0

Summary

I have set up a udp packet listener in python, and I would like to be able to identify the device that is broadcasting the data it receives.

The Goal

I have a PHP web page that is reading the data from a database, which is being populated by the listener inserting the data when it receives it. My goal is to have a toggle switch that allows the user to select which device to hear data from. So currently, data is only being broadcast by either an MT4000 telemetry device, or using the terminal to manually send data across port 30000.

I don't want to identify it from a specific serial port, as described in: Identifying serial/usb device python But rather wherever it is connected (any serial ports).

My Method

My idea at the moment is to somehow, send a message back to the same device from the listener, acting as both an acknowledger, and as a scan, to ask what the device is. Is that a feasible way?

Problems

  • Increases the amount of data being transmitted massively with more back and forth packets.
  • It may not work for every device connected, methods of extracting identity may be different for each device.

Once the python has identified the device, I will insert into the database, and when the user selects a device, a modified query will be sent, ie

("SELECT * FROM table WHERE device = MT4000");

I feel that this is not a clean method to use, and would be very open for different suggestions.

The solution

Unless it helps get across an answer, I'm not looking for specific code, but rather the theory of the task.

Community
  • 1
  • 1
Ed Prince
  • 714
  • 2
  • 14
  • 31
  • You mention *"udp"* which is typically over IP and Ethernet. Why do you also mention *"serial port"* and have that tag? Are you confusing TCP/UDP ports with serial (aka RS-232) ports? – sawdust Aug 21 '14 at 21:13
  • The MT4000 is connected to the machine using the ttyS0 serial port, meaning I can transmit data through that port, into the device. The device then broadcasts this, and my Python udp listener receives it. I found ways to identify which port is being used, i.e If data is being sent through ttyUSB etc. But I was more interested in the specific device, as a number of devices could potentially connect through that serial port over an extended period of time. – Ed Prince Aug 21 '14 at 21:19
  • Hi Ed. Did the below answer help you at all? – halfer May 05 '16 at 19:47

1 Answers1

1

You may want to look into the way that nmap performs service detection. It is my understanding that it uses several different approaches and then takes the best match available. Those different approaches include:

  • What port the service is running on
  • What welcome banner the service provides for an initial connection
  • What OS the server runs (and thus what services could possibly run on that server)

You can read more about this in the service and application detection chapter.

Since you are also receiving data from these devices you can look at that data to determine what type it is. The file command on linux is a tool that performs a similar function, and that can determine the type based on:

  • File extension (obviously inapplicable here)
  • Magic numbers that appear at or near the start of the file
  • The composition of the data (mostly binary, or mostly ascii/unicode/etc, byte endiness and so on)

The underlying functionality of the file command is available as libmagic, a C library. It would be worth trying to use that directly, rather than duplicating it's functionality.

It's worth pointing out that a lot of these techniques provide statistical probabilities rather than certain answers. This may mean that you have to deal with a degree of uncertainty in your results, leading to misclassifications. To mitigate this you can collect data until you are sure enough that the device providing the data has been correctly identified.

Matthew Franglen
  • 4,441
  • 22
  • 32