Troubleshoot Protocol

mdtaylorlrim3 years ago

I recently acquired an Oyster2 that I am trying to track. It is not yet actually in possession but on its way here by common carrier. It is sending data once every 12 hours now, unless it is moving. I did not program it. I had someone else. Until I get it I will not be able to change any settings in it.

I opened the firewall on the router, routed port 5137 to the server, opened the firewall on the server, and I get the following:

In tracker-server.log

2021-09-11 00:10:27  INFO: [4be5e212] connected
2021-09-11 00:10:27  INFO: [4be5e212: dmt < 52.191.90.98] HEX: 16030300a6010000a20303613c3a433c131fe770b71c833efc4e7413f701aa19f1f91d3112c44c932e326c00002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100004f00000014001200000f6d6170732e776135656f632e6f7267000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100
2021-09-11 00:10:27  WARN: [4be5e212] error - Adjusted frame length exceeds 1024: 42501 - discarded - TooLongFrameException (... < WrapperInboundHandler:57 < ... < StandardLoggingHandler:43 < ... < NetworkMessageHandler:37 < ...)
2021-09-11 00:10:27  INFO: [4be5e212] disconnected

In a tcpdump (on CentOS)

00:10:27.267562 IP 52.191.90.98.63222 > localhost.localdomain.ctsd: Flags [.], ack 1, win 2053, length 0
00:10:27.268376 IP 52.191.90.98.63222 > localhost.localdomain.ctsd: Flags [P.], seq 1:172, ack 1, win 2053, length 171
00:10:27.268440 IP localhost.localdomain.ctsd > 52.191.90.98.63222: Flags [.], ack 172, win 237, length 0
00:10:27.270640 IP localhost.localdomain.ctsd > 52.191.90.98.63222: Flags [F.], seq 1, ack 172, win 237, length 0
00:10:27.329208 IP 52.191.90.98.63222 > localhost.localdomain.ctsd: Flags [.], ack 2, win 2053, length 0
00:10:27.330163 IP 52.191.90.98.63222 > localhost.localdomain.ctsd: Flags [F.], seq 172, ack 2, win 2053, length 0
00:10:27.330245 IP localhost.localdomain.ctsd > 52.191.90.98.63222: Flags [.], ack 173, win 237, length 0

So, it appears that the firewalls are open and the port is forwarded, but the HEX data being received is Binary HEX.

Could this be the Oyster2 sending encrypted data? Protocol other than DMT? Possible hack?

Any clues anyone?
Thanks
Mark

Anton Tananaev3 years ago

Have you asked the device vendor about this? Do you have protocol documentation for your device?

mdtaylorlrim3 years ago

That is a first thing to do Monday morning. Just hoping to get a clue if it were to be my problem...

The device protocol was assumed by the Oyster entry on the Devices page here.. I'm hoping it is correct. I'll know more Monday.

mdtaylorlrim3 years ago

Situation resolved. The Oyster2 is reporting to it's Digital Matters OEM server (Telematics Guru?) and a TCP Connector was created and pointed to port 5137 and it works as intended.

The Oyster2 raw TCP data is read by Traccar on port 5137 just fine. Not sure what the problem was. It's one of those things that just started working. It could have had something to do with being inside a shipping container at first. Once I got it in hand and installed in it permanent location it works fine.