting and matching speed to a power target. A smart trainer eliminates that need.

Leave a Comment

Goodbye, 2013 El Mariachi Ti

Today it was time to say goodbye to the 2013 Salsa El Mariachi Ti. After getting a warranty replacement for the broken frame then buying and selling and shuffling parts to rebuild it into the beautiful blue 2014 bike, the call tag to have the frame sent back to Salsa still hadn’t arrived… until this week.

Prior to today I’d been storing the frame at my house, hoping against a return, hung on the wall of my office (alternate view) where I’d see it every day. Sure, this is just a bike frame, a mostly-static piece of metal that held together more complicated bits to form a bicycle, but it was also the focal point of a machine on which I experienced an entire range of emotions and adventures.

From finally completing Lumberjack 100 to getting in over my head on the NTN Singletrack in Marquette, from the first trip to Brown County State Park to getting caught in straight-line winds at Stony Creek, from hard and long rides at Poto to all-day adventures from home simply enjoying the local trails… This frame was a big part of what I’ve experienced on a bike. Every time I looked down between my legs or up after a crash, there it was.

183 rides…
5200 miles…
459 hours of glorious movement.

No longer ridable the frame had become art to me. A piece of material embodying memories; a memento. Something to look at every day and remember past good times and think about those coming in the future.

Still, I understand why Salsa doesn’t want broken frames out in the wild, so tomorrow morning I’ll be dropping it off at Rochester Bike Shop where into a box and off to the scrap heap it’ll go. I’ll still have all the great memories, it’ll just be time to find new art for that wall…

…and keep riding.

Leave a Comment

Aluminum Polishing Disappointment

A while back I stupidly put my Bialetti Moka in the dishwasher. Due to the alkaline detergent it discolored and pitted, no longer looking bright and shiny. In an effort to restore its look I researched restoring aluminum cookware that’d been washed in a similar manner and found that polishing with potassium bitartate (cream of tartar) should work well.

In the image above the left panel was the post-dishwasher state, and the right is after a few minutes of polishing with a mixture of equal parts water and potassium bitartate. While a bit of yellowing was removed the aluminum was not returned to its previous shiny state. The appearance change was actually minimal enough that I didn’t bother polishing the rest of the Moka.

I imagine I could remove more of the discoloration and pitting by using some proper metal polish and maybe a buffing wheel, but I’m not going to bother. While the Moka still works fine I was hoping for an easy return to the original shiny appearance. It looks like the recommendation of using cream of tartar didn’t do this.

Leave a Comment

T8 Fluorescent Lamp Retrofit

The fluorescent light fixture in the laundry room had issues, with only two bulbs reliably lighting and a persistent buzzing sound. This is the telltale sign of a failing ballast, and with the bulbs being fairly old (last replaced in 2005) it was time for some work.

The fixture had been fitted with F40 / T12 bulbs and a pair of two-lamp magnetic ballasts. Since these bulbs aren’t being manufactured anymore (this was stopped in mid-2012) I had to move to T8 bulbs. This wasn’t a problem, as I’d been keen to try the Philips F32T8/TL950 high-CRI (98!!!) / 5000K bulbs. Outside of very specialized full spectrum bulbs these seem like the holy grail of daylight lamps. They aren’t readily available in shops in less than 25 packs, but some Amazon sellers have them individually for reasonable prices.

Four bulbs were ordered ($13.32/ea) via Amazon, along with an ICN-4P32-N electronic ballast ($15.60), and this evening I put it all together. Wiring was surprisingly simple, with everything being relatively color-coded and easy to fit. Two old magnetic ballasts were removed, the replacement electronic ballast was fitted / capped / taped, and it was ready to go.

These lamps look great, and the laundry room is now brighter than ever. These lamps look so good that I’m now considering them for over my workbench and trying to find a way to use them in the office. With such a high CRI and daylight-like temperature these should be good for dealing with seasonal affective disorder or just general blue feelings in winter. (Yes, getting out and riding in daylight helps, but that’s not really possible on weekdays…)

1 Comment

Another TrainerRoad Setup

For the past two years I’ve been using TrainerRoad in the basement while riding on a bicycle trainer during the winter months. I’m normally not too keen on getting exercise for its own sake, but I’ve found that sometimes I get feeling grumpy and a bit of exercise, such as riding on a trainer, helps. Along with fatbiking it also helped keep up my fitness over winter, making bike riding in springtime a good bit more fun.

The setup that worked really well for me last year can be seen here, where an old Asus Eee PC (netbook) handled the job of running TrainerRoad and logging data. This worked, but the machine is slow enough that it’d get in my way whenever I needed to update, fiddle with settings, etc. Having some time off work this week and wanting to improve a bit, I decided to see what I could do using spare hardware from around the house.

Using a slightly-more-powerful-than-the-Eee PC Asus EeeBox EB1501 that I’d purchased in an ill-fated attempt to use it as an HTPC I connected it to an old Dell Ultrasharp 2005FPW display that was originally purchased for use with a PowerMac. It was first positioned directly in front of the bicycle — just as the netbook was — but this felt really awkward so I went looking for other options. What I’ve settled on thus far is seen above; the 20″ LCD display placed above the television, showing the relevant data and workout graph. A single computer speaker is placed next to the computer so I can hear the end-of-interval countdown beeps, and the ANT+ USB receiver is placed to be pointed directly at the bicycle.

The mouse and keyboard are wireless, so I should be able to set them near the bicycle and pull them out as needed, but as individual workouts in TrainerRoad are started and paused by pedaling (or stopping) they likely won’t be needed very often. No longer having the laptop and stand in front of the bicycle should allow different positions for the blower fan which helps keep me cool. I’ll probably try straight-on first, since that’d be closest to actually riding outdoors.

My biggest fear with this setup is that there’s some on-screen detail that I’ll miss (overall time, parts of the graph) or I’ll find myself getting off of the bike regularly to adjust something in the application itself. If this doesn’t work out, I might look at something like an older iPad, seeing as TrainerRoad has an iOS app under way now… Or maybe my Nexus 7 tablet, if the Android version is ever released. Either would work nicely on a small handlebar mount and probably be quite efficient to use.

Now if I could only find the irritating tick in the bike when pedaling under load… Maybe that’s a project for tomorrow.

Leave a Comment