Smartphone Radar - Smartphone presence detection (Locked)

Posted on
Sat Jun 04, 2011 12:34 am
djelsewhere offline
Posts: 20
Joined: Apr 25, 2011
Location: Running Springs, CA

Re: Smartphone Radar - Smartphone presence detection

That lets me enter the MAC address, but I'm still not seeing anything in the logs, and the variables aren't getting reset.

It seems like the log is being sent over correctly. When I disconnect or reconnect my phone from the wifi, I see the number of packets increment for the WaterRoof rule I set up, so it's receiving the syslog update.

I have show router log and enable debuging checked, but am not seeing anything extra in the log for those.

(sorry for hijacking your thread for troubleshooting)

Posted on
Sat Jun 04, 2011 7:48 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

I have five routers in my house, with four of them being Apple brands. The one router which is not Apple can send syslog to port 1514 with no problems (unfortunately the iPhone doesn't use that router). I did Waterroof as outlined and nothing is coming from the Apple routers. I too can see the WaterRoof counts go up but in the Indigo log I only see the info from my non-Apple Router. I did look in the Apple log files and I can see the iPhone (as a Mac address) but nothing seems to make it to port 1514 except the non-Apple router stuff (when I tell that router to send via 1514).

Posted on
Sat Jun 04, 2011 8:10 am
travisc offline
User avatar
Posts: 346
Joined: Sep 07, 2010
Location: Toronto, Canada

Re: Smartphone Radar - Smartphone presence detection

I'll set my router to forward to port 514 and try to get this working. I did it quickly now and the forwarding rule we're making in WaterRoof doesn't seem to be working correctly.

(sorry for hijacking your thread for troubleshooting)


Not at all! Developing this plugin IS the purpose of the thread.

Posted on
Sat Jun 04, 2011 8:19 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

I used the directions from here: http://www.splunk.com/wiki/Community:Ho ... rward_Data with the forward of *.* going to @127.0.0.1:1514
The forward seems to work because SmartRadar did see my tcpdump and it also saw when I ran WaterRoof. I redirected my non-Apple router to 514 and SmartRadar doesn't see it. When direct the non-Apple router back to 1514, SmartRadar does see it. I wonder if something is swallowing items going to 514?

Posted on
Sat Jun 04, 2011 9:47 am
travisc offline
User avatar
Posts: 346
Joined: Sep 07, 2010
Location: Toronto, Canada

Re: Smartphone Radar - Smartphone presence detection

lharris9 wrote:
I used the directions from here: http://www.splunk.com/wiki/Community:Ho ... rward_Data with the forward of *.* going to @127.0.0.1:1514
The forward seems to work because SmartRadar did see my tcpdump and it also saw when I ran WaterRoof. I redirected my non-Apple router to 514 and SmartRadar doesn't see it. When direct the non-Apple router back to 1514, SmartRadar does see it. I wonder if something is swallowing items going to 514?


If I'm not mistaken. What you've done there is forward your computer's syslog service to SmartRadar. Just like your router has a syslog service, your OS X install has one too. So what you're seeing in SmartRadar would be the logs you would normally see in your Console application in your Utilities folder.

I agree that something seems to be gobbling or dropping the packets being redirected to 1514.

Posted on
Sat Jun 04, 2011 9:54 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

My assumption (which might be invalid) is that when I told my Apple Routers to forward the logs to a particular machine, it was sending the logs to syslogd which I thought listened on port 514. I was then trying to forward all Syslog messages to 1514.

Posted on
Sat Jun 04, 2011 10:04 am
djelsewhere offline
Posts: 20
Joined: Apr 25, 2011
Location: Running Springs, CA

Re: Smartphone Radar - Smartphone presence detection

For that machine's syslog to listen, the NetworkListener section needs to be uncommented in /System/Library/LaunchDaemons/com.apple.syslogd.plist

Posted on
Sat Jun 04, 2011 10:19 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

Took the comment lines out and Smartphone Radar started getting the stuff from my non-Apple router but not my apple routers. I wonder if the Apple Routers are sending it to 514? I saw in one post on google that the Apple Routers didn't send to 514, but it didn't say where it does send it too. I will continue to research.

