Saturday, January 26, 2008

Card communication on the local network

Chris Davies saw this blog and was nice enough to point me to some tools he has written. They somewhat take the place of the Eye-Fi manager. In Chris's words:


> It's all fairly trivial. After the card gets a DHCP
> response, it sends out a flood of ARP requests ... for
> each host in the subnet. It then does a triple handshake
> on the predesignated port of each host in turn, until it
> finds one that's running a server on it. After that it
> just tries to authenticate with that host, and send it
> pictures.


"That host" is, of course, the one running the Eye-Fi manager. Chris's tools will listen on that predesignated port for the card to contact it, and start accepting pictures.

Well, here's the problem: I don't see any of this behavior!! I set up a second ethernet card in one of my Linux machines and turned on bridging with it and a normal card, then put my wifi access point on that second card. That makes my PC act like an ethernet switch that allows me to monitor all the traffic that goes over it with network monitoring tools.

I used a filter in Wireshark to narrow down the traffic to just the Eye-Fi card with this filter
(eth.addr == 00:18:56:aa:bb:cc) &&
!(ip.addr == 216.218.219.2)
That's because "00:18:56:aa:bb:cc" is the MAC address of the Eye-Fi card, and "216.218.219.2" is the IP address of the Eye-Fi server. So, this let me look at all of the card's communication with things other than the Eye-Fi server.

After the DNS requests to talk to the Eye-Fi server, I don't see the card do much of anything.

2 comments:

Michael said...

One of the things I'd be curious about is a way to overcome its WEP/WPA pass phrase limitation. The card cannot be used on properly configured corporate networks where a random hex key is used that is NOT generated from an ASCII pass phrase. (A standard procedure to prevent dictionary based attacks.) The Eye Fi software can only take ASCII pass phrases. I went back & forth with their customer service on this, with the conversation hampered by their customer service person (named Wanda) not knowing anything about wireless network authentication. Finally she spoke with someone there who knew something, and no, there is no provision for directly inputing the HEx Key.

Spikey said...

If you have the card configured to send to a local machine as well as the send-it-to-flickr service. I'm pretty sure the card will only send to eye-fi headquarters. The desktop app gets it from there.

If the card is configured to only send it locally then it will look for a local instance of the desktop app.

(90% sure of this)