New setup with interceptor driver not getting data
219 views
Skip to first unread message
Robert Turner
Nov 20, 2024, 7:13:27 PM11/20/24
to weewx-user
I have weewx installed and the interceptor driver setup. I have a wifi station that has built in wunderground updating. On my pi the station is connected to the wlan0 which is setup as an accesspoint with routing setup to eth0 which has internet access.
The station is connecting and sending data to wunderground. I can see it constantly updating on the site. With the interceptor driver in sniff it is not getting the data.
I ran the driver directly
sudo PYTHONPATH=/usr/share/weewx python3 interceptor.py --device=wu-client --mode=sniff --iface=wlan0 --filter="src 192.168.5.131 and dst port 80"
The ip address is correct for the station. I let it run for a period of time and don't see any output.
Thanks
vince
Nov 20, 2024, 7:42:42 PM11/20/24
to weewx-user
I would take weewx out of the picture temporarily and try running wireshark and see what it hears, potentially fiddling with those options a bit. In the absence of info on what interface/where has which address, my wild guess is your src address might be wrong perhaps…
Robert Turner
Nov 20, 2024, 8:58:22 PM11/20/24
to weewx-user
Thanks for the help. I am sure the ip is correct. If I use arp -a I can see the device
(192.168.5.131) at 8c:18:d9:72:e1:43 [ether] on wlan0
The weather station is the only device connect to the AP.
I also know that is the DHCP lease given to the station /var/lib/misc/dnsmasq.leases
732239204 8c:18:d9:72:e1:43 192.168.5.131 192 01:8c:18:d9:72:e1:43
I also went ahead and made that lease in dnsmasq.conf so the ip would not change
dhcp-host=8c:18:d9:72:e1:43,192.168.5.131/24
My station is the WS-1001 WIFI from ambient weather. I am starting to think I may not get it to work.
vince
Nov 20, 2024, 9:01:47 PM11/20/24
to weewx-user
Just do what I asked please. See what interface and src address it hears port 80 traffic hyou’re expecting on. It might even be loopback.
Robert Turner
Nov 21, 2024, 7:33:19 AM11/21/24
to weewx-user
Sure thing. I didn't use wireshark. I used tcpdump. I was able to capture the traffic from the station
12:29:05.092789 IP 192.168.5.131.57414 > ec2-54-159-105-134.compute-1.amazonaws.com.http: Flags [.], ack 1, win 68, length 0
12:29:05.101042 IP 192.168.5.131.57414 > ec2-54-159-105-134.compute-1.amazonaws.com.http: Flags [P.], seq 1:523, ack 1, win 68, length 522: HTTP: GET /weatherstation/updateweatherstation.php?ID=xxxxxxxx&PASSWORD=xxxxxxxx&indoortempf=66.9&tempf=32.5&dewptf=13.1&windchillf=32.5&indoorhumidity=65&humidity=44&windspeedmph=0.0&windgustmph=0.0&winddir=118&absbaromin=29.10&baromin=29.88&rainin=0. 00&dailyrainin=0.00&weeklyrainin=0.25&monthlyrainin=2.60&yearlyrainin=40.94&solarradiation=4.69&UV=0&dateutc=2024-11-21%2012:29:5&softwaretype=WS-1001%20V2.2.9&action=updateraw&realtime=1&rtfreq=5 HTTP/1.0
12:29:05.101042 IP 192.168.5.131.57414 > ec2-54-159-105-134.compute-1.amazonaws.com.http: Flags [P.], seq 1:523, ack 1, win 68, length 522: HTTP: GET /weatherstation/updateweatherstation.php?ID=xxxxxxxx&PASSWORD=xxxxxxxx&indoortempf=66.9&tempf=32.5&dewptf=13.1&windchillf=32.5&indoorhumidity=65&humidity=44&windspeedmph=0.0&windgustmph=0.0&winddir=118&absbaromin=29.10&baromin=29.88&rainin=0. 00&dailyrainin=0.00&weeklyrainin=0.25&monthlyrainin=2.60&yearlyrainin=40.94&solarradiation=4.69&UV=0&dateutc=2024-11-21%2012:29:5&softwaretype=WS-1001%20V2.2.9&action=updateraw&realtime=1&rtfreq=5 HTTP/1.0
matthew wall
Nov 21, 2024, 8:54:58 AM11/21/24
to weewx...@googlegroups.com
robert,
what is your network hardware? dumb switches isolate traffic, so one physical port cannot listen to traffic on a different physical port. hubs (remember those?), on the other hand, let every port see traffic on every other port. if you have a managed switch, then you can probably use the switch's management interface to mirror ports, letting one physical port see the traffic happening on a different physical port.
m
what is your network hardware? dumb switches isolate traffic, so one physical port cannot listen to traffic on a different physical port. hubs (remember those?), on the other hand, let every port see traffic on every other port. if you have a managed switch, then you can probably use the switch's management interface to mirror ports, letting one physical port see the traffic happening on a different physical port.
m
Robert Turner
Nov 21, 2024, 9:22:02 AM11/21/24
to weewx-user
There isn't any network hardware between the station and where weewx runs. Essentially weewx is running on the access point. On the pi wlan0 is setup to be the access point. The station connects to that access point. The packet sniffing is done directly on wlan0.
I am able to see the traffic using sudo tcpdump -i wlan0.
matthew wall
Nov 21, 2024, 10:39:13 AM11/21/24
to weewx...@googlegroups.com
robert,
well, it is not a permissions problem - you used 'sudo' when invoking the interceptor driver directly.
i vaguely remember pcap settings for promiscuity coming into play (your tcpdump might use it by default?). there is a boolean 'promiscuous' option for interceptor, but it is not mapped through to the direct invocation of interceptor.py
can you get any log messages when you run the driver directly? debug is especially helpful - the sniff server spits out quite a bit of information.
you might have to make some modifications to interceptor.py
log messages nominally go to syslog, but systemd might hijack that. and the interceptor driver is not aware of the newer logging mechanisms in weewx. (it sets weewx.debug=1, but that probably won't get you full debug logging - i know, i need to fix this in all of my extensions...)
sorry i cannot do any testing and debug myself right now!
m
> --
> You received this message because you are subscribed to the Google Groups "weewx-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/weewx-user/ccb3557d-bf6c-42a3-93ac-3554ef484ab4n%40googlegroups.com.
well, it is not a permissions problem - you used 'sudo' when invoking the interceptor driver directly.
i vaguely remember pcap settings for promiscuity coming into play (your tcpdump might use it by default?). there is a boolean 'promiscuous' option for interceptor, but it is not mapped through to the direct invocation of interceptor.py
can you get any log messages when you run the driver directly? debug is especially helpful - the sniff server spits out quite a bit of information.
you might have to make some modifications to interceptor.py
log messages nominally go to syslog, but systemd might hijack that. and the interceptor driver is not aware of the newer logging mechanisms in weewx. (it sets weewx.debug=1, but that probably won't get you full debug logging - i know, i need to fix this in all of my extensions...)
sorry i cannot do any testing and debug myself right now!
m
> You received this message because you are subscribed to the Google Groups "weewx-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/weewx-user/ccb3557d-bf6c-42a3-93ac-3554ef484ab4n%40googlegroups.com.
Robert Turner
Nov 21, 2024, 2:30:50 PM11/21/24
to weewx-user
I believe I discovered the issue. Well cursor told me the answer. It says the pcap library can't sniff packets with the wlan0 in access point mode. TCPDump has special capabilities that allow it to sniff the packets.
It also rewrote the code to use TCPDump instead of pcap. I will give that a try and see how that works.
0 new messages