Interceptor not sniffing packets, router configured correctly

[Kev D]

Hi all,

I am tearing my hair out trying to get the interceptor driver to capture data. I have been searching this forum for days and I am simply out of ideas. Here is a brief description of my current issue.

• Weather station WS21902a with an IP of 192.168.0.198
• RPII with a fresh copy of Weewx / Interceptor dirver with an IP of 192.168.0.6
• Configured my USG with the following (No iptables with UniFi Security Gateway 3P):

<code> 

{  

   "service":{  

      "nat":{  

         "rule":{  

            "4500":{  

               "description":"ws-highjack",

               "destination":{  

                  "port":"80"

               },

               "inbound-interface":"eth1",

               "inside-address":{  

                  "address":"192.168.0.6",

                  "port":"80"

               },

               "protocol":"tcp",

               "source":{  

                  "address":"192.168.0.198"

               },

               "type":"destination"

            }

         }

      }

   }

}

</code> 

• Can confirm the NAT rule is working as configured as the hit count continues to climb:

rule  count       type  IN        OUT       description

----  ----------  ----  --------  --------  -----------

4500  38          DST   eth1      -         ws-highjack

• On the Pi, I run the following command with no return of information: sudo PYTHONPATH=/usr/share/weewx python /usr/share/weewx/user/interceptor.py --device=observer --mode=sniff --iface=eth0 --filter="src 192.168.0.6 and dst port 80" --debug

I am confident that the router is configured properly, but no matter what I try I simply cannot get the interceptor driver to capture any data. On a side note, I am also running PIHole on this device, but I had changed the admin console listening port away from port 80. Does anyone have any ideas for me? 

Thanks in advance,

Kev

[mwall]

On Monday, April 22, 2019 at 3:09:22 PM UTC-4, Kev D wrote:

I am confident that the router is configured properly, but no matter what I try I simply cannot get the interceptor driver to capture any data. On a side note, I am also running PIHole on this device, but I had changed the admin console listening port away from port 80. Does anyone have any ideas for me? 

do you want the observer to send directly to wu, with weewx just sniffing?

or do you want the observer to send directly to weewx?

if you want the former, then the interceptor should be in sniff mode, and you need to configure the router so that weewx can see the traffic from the observer.

if you want the latter, then you need to hijack dns so that queries for the weather underground servers resolve to the machine running weewx.

m 

[Kev D]

The goal is to continue to send to wu while sniffing from weewx. I had the router configured to the point where anything from the weather station IP was sent to the observer and still would not sniff (WU site even had it showing offline because of this). Maybe I should go the DNS hijack route then just have weewx send the data to wu. Would this mean I need to change the observer to listen mode rather than sniff?

Thanks,

Kev

[Kevin De Lucca]

One thing I am confused on, the Weewx logs appear to be seeing data but the interceptor is not. I assume since I routed all data coming from the weather station IP to weewx this would have to be data from the WS right? When I disable this routing it will just return "empty queue". I feel like I am missing something here.

[Kev D]

Another update: To eliminate any possible interference, I spun up an Ubuntu VM to continue testing. This is the current setup:

Weather station: 192.168.0.7

Unbuntu/WeeWx/Interceptor: 192.168.0.8

I can confirm the router is sending data from the weather station to the server as I when I run TCDUMP, you can see the data coming from 192.168.0.7

However, when I call the interceptor driver directly it does not capture any of this data. This is both in sniff and listen modes. Does anyone know what I missing?

Thanks in advance,

Kev

[Kev D]

I believe I found the issue, it appears the WS2902 needs to handshake with the internet before you can sniff any real data. With my current NAT setup, it is routing all data to the driver without seeing the internet first. Unfortunately, I cannot run the below IP table as my UniFi gateway does not recognize   '--tee'  

iptables -t mangle -A PREROUTING  -s 192.168.0.7 -j ROUTE --tee --gw 192.168.0.8

iptables -t mangle -A POSTROUTING -d 192.168.0.7 -j ROUTE --tee --gw 192.168.0.8

So it looks like I am SOL with this current setup unless someone has another idea. 

