If you look at the list of wired devices attached to the router, you can see the controller. It's MAC address starts with 00:50:C2.
In my case, the address is 192.168.0.9
What's listening there?
matt@Linux2740p:$ sudo nmap -sU -p 53004 192.168.0.9
[sudo] password for matt:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-13 10:05 GMT
Nmap scan report for 192.168.0.9
Host is up (0.0047s latency).
PORT STATE SERVICE
53004/udp open|filtered unknown
MAC Address: 00:50:C2:F4:C0:8C (Ieee Registration Authority - Please see IAB Public Listing for More Information.)
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
matt@Linux2740p:$ sudo nmap -sT 192.168.0.9
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-13 10:05 GMT
Nmap scan report for 192.168.0.9
Host is up (0.0049s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:50:C2:F4:C0:8C (Ieee Registration Authority - Please see IAB Public Listing for More Information.)
Nmap done: 1 IP address (1 host up) scanned in 7.70 seconds
Ah! The controller is listening on UDP as we expected. It also seems to have a TCP service on port 80!
wget returns an index.html file - let's look at the IP address in a web browser.
Interestingly, we have a web interface which I didn't know existed. It allows me to switch the light on or off from the interface, so I know it's working. Now to debug the UDP broadcast.
Possibilities;
1. It's not listening / acting upon UDP broadcasts in the the way it's supposed to.
2. I'm not sending UDP packets the way I'm supposed to.
Let's consider the second possibility first.
matt@Linux2740p:~$ sudo tcpdump -i wlan0 udp port 53004 -X
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:53:25.705798 IP Linux2740p.local.55106 > 192.168.0.9.53004: UDP, length 33
0x0000: 4500 003d 11c0 4000 4011 a790 c0a8 0006 E..=..@.@.......
0x0010: c0a8 0009 d742 cf0c 0029 4da3 3030 3530 .....B...)M.0050
0x0020: 4332 4634 4330 3843 2c31 2c30 3030 4436 C2F4C08C,1,000D6
0x0030: 4630 3030 3233 3833 3045 383b 0a F00023830E8;.
09:54:50.059829 IP Linux2740p.local.45243 > 255.255.255.255.53004: UDP, length 32
0x0000: 4500 003c b5e5 4000 4011 c41d c0a8 0006 E..<..@.@.......
0x0010: ffff ffff b0bb cf0c 0028 c352 4646 4646 .........(.RFFFF
0x0020: 4646 4646 4646 4646 2c31 2c30 3030 6436 FFFFFFFF,1,000d6
0x0030: 6630 3030 3233 3833 3065 383b f00023830e8;
The first case here shows the packets being sent from netcat-openbsd thus;
echo "0050C2F4C08C,1,000D6F00023830E8;" | nc -u 192.168.0.9 53004
The second case is what I get after sending a broadcast from Python.
No comments:
Post a Comment