Ask Your Question

Need help on filtering

asked 2020-02-01 10:43:13 +0000

danielj gravatar image

updated 2020-02-01 10:43:46 +0000

I'm trying to find out how my smartphone communicates with my weather station, since i have no documentation and want to try and get the data my self. The weather station or smartphone only needs to be on the same LAN for the smartphone to show the weather stations data. No internet connection is required, so i therefore assume that they communicate directly. Furthermore i know the weather station has an API which isn't publically available yet.

To be able to see the packages going between the two, i set up a wifi hotspot using my PC's wifi. I then connected both the weather station and the smartphone to that network, and setup the smartphone to connect to the weather stations given ip address.. This works. I can see the smartphone recieves data from it. So far so good.

Then i simply thought it was just setting wireshark to listen to the created virtual wifi adapter (called Microsoft Wi-Fi Direct Virtual Adapter). I then set the ip.src==smartphoneIP and ip.dst==weatherStationIP .. But it never seems to communicate? I also tried swapping the two, but i cant seem to find the packages im searching for. What am i missing?

edit retag flag offensive close merge delete


So what have you captured? Can you share a capture file, use a public share e.g. Google Drive, DropBox etc. and post a link to the capture back here.

grahamb gravatar imagegrahamb ( 2020-02-01 10:54:06 +0000 )edit

I will save the scan and upload it asap and provide a link here

danielj gravatar imagedanielj ( 2020-02-01 13:48:43 +0000 )edit

Got a package file on this link:

It contains a scan for around 30 - 40 seconds, but the smartphone application is pulling data every 6-7 seconds so should be enough. Smartphone IP is and weather station ip is

danielj gravatar imagedanielj ( 2020-02-01 14:27:02 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-02-01 15:18:00 +0000

grahamb gravatar image

Using a display filter of "ip.addr ==" the only traffic seen with that address is as the source of a UDP broadcast message with some binary data along with a string:

0000   ff ff 12 00 21 a4 cf 12 b4 f7 37 c0 a8 89 1d af   ....!.....7.....
0010   c8 10 47 57 31 30 30 30 41 2d 57 49 46 49 46 37   ..GW1000A-WIFIF7
0020   33 37 f1                                          37.

Not sure if this is the data you're expecting.

edit flag offensive delete link more


Yeah that is also all i can find, but that is only a broadcast the weather station does every 2 seconds for some reason. I just don't get how this works, because i can see live data coming on my smartphone, so how is that able to happen ?

danielj gravatar imagedanielj ( 2020-02-01 15:37:34 +0000 )edit

"is there info available about the api?" Ecowitt GW1000

Info on how the updates come over and people working on an API for the data.

Display filter to clean up capture:

!ssdp and !ip.addr== and !udp.port==54915

(Google says port 54915is Logitech ARX)

Chuckc gravatar imageChuckc ( 2020-02-01 16:29:49 +0000 )edit

The sample capture you provided is only 62 seconds long. If the weather was effectively stable across that period that might explain why the values in the UDP packets remained constant (assuming that the UDP packets actually convey the the weather data)? A longer duration capture might show changes in the some of the bytes in the UDP packets to help reveal their true purpose.

A useful capture might be to capture the weather station as it boots up. Something unique may show up as the system comes online.

You might also want to create a capture before you enable the application on your Smartphone to see if it interacts at all the weather device or if it appears to simply respond to the broadcast packets.

Jim Young gravatar imageJim Young ( 2020-02-02 01:47:49 +0000 )edit

Yes that could've been the issue, but i did notice that the wind changed a lot on my smartphone (as it draws a graph live).

danielj gravatar imagedanielj ( 2020-02-02 09:57:43 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2020-02-01 10:43:13 +0000

Seen: 645 times

Last updated: Feb 01 '20