Who is my S talking to?

[Patrick W]

Being curious about who/what my S is communicating with via wifi I've been monitoring the various IP addresses it has send to or received from. I'm surprised that none appear to be Tesla unless Tesla's IPs use names other than Tesla.

Here's a list from the past day or so. Can any of the computer knowledgable folks here tell me if any are Tesla and why the car might be going to the ones it is?

Many thanks!

23.54.253.37 Akamai Technologies, Cambridge, Massachusetts
35.163.76.154 Amazon.com, Boardman, Oregon
45.33.103.94 Linode, Atlanta, Georgia
52.32.53.16 Amazon.com, Boardman, Oregon
54.239.132.12 Amazon.com, Seattle, Washington
96.244.96.19 Verizon Fios Business, Elkridge, Maryland
97.107.128.165 Linode, Newark, New Jersey
129.6.15.30 National Bureau of Standards, Olney, Maryland
171.66.97.126 Stanford University, Stanford, California
172.217.11.238 Google, Jupiter, Florida
173.225.29.66 Digital Fortress, Hawaii
192.168.0.1 Verizon Fios Business, Elkridge, Maryland
198.50.238.156 OVH Hosting, Newark, New Jersey
205.234.31.13 Quality Technology Services Santa Clara, San Mateo, California
208.75.89.4 Trit Networks, New York, New York
212.122.129.20 nacamar GmbH, Germany
216.58.217.10 Google, Mountain View, California
239.255.255.250 Unknown

 

[Terry_B58]

Talkative little beastie isn't it?


On a serious note, I have no idea

 

[cwerdna]

Akamai isn't likely too suspicious. Many companies use them to host content.

See Akamai Technologies - Wikipedia.

129.6.15.30 National Bureau of Standards, Olney, Maryland

That's probably to sync the clock a time server.

A quick Google search turned up NIST Internet Time Service.

 

[AllenWong]

Are you or someone else using the web browser on your Tesla?

One of the IPs is a web address to some guy's personal website. You.DontLike.Us

It's the IP for the domain you.dontlike.us

It lists a bunch of sites hosted on that website, including mayfieldyachtclub.com.

So... maybe you've been on yacht websites and forgot?

Anyway, if it is the case, then it would explain the rest of the IPs, since Google is common for ad distribution, and Akamai/Amazon is a common cloud web hosting service.

This ip looks like it might be part of some Linux time update process: 198.50.238.156

It showed up in a syslog of some guy's Linux install: Install Updates creates fuzzy screen

The line was: Jun 27 10:15:15 toddfamily-desktop ntpd[2073]: Soliciting pool server 198.50.238.156

ntpd is the Network Time Protocol daemon. Meaning linux was trying to update its time. Nothing out of the ordinary.

This ip is properly your router's IP: 192.168.0.1

 

[boaterva]

Amazon is more probably AWS than Amazon the storefront. I bet Tesla hosts some servers there. I hope they do rather than waste money on doing it themselves!

I’ve not seen details on how their insfrastructure is set up, though. Interesting list!

 

[DOCAL]

Being curious about who/what my S is communicating with via wifi I've been monitoring the various IP addresses it has send to or received from. I'm surprised that none appear to be Tesla unless Tesla's IPs use names other than Tesla.

Here's a list from the past day or so. Can any of the computer knowledgable folks here tell me if any are Tesla and why the car might be going to the ones it is?

Many thanks!

23.54.253.37 Akamai Technologies, Cambridge, Massachusetts
35.163.76.154 Amazon.com, Boardman, Oregon
45.33.103.94 Linode, Atlanta, Georgia
52.32.53.16 Amazon.com, Boardman, Oregon
54.239.132.12 Amazon.com, Seattle, Washington
96.244.96.19 Verizon Fios Business, Elkridge, Maryland
97.107.128.165 Linode, Newark, New Jersey
129.6.15.30 National Bureau of Standards, Olney, Maryland
171.66.97.126 Stanford University, Stanford, California
172.217.11.238 Google, Jupiter, Florida
173.225.29.66 Digital Fortress, Hawaii
192.168.0.1 Verizon Fios Business, Elkridge, Maryland
198.50.238.156 OVH Hosting, Newark, New Jersey
205.234.31.13 Quality Technology Services Santa Clara, San Mateo, California
208.75.89.4 Trit Networks, New York, New York
212.122.129.20 nacamar GmbH, Germany
216.58.217.10 Google, Mountain View, California
239.255.255.250 Unknown

Some of it would probably be more obvious if you could list the protocol and port numbers.

The Amazon ones are AWS/EC2 - virtual server hosting.
The Akamai and Cloudfront ones are for content delivery (file hosting).
Not sure what the Google (1e100.net) ones are, maybe map related?
The Stanford, Trit Networks and Bureau of standards are NTP (time) servers.
192.168.0.1 is likely to be your own router.

The last one is interesting though, that's a multicast address, most likely used for UPnP.

If you can get port numbers you'll get more info. Port 123 is NTP, you might find that more of the addresses end up being that.

 

[cwerdna]

192.168.0.1 is likely to be your own router.

Agreed. The whole 192.168.*.* range is reserved for private networks (Private network - Wikipedia) and AFAIK isn't supposed to be routable anyway.

Access point/routers usually use this range for the router itself and to assign addresses via DHCP to clients within this range on the LAN side. And usually the admin pages for routers are in this range (mine on my Asus router is 192.168.1.1). My Motorola cable modem's status page is at 192.168.100.1.

 

[boaterva]

Of course when we say ‘routable’ we computer people mean ‘externally routable’ (on the Internet). There’s nothing not routable about 192.168.0.0 or 10.0.0.0 or the other ‘internal’ networks, they just can’t be used on the Internet since they are for ‘local’ use such as routers and local hosts.

Just wanted to clarify that for the non-network people since we all too often use the shorthand ‘non-routable’ when it’s not strictly true!

 

[Patrick W]

Wow! Thanks for the great replies. Most was "over my head" but I think I got the gist.

I was going to get more data including port numbers but for some reason the car is being very quiet tonight.

 

[jt1657]

I track what application my car is talking to, not just the IP Addresses. I can tell you most of the traffic is NTP, which as stated above is used for syncing clocks. It is talking to google and amazon AWS which I am sure is where Tesla is keeping all the data it collects. The car also uses a Open-VPN application to connect back to Tesla and for the most part is using SSL when it talks so at least it is encrypting the traffic.