[mdlug] Reverse-engineering data protocols

[Jeff Hanson]

On Tue, Mar 1, 2011 at 12:51 PM, David McMillan <skyefire at skyefire.org> wrote:
>
>     Probably rather off-topic for this list, but I'm hoping somebody
> might know somebody....
>
>     Here's my situation:  For a lot of R&D labwork I'm currently doing,
> one of my sensor systems is capable of streaming selected realtime data
> across a TCP connection to a remote piece of logging software.  But *of
> course,* the logging software only works under Windows.  Which I could
> probably deal with, except that the logging software is also pretty
> primitive -- saving a logfile down to a tab-separated text file so that
> my own postprocessing scripts can <ahem> Do Science To It requires a
> series of manual operations.  There's no way to automate it.  I've
> actually managed to semi-automate the process using WinXP scripting, but
> there's a rub: I have yet to find a way to get the script to trigger
> automatically[1].
>

What is the part number of the sensor and who made it?  Is it some
custom design for your company?

>     So, naturally, I decided this was a Behold The True Power of Linux!
> situation, and decided it was time to learn how to write my own
> replacement for this proprietary logging software.  So I did a test run,
> logging the raw port data with WireShark and saving the output of the
> saved file... and hit a wall.
>     I'm *pretty* certain that this data isn't enciphered to prevent
> third-party access, but it's not plaintext being pushed through a
> Telnet-esque connection either.  So I'm a bit stuck.
>

It could be compressed, raw data, multiplexed from multiple sensors,
or a serial or time stamped stream.

> [1] boring details:  the logging software acts as a "server," listening
> on a particular port.  It starts logging as soon as the port opens.  The
> tricky bit is that all the logged data *gets erased* without being saved
> if/when the port is closed, and the port gets closed from the "client"
> end (the test rig) as soon as I hit Reset to begin another measurement.
> Getting around this requires me to keep running back and forth between
> machines, which gets awfully tedious when I'm sometimes doing dozens of
> test runs per hour.  So the key event to detecting when to save the
> logged data is to detect first the port opening, followed by a halt to
> port activity.  Which I haven't been able to figure out a way to do
> under WinXP.
>

You can poll with netstat but that may have too much latency to
activate a script on time.

I'm not a software engineer but I do work on automotive-related test systems.