Those addresses are all in AWS address space, according to whois. As a previous commenter suggested, it might just be NTP. Did you notice what port the communication was happening over?
Have you considered popping the case and seeing if there is a serial console port on their wifi module? It's reasonably likely it is running some ancient version of linux. Is there an FCC-ID on the case? On Tue, Jan 4, 2022 at 6:49 PM Chuck Hast <[email protected]> wrote: > > Well folks, I was able to get wireshark on the thermostat. I found > that it is trying to contact these addresses: > 54.209.187.172 > 107.21.255.187 > 3.214.34.120 > Right now none are reachable. I am trying to figure out why this > thermostat is trying to reach those addresses. > When I do a whois, they come up as being hosted on Amazon... > I wonder if one of them comes awake every so often and the > thermostat gets the connection and receives a TZ change... So > far I have not been able to catch it doing so. > When I bought the unit I intentionally did NOT try to use the > cloud service, I have tried to get proper communications with > Radio Thermostat but so far only idiots... And they do not have > a published telephone number. > > > On Tue, Jan 4, 2022 at 4:53 PM Chuck Hast <[email protected]> wrote: > > > More info, this was the reply I got from the manufacturer > > -----------------------SoF------------------------------------------ > > Radio Thermostat <[email protected]> > > 1:10 PM (3 hours ago) > > to Info, me > > Hi, > > > > If you are sure you have a WiFi module in the thermostat Model - RTMV-01 > > > > Then check out the following to see and correct the time zone so the > > thermostat will have the correct time: > > > > How to change time zone > > > > First go to the web portal via a browser > > *https://my.radiothermostat.com/rtcoa/login.html > > <https://my.radiothermostat.com/rtcoa/login.html>* > > > > (Note you will need to use the desktop version of the web site) > > > > Then log in and go to the person (then select location) > > > > select the location you want and click edit > > > > Go to the pull down for time zone and select your time zone > > > > Then click save > > > > > > -----------------------------------EoF--------------------------------- > > This is exactly what I have tried to avoid, I never registered > > the thermostat with their cloud. I have my personal reasons > > for not wanting my devices on someone's cloud if I can avoid > > it. in this case that is exactly what I have tried to do. > > > > Now meantime, since the thermostat IP is static, I went into > > the firewall and set up a rule to drop any packets to/from > > the thermostat. No more time change, and I did that well over > > and hour ago. I can still control the device on my LAN just > > dropping whatever is trying to reach the thermostat. > > > > This brings up the question, of who/what is it? I never > > registered the device with their cloud, indeed I bought > > it because it was one of the thermostats that did not > > require you to use an outside network to access it, (I am > > looking at you Honeywell, Nest and all of the rest of the > > cloud only based devices). Now to see if I can get Wire > > shark on a part of the network that can see that device. > > Suspend the rule and try to catch the packet session. > > > > > > On Tue, Jan 4, 2022 at 9:41 AM Chuck Hast <[email protected]> wrote: > > > >> Sorry, should have, not there is not. But the interesting thing > >> is that as long as it cannot contact the network there is no > >> time change. I think I am going to go into the firewall and > >> make it drop all packets to/from the device and see what > >> happens. If that takes care of it then maybe allow it to talk > >> on the LAN but drop anything going to/from it on the WAN > >> side. I would like to see what it is talking to. So far I have > >> not been able to catch it. > >> > >> On Mon, Jan 3, 2022 at 11:00 PM Erik Lane <[email protected]> wrote: > >> > >>> You don't mention this, but since it's always 2 hours, is there a time > >>> zone > >>> setting in there that has gotten off? Maybe it's talking to a NTP server? > >>> > >>> On Mon, Jan 3, 2022 at 8:49 PM Chuck Hast <[email protected]> wrote: > >>> > >>> > Folks, > >>> > Not sure where to take this but figured that I would get more > >>> > info here. > >>> > > >>> > I have a RadioThermostat CT80. I have had it now for several > >>> > years. As the summer wound down. I shut down the A/C and > >>> > opened the windows in the house. Then in Nov I needed to fire > >>> > up the heating, all appeared to be well, but I noticed that the > >>> > thermostat clock was 2 hours slow. I set it and a while > >>> > later see that it has lost 2 hours again. > >>> > > >>> > I have a home automation system. I checked the logs, and > >>> > contacted the author. He has a CT50 which has fewer bells > >>> > and whistles than mine but same unit. Anyhow he gave me > >>> > some guidance, in the end I shut down the HA system and it > >>> > still would drop the 2 hours, I powered the thermostat down > >>> > and removed the WiFi radio, powered it back up, it ran about > >>> > 4 hours (about 3 hours longer) and never dropped the 2 hours. > >>> > Normally it will go between 20 minutes and an hour after I > >>> > have set it to the correct time, then drop back to the incorrect > >>> > time. So this appears to indicated that it is either something > >>> > on the network that is doing the time change or something in > >>> > the WiFi radio. > >>> > > >>> > I am trying to sniff the network and see if I can catch any > >>> > weird packets. But this is one I have not done before. > >>> > > >>> > My router is a Mikrotik 2011, and I have been trying to use > >>> > the tools on it to try to monitor the IP address of the thermo- > >>> > stat and try to see if it is talking to something else. So far > >>> > no joy. > >>> > > >>> > I am wondering about getting wire shark in there and trying > >>> > to filter those packets that way as I am not having much luck > >>> > with the Mikrotik tools > >>> > > >>> > Any recommendations? > >>> > -- > >>> > > >>> > Chuck Hast -- KP4DJT -- > >>> > I can do all things through Christ which strengtheneth me. > >>> > Ph 4:13 KJV > >>> > Todo lo puedo en Cristo que me fortalece. > >>> > Fil 4:13 RVR1960 > >>> > > >>> > >> > >> > >> -- > >> > >> Chuck Hast -- KP4DJT -- > >> I can do all things through Christ which strengtheneth me. > >> Ph 4:13 KJV > >> Todo lo puedo en Cristo que me fortalece. > >> Fil 4:13 RVR1960 > >> > >> > > > > -- > > > > Chuck Hast -- KP4DJT -- > > I can do all things through Christ which strengtheneth me. > > Ph 4:13 KJV > > Todo lo puedo en Cristo que me fortalece. > > Fil 4:13 RVR1960 > > > > > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960
