Excessive DHCP traffic to RT-AC66U

[Gepard]

Hi everyone! I'm new here. Have been thinking quite long about upgrading my RT-AC66U firmware to a custom one, since it would be nice with ssh access and be able to have larger control over the router, Ie. traffic shaping and logging the amount of traffic, and perhaps even do speed tests to check if I'm getting what I'm paying for.

Currently running this stock version: 3.0.0.4.376_1123

I forwarded logging on the router to my workstation, and the log is constantly filled with messages like these:

Oct 30 22:51:29 192.168.1.100 kernel: ACCEPT <4>ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:88:43:e1:**:**:**:08:00 <1>SRC=10.242.0.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=45428 PROTO=UDP <1>SPT=67 DPT=68 LEN=308

Now, I'm no an expert - but I'd like to get to the bottom of this, and have this traffic stop. I understand the SRC must be an internal IP on my local network, so currently I'm using the elimination method whereby I turn off each device in turn to see if the traffic stops.

The requests are frequent, perhaps averaging one line in the log pr. second, somtimes more often.

I will keep looking in my house for devices that could be the culprint, but as I'm no expert, I'm not even sure if my analysis of that log entry is correct.

 

[ColinTaylor]

It looks like a DHCP broadcast from your ISP's network. It's on eth0 (the WAN) and it's offering 10.242.0.1. I'm assuming your LAN is something like 192.168.1.x?

The MAC address (88:43:e1: ) belongs to Cisco which is a bit of a giveaway.

 

[Gepard]

It looks like a DHCP broadcast from your ISP's network. It's on eth0 (the WAN) and it's offering 10.242.0.1. I'm assuming your LAN is something like 192.168.1.x?

The MAC address (88:43:e1: ) belongs to Cisco which is a bit of a giveaway.

Hi ColinTaylor,

yes, what you say makes sense. Thanks.

You are correct in the assumption that my local network is 192.168.1.x

The next question then is, should I stop this traffic? Does it take resources away from my broadband connection, or should I just ignore it? I always like to have things done properly, and I don't like it when there are lose ends.

Is there a misconfiguration on my end here?

 

[john9527]

I'm not sure if this only plays a part in lease renewal, but you might try checking that on the WAN/Internet Connection tab, DHCP query frequency is set to Normal.

 

[ColinTaylor]

Without seeing more of the logged traffic (the line you posted is one of a set) and knowing details of your WAN interface (MAC address and IP) it is impossible to be 100% sure.

But in my experience this is just the normal "chatter" that you ISP's equipment is broadcasting on the local node (assuming you're connected to cable/fibre - not sure about ADSL).

If this is the case then there is nothing you can do to change the traffic as it is being generated by your ISP and their other customers in your area.

It doesn't take resources away from your broadband connection (you can't change it anyway) although I suppose that by logging all that traffic you are increasing the load on your router which might have some effect on throughput.