Skip to content
This repository was archived by the owner on Feb 21, 2022. It is now read-only.

Webhooks Sniffer

Jump to bottom
Alexander Thoukydides edited this page Dec 27, 2017 · 5 revisions

Quicker Events by Sniffing Doorbell CoAP Packets

If the length of CoAP packets transmitted and received by the SkyBell HD doorbell can be observed then it is possible to detect button press and motion events far quicker than is possible by polling the cloud services.

This example uses tcpdump on the gateway through which the doorbell traffic is routed, e.g.

> sudo /usr/sbin/tcpdump -lpnttti eth0 port 5683
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:00:00.000000 IP 192.168.0.32.5683 > 52.35.62.156.5683: UDP, length 321
00:00:00.186781 IP 52.35.62.156.5683 > 192.168.0.32.5683: UDP, length 97
00:00:30.119438 IP 192.168.0.32.5683 > 52.42.76.29.5683: UDP, length 113
00:00:00.180830 IP 52.42.76.29.5683 > 192.168.0.32.5683: UDP, length 97
00:00:31.578260 IP 192.168.0.32.5683 > 34.209.18.59.5683: UDP, length 321
00:00:00.174976 IP 34.209.18.59.5683 > 192.168.0.32.5683: UDP, length 97
00:00:09.966205 IP 192.168.0.32.5683 > 34.209.18.59.5683: UDP, length 465
00:00:00.193465 IP 34.209.18.59.5683 > 192.168.0.32.5683: UDP, length 49
00:00:20.953641 IP 192.168.0.32.5683 > 35.162.98.95.5683: UDP, length 113
00:00:00.176905 IP 35.162.98.95.5683 > 192.168.0.32.5683: UDP, length 97
00:00:32.400016 IP 192.168.0.32.5683 > 52.42.76.29.5683: UDP, length 321
00:00:02.366409 IP 192.168.0.32.5683 > 52.42.76.29.5683: UDP, length 321
00:00:00.356414 IP 52.42.76.29.5683 > 192.168.0.32.5683: UDP, length 97
00:00:30.591193 IP 192.168.0.32.5683 > 52.42.76.29.5683: UDP, length 113
00:00:00.181289 IP 52.42.76.29.5683 > 192.168.0.32.5683: UDP, length 97

Unfortunately it is not possible to distinguish between button press and motion using this technique. Hence, this example always triggers the HomeKit motion sensor event regardless of the actual cause.

Installation

Install the doorbell packet sniffer as follows:

  1. Configure the router to allow ssh login without a password, e.g. by adding your public key to its authorized_keys file.
  2. Configure this plugin's webhooks server by specifying a port (and optionally a secret) in the Homebridge config.json file.
  3. Save the files from this gist to appropriate locations. On a recent Ubuntu distribution (e.g. Ubuntu 16.04.3 LTS Xenial) using systemd they should be placed as follows:
File Location
skybell-sniff-pl /usr/local/bin/skybell-sniff.pl (or an alternative location of your choice)
skybell-sniff.service /etc/systemd/system/skybell-sniff.service
skybell-sniff /etc/default/skybell-sniff

Configure /etc/systemd/system/skybell-sniff.service

The following configuration options may need to be tweaked:

Option Description
ExecStart If the Perl script has been saved to an alternative location then update the path to match.
User Optionally change this to a suitable non-privileged account. This is recommended but not essential.

Configure /etc/default/skybell-sniff

Modify the following environment variables as appropriate:

Variable Examples Description
SKYBELL_HOST skybell or 192.168.0.42 The hostname or IP address of the doorbell.
SKYBELL_NAME 'Doorbell' The name of the doorbell within the SkyBell HD app.
HOMEBRIDGE_SKYBELL_PORT 47569 The port on which the webhooks server is listening (port in config.json).
HOMEBRIDGE_SKYBELL_SECRET 'My webhooks secret' The webhooks authentication string (secret in config.json).
ROUTER_HOST 192.168.0.1 The hostname or IP address of the gateway/router.
ROUTER_USER root The ssh username for connecting to the gateway/router to run tcpdump.

SKYBELL_CMD_TCPDUMP and SKYBELL_CMD_MOTION may also be modified to change how tcpdump is launched, or to execute a different command when a button press or motion is detected.

Starting and Stopping

Start the doorbell sniffer process using:

sudo systemctl daemon-reload
sudo systemctl start skybell-sniff
sudo systemctl enable skybell-sniff

The following commands can be used to control and monitor the process:

Command Description
sudo systemctl daemon-reload Re-read /etc/systemd/system/skybell-sniff.service after any changes
sudo systemctl start skybell-sniff Start the process now
sudo systemctl stop skybell-sniff Stop the process
sudo systemctl enable skybell-sniff Start process automatically at boot
sudo systemctl disable skybell-sniff Prevent the process from being automatically started
sudo systemctl status skybell-sniff Check status
journalctl -u skybell-sniff -f Monitor activity

Copyright © 2017-2020 Alexander Thoukydides

Clone this wiki locally