Continuous traffic

Hi,

I’ve been using Syncthing to keep two Android phones in sync for quite some time. One is configured to receive only, the other to send only.

A few days ago I’ve noticed that, regardless whether the app is actively syncing or not, the traffic never stops. Not surprisingly, after a while AdGuard starts blocking the overly active IPs (IPv4/IPv6 TCP/UDP/QUIC). A few hours of traffic monitoring shows primarily two “offending” addresses:

  1. 2a0d:5600:60:2::2
  2. 45.128.36.2 and a lookup on “who.is” reveals that both addresses belong to RIPE Network Coordination Centre.

In about an hour AdGuard blocked more than 88,000 requests from these two addresses alone however, the overall CONTINUOUS chatter was significantly higher. Please note that while nothing had changed in my configuration, this crazy traffic is something that occurred recently.

I would really appreciate some input here on what exactly is going on and how to address this. I used to allow traffic as root but since the privilege is not needed I’ve revoked it. No difference though.

Thanks!

Just ftr, both belong to some cloud service provider with a HQ in Chicago.

organisation: ORG-MLC5-RIPE

org-name: M247 Ltd Chicago

Regardless, are you sure that this traffic is Syncthing related?

Yes, Im sure. AdGuard’s logs state it clearly and unequivocally. I would love to post some screenshots but this chat doesn’t seem to allow it.

(To post a screenshot, once it’s been captured, simply copy and paste into the forum editing panel just as in a word processor.)

Are the two Android phones connected to a Wi-Fi, mobile data connection, or both?

RIPE is a internet registrar, so the traffic might be caused by an app doing DNS lookups, including AdGuard itself.

The two phones are connected to the same WiFi.

It’s strange to me that I didn’t have this problem for so long (under the same configuration).

The continuous traffic only occurs on the receiving phone. As for the DNS lookup, are you suggesting that AdGuard itself may have caused this as it may have blocked some DNSs otherwise needed by Syncthing?

My best guess is neither of those addresses have anything to do with Syncthing, unless it happens to be one of your own devices. Also nothing to do with RIPE, other than those being the ones who allocated the addresses to the current user of them.

I still don’t know what caused all this however, I was able to solve it by starting fresh on the receiving phone by wiping data on the Syncthing app and manually recreating all jobs.

Since I did no other changes, I guess it’s safe to assume that neither AdGuard, or RIPE were part of the problem. My guess is that Syncthing configuration somehow got corrupted.

I appreciate the replies anyways! :+1: