Pleasant nerdly surprises in Paradise... So I was troubleshooting my solar panel installation this morning, to see if I could figure out why the networking wasn't working properly. Last night, last time I checked, I was seeing something odd: I could ping the inverter for 45 seconds, then it would go down for 10 seconds, then backup up for 45 seconds, down for 10 seconds, and repeat forever. That didn't look very good, but I was tired so I went to bed.
This morning when I checked, I got a solid ping! The inverter was staying up just fine. So I thought I'd check to see if it was communicating with its monitoring server, which is up in the cloud somewhere. I tracerouted it as far as Frankfurt, but after that the routers stopped responding. So I logged into my MikroTik router in the shed, as I knew that it had some sort of a packet sniffing facility. I got that working, and discovered that every two minutes the inverter was indeed “talking” to a server. Naturally, that made me wonder what it was saying – but the packet sniffer in the router was fairly primitive, and basically just gave me an undecoded byte dump of the packet contents. I wanted more. I wanted the kind of powerful decoding, filtering, etc. that Wireshark provides.
So I started poking into the notion of setting up a mirror port, which is how I've monitored this sort of thing in the past. I figured that if I could set up a mirror port, then I could take my laptop out to the shed, connect it to the mirror port, and monitor to my heart's content. But ... my router doesn't support port mirroring. What to do?
On the MikroTik router's packet sniffing page, I noticed a feature I didn't understand – but it sure sounded intriguing: streaming. What on earth does that mean with respect to a packet sniffer? Well, with a little googling about I discovered that if you enable that, instead of logging the packets it will encapsulate them in a UDP protocol called TZSP and send them – stream them – to any IP address I want. Furthermore, Wireshark understands TZSP out of the box. So all I had to do was (on the MikroTik router) enable streaming to the IP address of my laptop (still in the house, connected as usual). Then I just ran Wireshark on my laptop, still in my bathrobe, and voila! My inverter's packets were magically appearing fully decoded in my laptop.
Jeez that was easy!