log-ingestion.samsungacr.com
So, I was playing around with Wireshark and found this packet. Would someone please explain why "log-ingestion.samsungacr.com" is in the packet? Hopefully the format is clear enough to read.
Potential helpful info:
1. The samsung tv is connected to a router.
2. The router uses the PIA DNS servers and connects to a first router (connected to a cable modem).
3. This first router uses DD-WRT and PIA through openvpn.
Here is the packet. I suspect the Samsung TV is logging the connection through log-ingestion.samsungacr.com
resolver1.privateinternetaccess.com DNS 88 Standard query 0xf9fc A log-ingestion.samsungacr.com
Frame 522: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on interface 0
Ethernet II, Src: SamsungE_ce:c7:50 (cc:b1:1a:ce:c7:50), Dst: XXXX_06:22:e9 (68:1c:a2:06:22:e9)
Internet Protocol Version 4, Src: 192.168.6.101 (192.168.6.101), Dst: resolver1.privateinternetaccess.com (209.222.18.222)
User Datagram Protocol, Src Port: 59154, Dst Port: 53
Source Port: 59154
Destination Port: 53
Length: 54
Checksum: 0x1ded [unverified]
[Checksum Status: Unverified]
[Stream index: 30]
Domain Name System (query)
[Response In: 523]
Transaction ID: 0xf9fc
Flags: 0x0100 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
Queries
log-ingestion.samsungacr.com: type A, class IN
Name: log-ingestion.samsungacr.com
[Name Length: 28]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Potential helpful info:
1. The samsung tv is connected to a router.
2. The router uses the PIA DNS servers and connects to a first router (connected to a cable modem).
3. This first router uses DD-WRT and PIA through openvpn.
Here is the packet. I suspect the Samsung TV is logging the connection through log-ingestion.samsungacr.com
resolver1.privateinternetaccess.com DNS 88 Standard query 0xf9fc A log-ingestion.samsungacr.com
Frame 522: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on interface 0
Ethernet II, Src: SamsungE_ce:c7:50 (cc:b1:1a:ce:c7:50), Dst: XXXX_06:22:e9 (68:1c:a2:06:22:e9)
Internet Protocol Version 4, Src: 192.168.6.101 (192.168.6.101), Dst: resolver1.privateinternetaccess.com (209.222.18.222)
User Datagram Protocol, Src Port: 59154, Dst Port: 53
Source Port: 59154
Destination Port: 53
Length: 54
Checksum: 0x1ded [unverified]
[Checksum Status: Unverified]
[Stream index: 30]
Domain Name System (query)
[Response In: 523]
Transaction ID: 0xf9fc
Flags: 0x0100 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
Queries
log-ingestion.samsungacr.com: type A, class IN
Name: log-ingestion.samsungacr.com
[Name Length: 28]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Comments
This domain is also blocked by both uBlock and MACE.
Seems that it is somewhat known and there's ways to disable it: https://www.consumerreports.org/privacy/how-to-turn-off-smart-tv-snooping-features/
C:\Users|XX\Desktop\log-ingestion.samsungacr.com.pcapng (189 KB)
This is on the Wirshark launch page before selecting a capture. So is it still logging?
I renamed the log file
C:\Users|XX\Desktop\BAKlog-ingestion.samsungacr.com.pcapng (not found)
and now Wireshark reports (not found) for that file. Also strange is that there was no activity in that capture for today, the 17th even though the TV has been on since last night.
Very strange.
Thanks again.