Ask Your Question
0

Does anyone know what comunication can this be

asked 2023-05-30 17:12:20 +0000

Miguel Silvestre gravatar image

Hi there im trying to get temperature values sent by a smart temperature sensor over wifi I already was able to read the data sent by the device , but i have no idea what is he sending.

He sends about every 3 seconds a UDP packet to the ip 255.255.255.255 and about every 15 seconds sends a TSLv1.2 followed by a Tcp packet

Does this ring a bell to anyone?

The screnshot and the wireshark file is in the link below: https://drive.google.com/drive/folder...

Thanks, for the help

Miguel Silveltre

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2023-05-30 18:40:13 +0000

Guy Harris gravatar image

The screnshot and the wireshark file is in the link below

The pcapng file is sufficient, and is far better than the screenshot, as it allows the reader to see all the packets and look at them in detail. No need to upload a screenshot of packets if you upload the capture file containing the packets.

He sends about every 3 seconds a UDP packet to the ip 255.255.255.255

To 255.255.255.255, which is the IP addresses for broadcasts on the local network, and to port 6667. Doing a Web search for

broadcasts to port 6667

found this Reddit post, in which somebody makes a comment that "The Tuya Discovery Port is 6667." Tuya is a developer of software for Internet of Things devices, so the smart temperature sensor is probably using their software.

According to this forum post:

The Tuya plugin rely on UDP broadcast traffic on ports 6666 and 6667 only for discovering the devices at startup or when the "Read devices" button is clicked. Once devices are discovered, then UDP is never used anymore, all local control and status updates are done using a TCP connection on port 6668.

so the UDP broadcasts to 6667 are probably just "here I am!" messages, and probably don't contain temperature values.

and about every 15 seconds sends a TSLv1.2 followed by a Tcp packet

They're both TCP packets; some of them are TLS v1.2, and others are just TCP acknowledgments with no data, so they're shown as TCP rather than as TLS v1.2.

The traffic appears to be between the temperature sensor at 192.168.137.48 and some Amazon AWS cloud host ec2-34-213-103-51.us-west-2.compute.a... (34.213.103.51).

Unfortunately, it's TLS traffic, which means it's encrypted. Wireshark can decrypt TLS traffic, but, as that notes, you need additional information, which might be difficult to get.

The TCP port on 192.168.137.48 is 8886; this comment on an issue for Tuya 2.0 firmware says "The switches with the 2.0.0 firmware show connections on 8886, which appears to be MQTT over TLS.".

edit flag offensive delete link more

Comments

Thanks for answering, it really help me.

But i forgot to say that when i recorded the device was already connected to the WiFi, and i was receiving temperature values on my phone. Is it possible that he continues broadcasting "I am here", after connected?

Do you know how can i connect with mqtt to the device without username or password? Where can i get the credential to login the the mqtt network? It is in the broadcasted UDP packets?

I don't know if im asking the right questions

Thanks, for help

Miguel Silvestre gravatar imageMiguel Silvestre ( 2023-05-31 11:00:11 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-05-30 17:12:20 +0000

Seen: 2,655 times

Last updated: May 30 '23