Decoding log

asked 2023-07-06 08:30:42 +0000

Moskit
1 ●2 ●1

updated 2023-07-06 09:22:16 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●951 ●227 https://www.wireshark.org

Hi all I`m totally new to this and i need to work out what is sending this package:(sorry cannot attach anything yet) TCP 134 50000 ->1052 [PSH, ACK] Seq=397 Ack=477 Win=65409 Len=80

And the data

0000   00 c0 3a 8d 11 05 00 30 59 03 13 58 08 00 45 00   ..:....0Y..X..E.
0010   00 78 0f 07 40 00 80 06 cd 14 0a 0a 05 29 0a 0a   .x..@........)..
0020   05 28 04 1c c3 50 68 12 31 a8 5e a0 ab 42 50 18   .(...Ph.1.^..BP.
0030   ff 81 06 0d 00 00 3c 63 3e 3c 43 6f 64 65 3e 47   ......<c><Code>G
0040   75 69 53 69 67 6e 61 6c 56 61 6c 75 65 3c 2f 43   uiSignalValue</C
0050   6f 64 65 3e 3c 44 53 3e 31 31 3c 2f 44 53 3e 3c   ode><DS>11</DS><
0060   70 3e 33 31 3c 2f 70 3e 3c 70 3e 31 3c 2f 70 3e   p>31</p><p>1</p>
0070   3c 44 53 3e 33 3c 2f 44 53 3e 3c 70 3e 31 3c 2f   <DS>3</DS><p>1</
0080   70 3e 3c 2f 63 3e                                 p></c>

thanks for any info

answered 2023-07-06 12:49:03 +0000

Chuckc
2888 ●6 ●574 ●20

A search on the MAC addresses (00:30:59:03:13:58, 00:c0:3a:8d:11:05) at the Wireshark oui-lookup:

00:30:59 Kontron Europe GmbH
00:C0:3A duagon Germany GmbH

https://www.kontron.com/en
https://www.duagon.com/

They are both IOT vendors.
Duagon also makes gateways so the destination could be a different device on the other side of it.

Frame 1: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) on interface Fake IF, Import from Hex Dump, id 0
Ethernet II, Src: KontronE_03:13:58 (00:30:59:03:13:58), Dst: duagonGe_8d:11:05 (00:c0:3a:8d:11:05)
Internet Protocol Version 4, Src: 10.10.5.41 (10.10.5.41), Dst: 10.10.5.40 (10.10.5.40)
Transmission Control Protocol, Src Port: 1052, Dst Port: 50000, Seq: 1, Ack: 1, Len: 80
eXtensible Markup Language
    <c>
        <Code>
            GuiSignalValue
            </Code>
        <DS>
            11
            </DS>
        <p>
            31
            </p>
        <p>
            1
            </p>
        <DS>
            3
            </DS>
        <p>
            1
            </p>
        </c>

edit flag offensive delete link

Comments

Do you know what the code actually mean? I`m tying to understand the P and DS meaning

Thanks

Moskit ( 2023-07-06 13:58:10 +0000 )edit

That's device protocol specific so up to the device manufacturer's unless someone has reversed engineered the data

grahamb ( 2023-07-06 14:09:45 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Decoding log

1 Answer

Comments

Your Answer

Question Tools

Stats

Decoding log edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Decoding log