Thanks,

Kev

[Leon Shaner]

Kev,

MAYBE you need a good old fashioned hub in the middle.

A switch does jack to jack / port to port optimizations such that not every packet is seen on every jack.   Also, if WiFi is involved and you have more than one access point, and the weather station and your weewx host are not connected via the same access point (or one is wired and the other is WiFi and there is a switch in the middle), then they too will be subject to the jack to jack / port to port optimizations at the switch.

I say this because your weather station is sending to the server and your weewx interceptor is a "third-party" and your switch has no reason to think the conversation between the weather station and the server should be "shared" with your weewx host.

Regards,

Leon

--

Leon Shaner :: Dearborn, Michigan (iPad Pro)

On Apr 24, 2019, at 3:54 PM, Kev D <kevs...@gmail.com> wrote:

Another update: To eliminate any possible interference, I spun up an Ubuntu VM to continue testing. This is the current setup:

Weather station: 192.168.0.7

Unbuntu/WeeWx/Interceptor: 192.168.0.8

I can confirm the router is sending data from the weather station to the server as I when I run TCDUMP, you can see the data coming from 192.168.0.7

However, when I call the interceptor driver directly it does not capture any of this data. This is both in sniff and listen modes. Does anyone know what I missing?

<Capture.JPG>

Thanks in advance,

Kev

On Tuesday, April 23, 2019 at 9:56:12 AM UTC-4, Kev D wrote:

One thing I am confused on, the Weewx logs appear to be seeing data but the interceptor is not. I assume since I routed all data coming from the weather station IP to weewx this would have to be data from the WS right? When I disable this routing it will just return "empty queue". I feel like I am missing something here.

On Tuesday, April 23, 2019 at 9:30:23 AM UTC-4, Kevin De Lucca wrote:

The goal is to continue to send to wu while sniffing from weewx. I had the router configured to the point where anything from the weather station IP was sent to the observer and still would not sniff (WU site even had it showing offline because of this). Maybe I should go the DNS hijack route then just have weewx send the data to wu. Would this mean I need to change the observer to listen mode rather than sniff?

Thanks,

Kev

On Tuesday, April 23, 2019 at 9:24:17 AM UTC-4, mwall wrote:

On Monday, April 22, 2019 at 3:09:22 PM UTC-4, Kev D wrote:

I am confident that the router is configured properly, but no matter what I try I simply cannot get the interceptor driver to capture any data. On a side note, I am also running PIHole on this device, but I had changed the admin console listening port away from port 80. Does anyone have any ideas for me? 

do you want the observer to send directly to wu, with weewx just sniffing?

or do you want the observer to send directly to weewx?

if you want the former, then the interceptor should be in sniff mode, and you need to configure the router so that weewx can see the traffic from the observer.

if you want the latter, then you need to hijack dns so that queries for the weather underground servers resolve to the machine running weewx.

m 

--
You received this message because you are subscribed to the Google Groups "weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

<Capture.JPG>

[Kevin De Lucca]

Hi Leon,

Thanks for the response, I am actually in the process of placing my old router (which this setup worked perfectly with prior to upgrading) in front of the the station to achieve this. Although I am already encountering issues as I cannot apply iptables on it unless it’s the active gateway but I need to play with it more. As for my switch, it is unmanaged and I am not able to control any ports individually. 

Ideally, I would love to limit the amount of equipment running but I think I am most frustrated my new fancy USG can’t handle some simple iptables.

-Kev

You received this message because you are subscribed to a topic in the Google Groups "weewx-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/weewx-user/_qMRI3u0Ef8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to weewx-user+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Kevin De Lucca

[Kev D]

Hi all,

Just an update, I have figured out a solution to my issues. Instead of forcing the data from the WS to the WeeWx server, I turned the WeeWx server into a gateway just for WS traffic, here are the steps I performed in case someone needs the same solution.

