[pjsg]

I'd pcap a bunch of the traffic -- in particular the DNS requests -- that will tell you where it is connecting. Hopefully it is using TLS, and then the SNI headers can give you more information.

I run a local DNS resolver and so I capture all the lookup responses so that I can turn IP addresses back into names. Depending on what firewall/router you have, you may be able to log connections. I use a locally hosted free Gravwell process to grab these logs and correlate with the DNS queries to find which systems are talking to where. If your home network is like mine, then there are probably a bunch of systems that you want to block from talking outside.

[Johnie]

For those interested, you can setup tcpdump on Asus router pretty easily to monitor traffic going through the router. You don't even need to mess with the firmware on the router.

1. Install Entware https://github.com/Entware/Entware/wiki/Install-on-Asus-stoc...

2. Then install tcpdump: `opkg install tcpdump`

From there, you can monitor any traffic going through your router.

[Johnie]

Right now it looks like it has stopped uploading data.

Looking at my router log, the only web history request is:

2024-1-08 19:44:10 LG_Smart_Laundry2_open aic-common.lgthinq.com

This was likely after I had removed it from my main wifi and reconnected it to a segregated wifi. I don't see any logs for prior to this point.

[somerandomqaguy]

Might be legit, LG ThinQ is their smart appliance page. And aic-common.lgthinq.com is registered to LG.

Genuinely unsure what would be taking that much data though but honestly my first guess is a bug of some kind. Kind of wondering if the App has some sort of issue reporting page on it, might be worth sending in something about it. Might not get a response, it but could get some gears turning on their end behind the scenes.

[runjake]

https://gist.github.com/Jonathan727/9ef58e7a64806d1e01112b20...