Things I Learned in Quarantine - Part 5: Detecting "wonky" network traffic with piHole
A few weeks ago I covered installing your own DNS server in your home as a method of blocking advertising across all your devices without having to modify anything on those who are connected to your network via wifi or ethernet. Since posting that article I've made a few notes about what you can expect and even a couple of surprises.
The most noticeable thing is that everything I do feels faster - my XBOX games load faster, websites load faster and in general pages are easier to read - although on many sites where an ad appeared I see an error message. It's not quite the same experience as having the element blocked with AdPlus in a browser that removes the space because you still get a box (which is why I still recommend running both on your computers), its just not burdened with the overhead of tracking and an image. I do love that I can play ad-supported games and have an ad-free experience.
Another thing that came up is there are some times where ad blocking interferes with an activity. This is can happen when I am streaming services like AMC to watch the latest season of Killing Eve. I haven't been able to isolate exactly what causes the video to freeze at times, but my solution is to use an app called "FlutterHole" where I can remotely disable all ad blocking for a period of time. Using the app and disabling the ad blocking for a few minutes gets me running again (or sometimes I have to shut it down for the time I am streaming).
Around the second week I started to notice some unusual activity. I was running around 52% of my URLs being blocked, which seemed kind of high.
and when I looked at the top domains being blocked, it was always disproportionately one site - amplitude.com - an ad tracking network.
and when I looked at the devices being blocked, it was largely this one device:
Obviously this is an Amazon device - but I didn't know which one. Was it Alexa (I have 5 of those) or was it a fire stick (I have 6 of those in the house)? Because these are devices I don't have access to look up their addresses on, I had to go about this by getting the ip address using ping and then I just unplugged devices until I had a broken connection. In this case I determined that the device was an Amazon Fire stick. Reading articles by googling the issue, I was able to find out that some fire sticks will ping amplitude.com endlessly, even when not in use or when you think it is turned off. The only solution was to unplug the device when I wasn't using it. I will note this only happened on one of the 5 fire sticks in use. Once I did that, traffic on my DNS server dropped considerably.
However, then a second issue became obvious. During the evening hours I had a ton of requests going through when nothing was being used. In this case I was able to isolate a machine that was running VPN software. The software would time out and drop the connection after 8 hours, but without shutting it down, it would just endlessly ping a destination that was no longer connected. Shutting down the VPN when it wasn't being used resolved this issue.
And now we're seeing a more "normal" picture - about a third of my URL requests are being blocked as tracking or ads and you can see that during periods of inactivity the requests are much lower (but its not like your devices are just sitting there doing nothing!).
I would highly recommend that people with even a moderate skill level around devices consider installing a home DNS server and you can use my tutorial - Things I Learned While Quarantined: Setting up an ad-blocking DNS server in your home in 30 minutes - as a guide. You may have a little tweaking to do along the way as I did, but overall the experience you get from doing so is worth it. Take back your time, stop giving your data to the ad networks and get some insights in how your devices are tracking you by using these tools.
There is one more piece of functionality I've considered doing - adding network routing through my Pi device. This would allow me to monitor bandwidth utilization per ip address. Keep an eye out, that may become a lesson in the near future.
Stay safe and healthy - if you have any questions or comments, please feel free to post below.