Seeking advice on an automtion for an unknown MAC address

guice · February 12, 2020, 8:25pm

I have a device on my network I’m trying to identify. It goes offline for the whole day, comes on in the 1am hour for 15 minutes, and it’s gone again…

I want to build some kind of automated task that will trigger when online and run some basic commands to investigate it.

Tips?

It’s under device_tracker.74c246dbe673 - I need to trigger when “home” - run diag commands: nmap it’s ip, run tcpdump on it’s host until it goes offline, and anything else? I’m using nmap device tracker, example attributes:

source_type: router
latitude: 38.80801184504557
longitude: -104.84741628170015
gps_accuracy: 0
scanner: NmapDeviceScanner
ip: 192.168.0.97
friendly_name: Ecovacs DEEBOT
icon: mdi:robot-vacuum

(I have arpscan_tracker, too, but it doesn’t appear to grab the IP Address. )

silvrr · February 12, 2020, 9:00pm

That appears to be a Amazon device.

Can’t help with the rest, I assume its possible to write a script to run each command and send the output to a file.

guice · February 12, 2020, 9:10pm

Oh yeah. I forgot about MAC address lookups.

But still cannot understand why it shows at 1am. Hmm. I’ve already accounted for our Echo Dot and Fire tablet. We don’t have any other Amazon device I can think of … but I’ll start looking there, too.

Wait … My Kindle ! Ha. That might be it. Damn, can’t believe I forgot that one.

guice · February 12, 2020, 9:12pm

That was it! Damn… It makes sense the kindle would drop wifi when not in use.

Thanks, @silvrr

silvrr · February 12, 2020, 9:23pm

These things phone home constantly. My son has one that I see constantly talking to Amazon.

Not sure if its still the case, but in the past if you tried to block this traffic, the device would keep trying over and over until it killed its battery in a short period.

guice · February 12, 2020, 9:31pm

Per HA, it’s only phoning home once a night - my guess is to check firmware or download updates. Only a guess.