How to Sniff Packets Going to a Single Host?

[ch...@chrismaness.com]

Ok, in my effort to trouble shoot the hit/miss issue of my server.  I am

now suspecting that the packets that it passes are sometimes malformed. 
Unless other people have issues with their packets not showing up.  I
would like to record whole packets going to cwop.aprs.net:23 and only
those packets.  What command can I use to capture the all of the packets
with all of their payloads?


Thanks,

Chris KQ6UP

[gjr80]

You already have it in your log:

Apr 26 14:10:27 raspberrypi weewx[12666]: restx: CWOP: packet: KQ6UP>APRS,TCPIP*:@262110z3401.26N/11718.84W_241/007g017t098r000p000P000b10150h22L774.weewx-3.9.2-Interceptor#015
Apr 26 14:10:28 raspberrypi weewx[12666]: restx: CWOP: Connected to server cwop.aprs.net:23

Gary

[ch...@chrismaness.com]

On 4/26/20 3:45 PM, gjr80 wrote:

You already have it in your log:

Apr 26 14:10:27 raspberrypi weewx[12666]: restx: CWOP: packet: KQ6UP>APRS,TCPIP*:@262110z3401.26N/11718.84W_241/007g017t098r000p000P000b10150h22L774.weewx-3.9.2-Interceptor#015
Apr 26 14:10:28 raspberrypi weewx[12666]: restx: CWOP: Connected to server cwop.aprs.net:23

Gary

Could you look over those and see if they are malformed?  Not sure why the always seemed to get accepted, but don't wind up on Findu-> KQ6UP.  I have several successfully posted for the past hour using the single server cwop.aprs.net:23.  Let's cross our fingers and hope it keeps it up.  However, it is not very satisfying to never figure out what was actually messing up.

Thanks,

Chris KQ6UP

[Chris Maness]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Poop, 16:00 did not post.  Here is the packet.  Any issues with it?

Apr 26 16:00:16 raspberrypi weewx[12666]: restx: CWOP: packet: KQ6UP>APRS,TCPIP*:@262300z3401.26N/11718.84W_313/007g015t096r000p000P000b10143h24L488.weewx-3.9.2-Interceptor#015

Chris KQ6UP

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEEHDQAmr+JUZpC9koAp9HNPRAPZfoFAl6mFQYWHGNocmlzQGNo

cmlzbWFuZXNzLmNvbQAKCRCn0c09EA9l+sjXD/9rYRrIG6HO0oD4ipP52SwFDAAb

4r96rjvEhovnLlDaW9xikg1Uz8aeQniWVehxIMi2a+URX3zc3bKXDndPrMv7iwmN

nrL4JVvPFcbTRafvEOx/aYQ0kDvLmd1C4Yg/tnxAoZi3ZYOI9kilwzFf1ogLc2nW

cvvm8IHtrcsTCjfdwaBG2SUxb004FOye5zh9tOA0MykDDuxrpHeFdza2DOAjoDOI

5cXpwlQFSrfMveNWNYpD2E9F+gbFOREvtPfacqlyJaF2joDjq/ezf+RJ5qpMG5LU

wbmSxziSZvtPWd7yy3/XXBUQtQB+sxG58oTWSH2lfUUzOZWqwXexRSlwyC5MyXg0

qRkXf+b7MouiugoVT0cXHqn6lK0e2PwcQl1sT1SlcgVhAOOm0YdKoGVShOMwLidV

oSo80tW+Lxs2S6e3FgIPis93nIRfwH/UIYMWN6NNPJUf5KJ+jeRZDjSUxHYZ+Mnb

SFtLn5uVEw6AAFaCJF7w/mjnzeYIsrN4sXAWAKi1ZcLCp8r9qvQa8mxAx8k5L5aQ

1gSJXskWJoxQKFAP9vMrFSHwN/BBcJcQFLaQSogqz8sMLXKxD08JG8vYNmBS0U1a

Ma3nPAncPzhkV7/pWRWbCTgsKeJpjYFiMfCUd8v4+4upLqVLA1ZQpJEZ2WmpEvCl

h5siLMcS6MtZ3gCgBQ==

=tsi3

-----END PGP SIGNATURE-----

[ch...@chrismaness.com]

On 4/26/20 4:13 PM, Chris Maness wrote:
>
> Hash: SHA256
>
>
> Poop, 16:00 did not post.  Here is the packet.  Any issues with it?
>
>
> Apr 26 16:00:16 raspberrypi weewx[12666]: restx: CWOP: packet:
> KQ6UP>APRS,TCPIP*:@262300z3401.26N/11718.84W_313/007g015t096r000p000P000b10143h24L488.weewx-3.9.2-Interceptor#015
>
>
> Chris KQ6UP
>

I should say they posted, but did not show up on the APRS network (findu
or APRS.fi).

Chris KQ6UP

[Tom Keffer]

Looks normal to me.

Chris: the CWOP code has been working for over 10 years on thousands of stations worldwide. It's possible there is an issue with it, but very unlikely.

Far more likely is that you have a network configuration issue. Does your router allow port 14580 to pass?

--
You received this message because you are subscribed to the Google Groups "weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/5b72fe57-ec36-4d79-9878-8bc43546e693%40googlegroups.com.

[ch...@chrismaness.com]

On 4/26/20 4:25 PM, Tom Keffer wrote:
> Looks normal to me.
>
> Chris: the CWOP code has been working for over 10 years on thousands
of stations worldwide. It's possible there is an issue with it, but very
unlikely.
>
> Far more likely is that you have a network configuration issue. Does
your router allow port 14580 to pass?

Yes, I tested it with the telnet command.  It connected to 14580 just
fine.  This Raspberry PI tends to have weird connectivity issues if I
use it like a hotspot.  I see my packet does not show up if there are
any timeout warnings.  The odd thing is it seems to make it on the
retry, but if my there was a retry the packet never shows up on APRS.fi
or findu.  Here is some log data:

chris@raspberrypi:~ $ sudo tail -f /var/log/syslog | grep CWOP
Apr 26 16:25:23 raspberrypi weewx[12666]: restx: CWOP: wait interval
(300 < 600) has not passed for record 2020-04-26 16:25:00 PDT (1587943500)
Apr 26 16:30:19 raspberrypi weewx[12666]: restx: CWOP: packet:
KQ6UP>APRS,TCPIP*:@262330z3401.26N/11718.84W_287/007g021t094r000p000P000b10139h24L455.weewx-3.9.2-Interceptor#015
Apr 26 16:30:39 raspberrypi weewx[12666]: restx: CWOP: Attempt 1 to
cwop.aprs.net:23. Connection error: timed out
Apr 26 16:30:39 raspberrypi weewx[12666]: restx: CWOP: Connected to
server cwop.aprs.net:23
Apr 26 16:31:00 raspberrypi weewx[12666]: restx: CWOP: Exception <class
'socket.timeout'> (timed out) when looking for response to packet packet
Apr 26 16:31:00 raspberrypi weewx[12666]: restx: CWOP: Published record
2020-04-26 16:30:00 PDT (1587943800)
Apr 26 16:35:25 raspberrypi weewx[12666]: restx: CWOP: wait interval
(300 < 600) has not passed for record 2020-04-26 16:35:00 PDT (1587944100)
Apr 26 16:40:31 raspberrypi weewx[12666]: restx: CWOP: packet:
KQ6UP>APRS,TCPIP*:@262340z3401.26N/11718.84W_265/008g019t094r000p000P000b10140h23L404.weewx-3.9.2-Interceptor#015
Apr 26 16:40:31 raspberrypi weewx[12666]: restx: CWOP: Connected to
server cwop.aprs.net:23
Apr 26 16:40:51 raspberrypi weewx[12666]: restx: CWOP: Exception <class
'socket.timeout'> (timed out) when looking for response to packet packet
Apr 26 16:40:51 raspberrypi weewx[12666]: restx: CWOP: Published record
2020-04-26 16:40:00 PDT (1587944400)

All these packets are no shows, but if it works on the first go it does
show up.  I had 6 go through in a row, and now these fails.  I wonder if
the PI itself has issues with overheating or something.  When I use it
as a hotspot, it seems fine at first, but then gets crappy and slow
connections.  However, there seems to be an issue with WeeWx or CWOP
re-negotiating connections if the first attempt fails.


Thanks,

Chris KQ6UP

[Greg Troxel]

ch...@chrismaness.com writes:

> All these packets are no shows, but if it works on the first go it does
> show up.  I had 6 go through in a row, and now these fails.  I wonder if
> the PI itself has issues with overheating or something.  When I use it
> as a hotspot, it seems fine at first, but then gets crappy and slow
> connections.  However, there seems to be an issue with WeeWx or CWOP
> re-negotiating connections if the first attempt fails.

I would suggest using tcpdump with the -w option to save a trace, and
then go back over the data to analyze the messages, particularly the
ones that didn't make it. Just run tcpdump with -w, no filters,
because half the point is to see the packets you don't know you are
looking for.

[John Ronan]

Morning,

Apologies, I'm only catching up on posts now

A few days go I noticed that not all CWOP servers are accepting data. I
haven't heard that the issue has been resolved.

I don't have a list to hand, but I'll try and find it.

cwop.ei3rcw.ampr.org is accepting data, you might try testing only on
that one to rule it out.

Cheers

John

EI7IG

On 4/27/20 00:25, Tom Keffer wrote:
> Looks normal to me.
>
> Chris: the CWOP code has been working for over 10 years on thousands
of stations worldwide. It's possible there is an issue with it, but very
unlikely.
>
> Far more likely is that you have a network configuration issue. Does
your router allow port 14580 to pass?
>
> On Sun, Apr 26, 2020 at 4:13 PM Chris Maness
<christoph...@gmail.com <mailto:christoph...@gmail.com>> wrote:
>
> Hash: SHA256
>
>
> Poop, 16:00 did not post.  Here is the packet.  Any issues with it?
>
>
> Apr 26 16:00:16 raspberrypi weewx[12666]: restx: CWOP: packet:
> KQ6UP>APRS,TCPIP*:@262300z3401.26N/11718.84W_313/007g015t096r000p000P000b10143h24L488.weewx-3.9.2-Interceptor#015
>
>
> Chris KQ6UP
>
>

>     --
>     You received this message because you are subscribed to the Google
Groups "weewx-user" group.
>     To unsubscribe from this group and stop receiving emails from it,
send an email to weewx-user+...@googlegroups.com

<mailto:weewx-user+...@googlegroups.com>.

>     To view this discussion on the web visit
https://groups.google.com/d/msgid/weewx-user/5b72fe57-ec36-4d79-9878-8bc43546e693%40googlegroups.com

<https://groups.google.com/d/msgid/weewx-user/5b72fe57-ec36-4d79-9878-8bc43546e693%40googlegroups.com?utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to the Google
Groups "weewx-user" group.
> To unsubscribe from this group and stop receiving emails from it, send
an email to weewx-user+...@googlegroups.com

<mailto:weewx-user+...@googlegroups.com>.

> To view this discussion on the web visit

https://groups.google.com/d/msgid/weewx-user/CAPq0zECDLCrwDfMZQzQo-cz4Lj3UqNKCUm%3DtXS3%2B-K1j1iRwNQ%40mail.gmail.com
<https://groups.google.com/d/msgid/weewx-user/CAPq0zECDLCrwDfMZQzQo-cz4Lj3UqNKCUm%3DtXS3%2B-K1j1iRwNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[ch...@chrismaness.com]

On 4/27/20 1:03 AM, John Ronan wrote:
> Morning,
>
> Apologies, I'm only catching up on posts now
>
> A few days go I noticed that not all CWOP servers are accepting data. I
> haven't heard that the issue has been resolved.
>
> I don't have a list to hand, but I'll try and find it.
>
> cwop.ei3rcw.ampr.org is accepting data, you might try testing only on
> that one to rule it out.
>
> Cheers
>
> John
>
> EI7IG

That would definitely explain it.  Because as far as I can tell all my
posts have been successful, but not all of my packets make it out on the
APRS net.  Also, I have noticed all of the hostnames that I have tried
use round robin DNS to distribute the load, but a handful of CWOP-*
servers are represented in the data.  For example, I might see CWOP-7
and CWOP-3, but other numbers are missing.  That does kind of lead me to
believe that maybe some servers are accepting my posts, but not in turn
relaying them correctly to the APRS network.  I would imagine that
anyone putting their data on the net via inet APRS gateways would be
having the same snaggle tooth data unless they are accessing one known
good server.  I did edit my .conf to only access the ei3rcw node.  Let's
see what happens.  Worst case I can set up a radio packet node.  I do
have a radio and TNC, but I am using it for a PBBS.

Thank you,

Chris KQ6UP

[ch...@chrismaness.com]

On 4/27/20 1:03 AM, John Ronan wrote:

> A few days go I noticed that not all CWOP servers are accepting data. I
> haven't heard that the issue has been resolved.

I think some are accepting data, but fail to pass it along.

>
> I don't have a list to hand, but I'll try and find it.
>
> cwop.ei3rcw.ampr.org is accepting data, you might try testing only on
> that one to rule it out.

I ended up using cwop2.mesowest.org as it is not round robin DNS and
resolves to one IP.  I have had 100% successful published packets for a
few hours.
>
> Cheers
>
> John
>
> EI7IG

So thanks.  I guess there was no problem on my end after all.  That is
unless some gates are tolerating some error in formatting that I have
and others are not.  I don't think that is the case though.  Is there a
CWOP/APRS list I can report these issues?


Thanks,

Chris KQ6UP

[John Kline]

Is there a CWOP/APRS list I can report these issues?

You could try here:

https://www.wxforum.net/index.php?board=15.0

I haven’t read through this whole thread, so perhaps you’ve mentioned this, but are you seeing your packets on MesoWest?

For instance, mine are here:

https://mesowest.utah.edu/cgi-bin/droman/meso_base_dyn.cgi?stn=F4751&unit=0&time=LOCAL

[Christopher Maness]

On 4/27/20 10:50 AM, John Kline wrote:

Is there a CWOP/APRS list I can report these issues?

You could try here:

https://www.wxforum.net/index.php?board=15.0

ok

I haven’t read through this whole thread, so perhaps you’ve mentioned this, but are you seeing your packets on MesoWest?

For instance, mine are here:

https://mesowest.utah.edu/cgi-bin/droman/meso_base_dyn.cgi?stn=F4751&unit=0&time=LOCAL

No, but my wind does not pass muster with QC, and don't currently have the means to mount it 10m above any building because my wife would poop on that idea.  I could maybe relocate my station at the local FD or something.

All the packets are now showing up at FINDU now.  They are not missing a beat since I singled out one known good server.

Thanks,

Chris KQ6UP

[jpronans]

I reported it to one of the Sysops, but I understand remote access is problematic in the current environment.

Regards,

John

EI7IG 

Sent from my Samsung Galaxy smartphone.

[ch...@chrismaness.com]

On 4/27/20 11:05 AM, jpronans wrote:

> I reported it to one of the Sysops, but I understand remote access is
> problematic in the current environment.
>
> Regards,
> John
> EI7IG
>

I also reported this frustrating behavior to:

https://www.wxforum.net/index.php?topic=39321.new#new

Now I can work on improving my WX data quality.  Might have to ask the
local FD if I can mount a mast and an impeller at the local fire
department.  No good spot at my house, but maybe I can remedy that since
I am stuck home with this COVID lock down.  I don't think my wife would
be cool with a 40' mast, but hopefully I can get her to let me post it
up because of the emcomm aspect of having a radio tower.

Thanks for you help,

Chris KQ6UP