Odd Network Behaviour - Classic 200

[cabinrob]

I am running a Classic 200 - latest FW.
The Classic reports to MyMidnight through a cellular modem (TurboHub.)
All was running properly.
Until...
There was a big windstorm a few days ago and the cell towers went down.
I regularly check the logs from my router/hub to see what sort of activity is going on.  (Hack attempts etc.)
When I checked the logs after the cell outage, I found a massive number of odd entries:

[Admin login] from source 192.168.1.250  + Date/Time Stamp

My classic has a fixed IP address - and this matches the address for these entries.
There is an entry every 5.5 minutes - which I guess is approx. the period of the Classic sending out its data packet to MyMidnight.

Once the cell connection came back, everything was back to normal.  No strange log entries, MyMidnight showing current data.

So... the question is, what was the Classic trying to do while the cell network was down?
The TurboHub is a NetGear product (MVBR1210C).
There doesn't seem to be any great documentation as to what [Admin Login] means beyond the obvious - that the Classic was trying to log in to the TurboHub.
Seems very odd to me!

Any ideas about what might be going on?

[Westbranch]

the classic does not know that the system is down so it keeps trying to get a connection and will not stop till it gets through to the MM servers.... once it does it should wait about 10 - 20 minutes to try again IIRC

[cabinrob]

That makes complete sense.
But - what the "Admin Login" attempts?
As far as I understand things, the "Admin Login" means that someone is trying to login into the TurboHub as the administrator.
I.e. if I log into the TurboHub, is see this message.
If the Classic is just trying to send out its data, what the heck is it doing trying to log into the router???

[Westbranch]

But - what the "Admin Login" attempts?


Are you using Wireshark?

if so please post the info..  see post 75 here http://kb1uas.com/mnsforum/index.php?topic=2723.75 for what I got.

[cabinrob]

All I have are the router logs.
As I mentioned, as far as I have seen, the only time the "Admin Login" shows up is when I actually do login to the administration pages of the router.

This is an excerpt:

[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 15:06:49
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 15:01:18
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:55:46
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:50:15
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:44:43
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:39:12
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:33:40
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:28:09
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:22:37
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:17:06
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:11:34
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:06:02
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 14:00:31
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 13:54:59
[Admin login] from source 192.168.1.250, Saturday, Dec 26,2015 13:49:28

[Westbranch]

well I don't see any response from the MM server, like the ones I got, second and 4 th lines..  without those responses it will just keep sending the first line of a handshake... when the net was back it got a response...

[cabinrob]

From what you wrote - I would then expect that there would also be at least one log entry (at some  point) even when the cell network is up.
If all that the Classic is doing is attempting a handshake, then I would think that the log would show a different sort of entry.
I have web-cams on the same network.  They send me emails and such, and there is none of this "Admin Login" stuff.
Even when the outside network was down, they were well-behaved.

Also, I don't think that the log is actually showing "retrys."  Each log entry is just over 5 minutes apart.  I believe that each entry is just the (attempt at) normal messaging to the MyMidnight.
If a connection is not available, I think the Classic gives up and tries again at its normally scheduled time.

All of this behaviour is fine.  As I wrote - what I'm hung up on is that the log would have me believe that the Classic was trying to log into the router, not just trying to send a packet/handshake.

[atop8918]

TCP loggers usually use the port number to identify the service that is being requested. I'm guessing that your router defaults all port 80 (http) traffic as an attempt to access its web login if there's not WAN available?
The Classic also advertises on UDP port 0x1212 which may also map to an admin feature of your router?

You could verify but unplugging the WAN end of your modem and trying to access mymidnite from any web browser and check the log again.

You can also filter the logs during normal operation and see if you see the same log entry. If in doubt, run wireshark and you should be able to see everything the Classic is trying to do on your network.

[TomW]

TCP loggers usually use the port number to identify the service that is being requested. I'm guessing that your router defaults all port 80 (http) traffic as an attempt to access its web login if there's not WAN available?
The Classic also advertises on UDP port 0x1212 which may also map to an admin feature of your router?

You could verify but unplugging the WAN end of your modem and trying to access mymidnite from any web browser and check the log again.

You can also filter the logs during normal operation and see if you see the same log entry. If in doubt, run wireshark and you should be able to see everything the Classic is trying to do on your network.

I agree here and have one U.S. Dollar that says it is a "generic" log entry for the  attempt to log in to Mymidnite being redirected to the router itself?


Or not??

Worth a 5 minute test I would think?

Error messages can be completely useless sometimes as far as cause is concerned.  More so if translated from Chinglish via something like Google Translate.


Tom

[cabinrob]

My system is at a remote cabin - so I won't be able to debug anything until I'm back up there.
Hopefully the snow/ice conditions will allow this soon.

I've got Wireshark  running on my laptop - so I'll take it along and we'll see if anything interesting shows up.
Thanks for the feedback.

[atop8918]

As many on the forum will testify, the Classic's networking is mediocre at best and barely function at worst.
There isn't really any room in there for a router or network hacking when most folks are having trouble with the Local Application and MyMidNite scraping by. I'm not that smart.

[dgd]

As many on the forum will testify, the Classic's networking is mediocre at best and barely function at worst.

Since the work done by you and boB on FW 2079 the Classic networking is now IMHO neither mediocre or non functioning.
TCP connections now appear reliable and I have not experienced any Classic crashes/hang ups etc

Can't comment on LA or MyMN

dgd

[Resthome]

As many on the forum will testify, the Classic's networking is mediocre at best and barely function at worst.

Since the work done by you and boB on FW 2079 the Classic networking is now IMHO neither mediocre or non functioning.
TCP connections now appear reliable and I have not experienced any Classic crashes/hang ups etc

Can't comment on LA or MyMN

dgd

So are we saying any Network issues with the LA or MM are now no longer the fault of the Classic with FW 2079 but something else? You might be able to say that if the data is being extracted in exactly the same way in all cases including the Black Box projects, the LA and MN and I don't know if that is in fact the case. We know that the LA is dependent on Adobe AIR which is probably not the case with any Black Box efforts. And we know that MM uses an encrypted port that no one else is using.

While I am sure that every local network configuration ranges from simple to complex in my case it is very simple and can be eliminated from being the root cause since in the past I have seen the disconnects with a dedicated connection between the Classic and the Laptop with directly connected Ethernet cable.

It is great to know that a few Black Box folks are no longer seeing the network issues of the past. Just not sure we have enough data points one way or the other at this point. Hopefully more input will be forth coming.

Still reserving my experience with the FW 2079 and the LA until the spring.

[dgd]

Hi John,

Your observations are correct and it is probably too soon to say that the Classic's ethernet is now 100% fixed and functional.

So far I have not encountered any crash issues with either the ethernet connection or the Classic.

However, I do not use the App or MyMN, so my testing is limited to my 'blackbox' web system
Anyway, no doubt time will tell

dgd

[Halfcrazy]

My opinion so far is that the new My MidNite is sending back a corrupt header and locking the network stack in the Classic. Of course this is from my testing only, but I do not think any one has said they are having this issue with "WEB ACCESS" Disabled. I have disabled web access on all of mine and they are still going strong. I typically do not use the LA or MM I use a program a buddy made.