Posted on
Sat Jun 04, 2011 10:46 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

Possible success. I rebooted my machine with Indigo and all my routers and it appears to have recognized one of my iPhones by it MAC address and not its IPv4 address (there are also IPv6 addresses in the log too). I will check the variables in a few hours to see if it is indeed working.

Posted on
Sat Jun 04, 2011 11:13 am
djelsewhere offline
Posts: 20
Joined: Apr 25, 2011
Location: Running Springs, CA

Re: Smartphone Radar - Smartphone presence detection

One other hitch with the AirPort router. It doesn't seem to log activity like checking an e-mail account. Even with the syslog level set to report everything, it's just showing me when the iPhone connects and disconnects from the network. I suppose that might be enough information to determine if you're home or not. I could set up two variables for each phone, and enter the exact string of the connection and disconnection log entries, one tied to each variable. Then just compare the two variable values to determine which happened most recently.

Posted on
Sat Jun 04, 2011 1:50 pm
asw24b offline
Posts: 222
Joined: Dec 30, 2007
Location: Los Altos Hills, CA

Re: Smartphone Radar - Smartphone presence detection

djelsewhere wrote:
One other hitch with the AirPort router. It doesn't seem to log activity like checking an e-mail account. Even with the syslog level set to report everything, it's just showing me when the iPhone connects and disconnects from the network.



Correct... it's a Syslog like function; not a debug log or packet log.

Mike

Posted on
Sun Jun 05, 2011 10:37 am
travisc offline
User avatar
Posts: 346
Joined: Sep 07, 2010
Location: Toronto, Canada

Re: Smartphone Radar - Smartphone presence detection

lharris9 wrote:
My assumption (which might be invalid) is that when I told my Apple Routers to forward the logs to a particular machine, it was sending the logs to syslogd which I thought listened on port 514. I was then trying to forward all Syslog messages to 1514.

That makes sense.

lharris9 wrote:
Possible success. I rebooted my machine with Indigo and all my routers and it appears to have recognized one of my iPhones by it MAC address and not its IPv4 address (there are also IPv6 addresses in the log too). I will check the variables in a few hours to see if it is indeed working.

How are you making out with this?

I've been trying for a few hours to get the port forwarding using WaterRoof to work with no luck. WaterRoof indicates the firewall rule is indeed filtering the packets. My current theory is that they must be getting dropped by the python socket call because the destination port in the packet header is still 514 since the header is not rewritten by ipfw. I'll try adding a natd rule that will rewrite the packet header with the correct port number and see what happens. If any network guru's are reading this, any suggestions would be helpful, I'm running out of ideas! :)

Posted on
Sun Jun 05, 2011 11:35 am
lharris9 offline
Posts: 36
Joined: Jul 13, 2009

Re: Smartphone Radar - Smartphone presence detection

Everything is working well. My Apple routers seem to be sending the Mac address and my Xincom router uses the IP address. I created one variable which I dedicated to the Mac address and another variable dedicated to the IP address. Both were getting reset to 0, with the Xincom router usually sending the information first. One thing I did notice is the Apple routers don't seem to send as much information as my other router even when set to debug. My other router has finer control for 19 different things such as Mail, DNS, Kernel, etc.
I am not using WaterRoof since it didn't help me. I am using the configuration where everything is going to 514 and I have enabled Syslogd to receive network messages and then SyslogD is routing them to 1514. I will probably stop the apple routers from sending the information since I can detect the iPhone though the Xincom. The only advantage the Apple routers have for me is to tell me where in the house the person (or phone) is which would enable me to turn off the lights and A/C in different parts of the house, but only if I carry around my iPhone which I usually don't do at home.
Thanks for the help and the great plug-in!

Posted on
Mon Jun 06, 2011 12:27 pm
tomvardon offline
Posts: 23
Joined: Jan 10, 2011

Re: Smartphone Radar - Smartphone presence detection

Is this only for 5.0 i don't see a plugins menu on 4

Posted on
Mon Jun 06, 2011 12:32 pm
travisc offline
User avatar
Posts: 346
Joined: Sep 07, 2010
Location: Toronto, Canada

Re: Smartphone Radar - Smartphone presence detection

tomvardon wrote:
Is this only for 5.0 i don't see a plugins menu on 4


Yes. One of the new features in version 5 is the ability to use plugins to extend Indigo's functionality.

Who is online

Users browsing this forum: No registered users and 2 guests