Showing posts from December, 2015

Honeywell RTH9580WF Thermostat - Waiting for Update Deep Dive

I'm still having issues with the Honeywell wifi thermostat (RTH9580WF) displaying "waiting for update" on when the wifi is routed through my proxy server, so I decided to do a deep dive into what the thermostat is doing when it's getting the weather updates. I also wanted to better understand how to trace traffic on my network. Here's what I learned about the thermostats weather updates system by tracing the communication between the thermostat and servers. Currently: Thermostat requests the current weather and 12 hour forecast from a server: . This server appears to run code managed by Honeywell in Microsoft's Azure cloud. Every 15 minutes it makes two port 80 GET requests to the IP address:  (return current weather for location)

Update Arpwatch ethercodes.dat file from IEEE source

I was noticing that many of the Arpwatch notification messages coming back were marked "unknown" for the manufacturer name in the MAC address lookup. I looked at the date of the file in my Ubuntu file system and it was last updated in 2012. Arpwatch uses this file to determine the manufacturer name for a given MAC address prefix. I found a script at this blog post which looked quite promising. A few simple transformations of the file downloaded direct from IEEE, updates from the comments on the blogpost and it was ready to go. I added in the lines to copy the files to the correct locations in Ubuntu's implementation of Arpwatch. Here is the updated script: Here are the basic steps and commands to do it on a terminal session. 1.Create the script using nano (copy and paste the script above) into a file called update_mac_addresses and then run it. nano ~/ 2. Make it executable chmod +x ~/ 3. Execute the script. S