go_away

Author Topic: Blinded by IP Ports  (Read 2180 times)

0 Members and 1 Guest are viewing this topic.

Offline AsellithTopic starter

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 648
  • Helpful? 9
  • "I'm a leaf on the wind. Watch how I soar"
    • CorSec Engineering
Blinded by IP Ports
« on: April 03, 2009, 02:48:40 PM »
Ok I am working on this project for work and it is driving me nuts due to my lack of networking knowledge. So I thought I would ask on here for some guidance

heres the situation. I have 42 cellular modems deployed in the field. They are Bluetree BT-4200s. They are attached to my radio translator station equipment at 42 different sites. The main part is done as in I can log in and talk to the modems which pass IP info to a serial port and let me monitor some digital and analog inputs on the other side.

Another feature we want to implement in these modems is the fact that they can send specific data bursts when an event occurs. Either a timer or a value change. I have that side figured out but the trouble is when the data gets to me. Now I don't have access to the outside of the firewall at work and getting it would be a big pain. Also IT is suppose to do this project for me but its been several months and I'm tired of waiting on them. Also I get to trade my crappy phone in for a nice PDA phone when we get it to work :)

I think I have the one modem working and sending data to the other modem. However I have no clue how to look for the data. I am using the second modems port forwarding function to send all the data from the incoming port to my PC. however I don't know how to look at the data when it gets to my PC. Right now the PC is attached using a cross over cable to the Ethernet port on the modem. Once I can confirm I am actually getting the data I have to make a program to interpret the incoming data and transfer it to an email or SMS message when needed to let me know something went wrong.

But the first problem is confirming I am getting data so any ideas on how to monitor this port on my pc?

« Last Edit: April 03, 2009, 02:50:31 PM by Asellith »
Jonathan Bowen
CorSec Engineering
www.corseceng.com

Offline datt

  • Jr. Member
  • **
  • Posts: 20
  • Helpful? 0
Re: Blinded by IP Ports
« Reply #1 on: April 03, 2009, 04:18:30 PM »
You say a modem will "send you data" and you want to monitor it on your pc. What protocol is being used to transmit this information? If you are unsure, I recommend downloading Wireshark to sniff all data coming to you on any given interface (in your case, ethernet). This will give you a raw output of what is coming in, regardless of format.

Hope this helps...

Offline dunk

  • Expert Roboticist
  • Supreme Robot
  • *****
  • Posts: 1,086
  • Helpful? 21
    • dunk's robot
Re: Blinded by IP Ports
« Reply #2 on: April 03, 2009, 05:08:32 PM »
ok, trying to work out your setup here...

the cellular modems each have their own IP addresses.
they are out on the internet.
you are trying to access the cellular modems from behind your company firewall.

is that right?


the easiest thing to do is get your IT guys to open a port for you.
but it sounds like you already know that.

alternatively you could port forward from a machine outside your firewall through an already open port.
you'd need a computer outside the firewall running sshd at a minimum.


dunk.

Offline AsellithTopic starter

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 648
  • Helpful? 9
  • "I'm a leaf on the wind. Watch how I soar"
    • CorSec Engineering
Re: Blinded by IP Ports
« Reply #3 on: April 04, 2009, 06:01:01 AM »
Here is my setup. I have two modems. Both have static IP addresses. I am using a laptop to read the data from the receiving modem. I work for a large college so just asking the IT guys for an open port practically requires the College presidents approval. That and I am kinda doing this behind there backs :)

I've downloaded wireshark it might be just what I am looking for. The modem is sending a large hex stream to a specific IP port and I in software need to capture it and decode it. At this point the main issue is see that the data is making it through my weird setup and to my laptop. Then the fun begins as I have to write a program and or a website to do all the processing.
Jonathan Bowen
CorSec Engineering
www.corseceng.com

Offline datt

  • Jr. Member
  • **
  • Posts: 20
  • Helpful? 0
Re: Blinded by IP Ports
« Reply #4 on: April 04, 2009, 11:26:14 AM »
Quote
The modem is sending a large hex stream to a specific IP port

It doesn't make sense to speak of IP ports, as the IP protocol does not have any provisions for port numbers (it is only a routing protocol). If you knew the protocol being used (TCP, UDP, etc) it would be simple to write a program to capture whatever data is coming in. Knowing it is in hex format is also helpful in decoding. Regardless, Wireshark should be able to capture pretty much any data you throw at it.

You are directly connected to the receiving modem, but is that modem receiving anything from the first modem or is that the port forwarding issue you are talking about?

Offline AsellithTopic starter

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 648
  • Helpful? 9
  • "I'm a leaf on the wind. Watch how I soar"
    • CorSec Engineering
Re: Blinded by IP Ports
« Reply #5 on: April 04, 2009, 02:06:33 PM »
Sorry it is using TCP. I can use UDP if needed. Not sure at this point if that would be better or not.

I am connected to the receiving modem. It is programed to forward the port #1700 to the "local" LAN on the same port. I know 1700 is open on the WAN network because we opened it for serial communication. Altell controls the WAN router.

Not sure if this makes a difference but the laptop is connected to the LAN port of the Modem with a crossover cable. I can talk to/program the modem so I am assuming the connection is correct.
Jonathan Bowen
CorSec Engineering
www.corseceng.com

Offline MrWizard

  • Full Member
  • ***
  • Posts: 117
  • Helpful? 0
  • My cylon friend told me a killing joke......
Re: Blinded by IP Ports
« Reply #6 on: April 04, 2009, 02:18:54 PM »
Sorry it is using TCP. I can use UDP if needed. Not sure at this point if that would be better or not.

I am connected to the receiving modem. It is programed to forward the port #1700 to the "local" LAN on the same port. I know 1700 is open on the WAN network because we opened it for serial communication. Altell controls the WAN router.

Not sure if this makes a difference but the laptop is connected to the LAN port of the Modem with a crossover cable. I can talk to/program the modem so I am assuming the connection is correct.

If it is just collect data on the port .... it is fairly simple look for a syslog program like kiwi and reconfigure the port (UDP) 514 to 1700. But if the router /modem is configured with NAT it will send the data to that ip destination. If you can change the ip destination address of 1700 to your PC you are done (check your pc firewall to open the 1700 port).  But make sure you can change it (IT approval) otherwise I gave you a very bad advise.
« Last Edit: April 04, 2009, 02:22:57 PM by MrWizard »

Offline dunk

  • Expert Roboticist
  • Supreme Robot
  • *****
  • Posts: 1,086
  • Helpful? 21
    • dunk's robot
Re: Blinded by IP Ports
« Reply #7 on: April 04, 2009, 02:28:33 PM »
Here is my setup. I have two modems. Both have static IP addresses. I am using a laptop to read the data from the receiving modem. I work for a large college so just asking the IT guys for an open port practically requires the College presidents approval. That and I am kinda doing this behind there backs :)

I've downloaded wireshark it might be just what I am looking for. The modem is sending a large hex stream to a specific IP port and I in software need to capture it and decode it. At this point the main issue is see that the data is making it through my weird setup and to my laptop. Then the fun begins as I have to write a program and or a website to do all the processing.
o right,
so you are just using the modems to bypass the firewall?
in that case reading data from the modems should be the same as reading date from your "radio translator station equipment".

how would you operate this equipment if the modems were not in between?


dunk.



Offline MrWizard

  • Full Member
  • ***
  • Posts: 117
  • Helpful? 0
  • My cylon friend told me a killing joke......
Re: Blinded by IP Ports
« Reply #8 on: April 04, 2009, 03:01:20 PM »
Here is my setup. I have two modems. Both have static IP addresses. I am using a laptop to read the data from the receiving modem. I work for a large college so just asking the IT guys for an open port practically requires the College presidents approval. That and I am kinda doing this behind there backs :)

I've downloaded wireshark it might be just what I am looking for. The modem is sending a large hex stream to a specific IP port and I in software need to capture it and decode it. At this point the main issue is see that the data is making it through my weird setup and to my laptop. Then the fun begins as I have to write a program and or a website to do all the processing.
o right,
so you are just using the modems to bypass the firewall?
in that case reading data from the modems should be the same as reading date from your "radio translator station equipment".

how would you operate this equipment if the modems were not in between?


dunk.





Crash course hacking ? :o
Oh I see what you mean..... If you are not able to change the config Wireshark is good.  It is easier if you can get the mac address from the modems or PC who is sending the data. So you can capture/filter only data from that mac-address. The data will be displayed like a text file, so perhaps a header needs to be created. But that is if you have the data already. Then you can capture the data with WinPcap.



Offline datt

  • Jr. Member
  • **
  • Posts: 20
  • Helpful? 0
Re: Blinded by IP Ports
« Reply #9 on: April 04, 2009, 08:30:17 PM »
Well he is connected to the modem via crossover cable, so there are only 2 nodes and MAC filtering would not be necessary.

Quote
I am connected to the receiving modem. It is programed to forward the port #1700 to the "local" LAN on the same port. I know 1700 is open on the WAN network because we opened it for serial communication.

As MrWizard said, anything involving connecting to an internal LAN node from a source coming from the WAN link requires setting up a router to point to your machine. You need to edit the entry for incoming port 1700 and have it point to your IP.

Offline AsellithTopic starter

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 648
  • Helpful? 9
  • "I'm a leaf on the wind. Watch how I soar"
    • CorSec Engineering
Re: Blinded by IP Ports
« Reply #10 on: April 06, 2009, 06:52:43 AM »
So I need to configure the modem not to output at it's LAN ip of 192.168.0.1 but the the IP assigned the laptop? right now it is forwarding everything to 01 on the LAN.

@Dunk
   The translator equipment uses a different side of the modem. The transmitter just feeds it analog and digital data to the IO pins on the modem and the satellite receiver talks to it through RS-232 and the modems lets you setup an IP-Serial gateway that works for that. So I have to modify my setup on the one modem to get an active outside internet connection.
Jonathan Bowen
CorSec Engineering
www.corseceng.com

Offline AsellithTopic starter

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 648
  • Helpful? 9
  • "I'm a leaf on the wind. Watch how I soar"
    • CorSec Engineering
Re: Blinded by IP Ports
« Reply #11 on: April 06, 2009, 07:01:40 AM »
Ok now I got something. Now that the forward is going to the right IP I have data coming in. Wireshark is really cool BTW. Now to hand decode the data and figure out what is being said so I can start the hard part of building a program to decode it for me.

Thanks for the help guys.
Jonathan Bowen
CorSec Engineering
www.corseceng.com

 


Get Your Ad Here