Environment: 

Ubuntu VM running WeeWx / Interceptor. IP:192.168.0.8

WS2902a Weather station: IP: 192.168.0.7

Router: UniFi Security Gateway 3P

First I assigned the WS a static IP and gateway to force it to my Ubuntu server:

configure

set service dhcp-server shared-network-name net_LAN_eth1_192.168.0.0-24 subnet 192.168.0.0/24 static-mapping client1 mac-address 00:00:00:00:00:00

set service dhcp-server shared-network-name net_LAN_eth1_192.168.0.0-24 subnet 192.168.0.0/24 static-mapping client1 ip-address 192.168.0.7

set service dhcp-server shared-network-name net_LAN_eth1_192.168.0.0-24 subnet 192.168.0.0/24 static-mapping client1 static-mapping-parameters  "option routers 192.168.0.8;"

commit;save;exit

Then applied this to the config.gateway.json file to keep settings between reboots and provisions:

{

"service": {

"dhcp-server": {

"shared-network-name": {

"net_LAN_eth1_192.168.0.0-24": {

"subnet": {

"192.168.0.0/24": {

"static-mapping": {

"client1": {

"ip-address": "192.168.0.7",

"mac-address": "00:00:00:00:00:00",

"static-mapping-parameters": [

"option routers 192.168.0.8;"

]

}

}

}

}

}

}

}

}

}

Next, on the Ubuntu server I applied the following(eth1 interface set static to 0.8):

sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.7 -i eth1 -j ACCEPT

iptables -A FORWARD -s 192.168.0.7 -d 192.168.0.8 -eth1 -j ACCEPT

After the above was applied I am able to pass WS all data through the server to the internet in order to sniff the packets accordingly. Thanks for everyone's assistance and I hope my solution can help someone else in a similar situation :)

Cheers,

Kev

On Wednesday, April 24, 2019 at 7:26:48 PM UTC-4, Kev D wrote:

Hi Leon,

Thanks for the response, I am actually in the process of placing my old router (which this setup worked perfectly with prior to upgrading) in front of the the station to achieve this. Although I am already encountering issues as I cannot apply iptables on it unless it’s the active gateway but I need to play with it more. As for my switch, it is unmanaged and I am not able to control any ports individually. 

Ideally, I would love to limit the amount of equipment running but I think I am most frustrated my new fancy USG can’t handle some simple iptables.

-Kev

On Wed, Apr 24, 2019 at 19:13 Leon Shaner <le...@isylum.org> wrote:

Kev,

MAYBE you need a good old fashioned hub in the middle.

A switch does jack to jack / port to port optimizations such that not every packet is seen on every jack.   Also, if WiFi is involved and you have more than one access point, and the weather station and your weewx host are not connected via the same access point (or one is wired and the other is WiFi and there is a switch in the middle), then they too will be subject to the jack to jack / port to port optimizations at the switch.

I say this because your weather station is sending to the server and your weewx interceptor is a "third-party" and your switch has no reason to think the conversation between the weather station and the server should be "shared" with your weewx host.

Regards,

Leon

--

Leon Shaner :: Dearborn, Michigan (iPad Pro)

On Apr 24, 2019, at 3:54 PM, Kev D <> wrote:

Another update: To eliminate any possible interference, I spun up an Ubuntu VM to continue testing. This is the current setup:

Weather station: 192.168.0.7

Unbuntu/WeeWx/Interceptor: 192.168.0.8

I can confirm the router is sending data from the weather station to the server as I when I run TCDUMP, you can see the data coming from 192.168.0.7

However, when I call the interceptor driver directly it does not capture any of this data. This is both in sniff and listen modes. Does anyone know what I missing?

<Capture.JPG>

Thanks in advance,

Kev

On Tuesday, April 23, 2019 at 9:56:12 AM UTC-4, Kev D wrote:

One thing I am confused on, the Weewx logs appear to be seeing data but the interceptor is not. I assume since I routed all data coming from the weather station IP to weewx this would have to be data from the WS right? When I disable this routing it will just return "empty queue". I feel like I am missing something here.