Unknown protocol - who recognizes it?

I ran into an Ethernet (TCP) based protocol which sends packets like (in ASCII):
28253199166202202220008+0041808825319_4F7

I can't find what it is, does it sound familiar ?
 
You're going to need to provide a little more detail for anyone to have any chance of helping you with this request.

What TCP port is being used?

Where did you run into this protocol? Do you know what device(s) are sending these packets?

Do you have any additional packet examples or only the one?
 
It is on TCP port 5502, first thing I thought: it's Modbus (5000 + 502), but it isn't. The client (opening the TCP connection) sends the message as given above. It starts with a byte 0x02 (STX) and ends with a 0x0D (CR). Peculiar in these messages are the + and _.

The response messages are like (also with STX and CR): 6000000914120220221151178. Looks like a standard header (600001 or 6000009), sequence number 141, 2022/02/21, 15:11, 78 unknown; probably an ACK or so.

I can't access the devices, they are at a remote site. The owner says it's X10 but it doesn't look like it at all. The MAC-addresses say nothing, one is from a firewall, the server MAC-addresses start with 0x00 0x00 0x00, so nothing about the vendor can be derived from that.

Typical is also that the client starts a connection with the server, exchanges only two messages (req/rsp), close the connection, and so on.
 
that port number is in the undefined range. anyone can use it for their custom purpose with out stomping on another published port,
it smells like ascii and it terminates with <CR>. the data string is most likely custom to the module provider.
easiest path :
Identify the maker and part number then research their protocol. see if they offer any communication tools.

next :
you can open and communicate via ascii tcp with vba or dotNet or similar. you can also find a terminal application that will open and transact with an ascii tcp port for debugging, testing, etc.. i've got some old code somewhere around from an application I built to communicate with test instruments via telnet (port 23, the original tcp port number for ascii). if you can find anything closer to the mark than this, I can possibly dredge it up.

good luck with your science project.
 
Top