With WireShark удалось захватить два пакета нового сетевого протокола CoAP.

Contrained Application Protocol (стандарт RFC 7252) предназначен для "Интернета вещей" и действует на основе UDP. Этот простой протокол позволяет общаться машинам между собой (M2M - machine to maChine).

The first package - a request for a device to the server 188.34.167.226:
Frame 13: 103 bytes on wire (824 bits), 103 bytes captured (824 bits) on interface 0
Ethernet II, Src: Keenetic_0f:40:ef (50:ff:20:0f:40:ef), Dst: router.lan (c4:ad:34:45:6a:fb)
Internet Protocol Version 4, Src: 192.168.0.73 (192.168.0.73), Dst: static.226.167.34.188.clients.your-server.de (188.34.167.226)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 89
Identification: 0xfaca (64202)
Flags: 0x4000, Don't fragment
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x1ad3 [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.0.73 (192.168.0.73)
Destination: static.226.167.34.188.clients.your-server.de (188.34.167.226)
User Datagram Protocol, Src Port: 56911 (56911), Dst Port: coap (5683)
Source Port: 56911 (56911)
Destination Port: coap (5683)
Length: 69
Checksum: 0x8392 [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
Constrained Application Protocol, Confirmable, POST, MID:41783
01.. .... = Version: 1
..00 .... = Type: Confirmable (0)
.... 1000 = Token Length: 8
Code: POST (2)
Message ID: 41783
Token: 398d7e264ddd9768
Opt Name: #1: Uri-Path: a
Opt Name: #2: Uri-Query: cid=4cef9cfe-af0c-11e8-8f23-df6cd39224ef
Opt Name: #3: Uri-Query: r=ru
[Response In: 59]
[Uri-Path: /a]

Second package - server response

Frame 59: 75 bytes on wire (600 bits), 75 bytes captured (600 bits) on interface 0
Ethernet II, Src: router.lan (c4:ad:34:45:6a:fb), Dst: Keenetic_0f:40:ef (50:ff:20:0f:40:ef)
Internet Protocol Version 4, Src: static.226.167.34.188.clients.your-server.de (188.34.167.226), Dst: 192.168.0.73 (192.168.0.73)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x40 (DSCP: CS2, ECN: Not-ECT)
Total Length: 61
Identification: 0xa920 (43296)
Flags: 0x4000, Don't fragment
Time to live: 52
Protocol: UDP (17)
Header checksum: 0x7859 [validation disabled]
[Header checksum status: Unverified]
Source: static.226.167.34.188.clients.your-server.de (188.34.167.226)
Destination: 192.168.0.73 (192.168.0.73)
User Datagram Protocol, Src Port: coap (5683), Dst Port: 56911 (56911)
Source Port: coap (5683)
Destination Port: 56911 (56911)
Length: 41
Checksum: 0x38a3 [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
Constrained Application Protocol, Acknowledgement, 2.04 Changed, MID:41783
01.. .... = Version: 1
..10 .... = Type: Acknowledgement (2)
.... 1000 = Token Length: 8
Code: 2.04 Changed (68)
Message ID: 41783
Token: 398d7e264ddd9768
End of options marker: 255
[Request In: 13]
[Response Time: 0.049948917 seconds]
[Uri-Path: /a]
Payload: Payload Content-Format: application/octet-stream (no Content-Format), Length: 2
Data (20 bytes)
Data: 3138382e3133342e38362e3232363a3536393131
[Length: 20]

COAP packages analysis:
Port of destination - 5683 , protocol udp .
In the first, the pointer is transmitted ( uri-Query: cid=) во втором возвращается значение (Data).
Server STatic.226.167.34.188.clients.your-server.de (188.34.167.226)
The length of the request package 89 byte, the answer consists of 41 byte.

As you can see, in this case, the answer contains a line in the form of a set of hexadecimal numbers without spaces:
31 38 38 2e 31 33 34 2e 38 36 2e 32 32 36 35 36 36 31 31 31 31 31
(These digital data may contain, for example, control commands for the final device or, on the contrary, telemetry for the server - battering fields about turned on/off the device buttons, information about temperature, voltage, toner level, and the number of printed pages).

What is the CoAP Internet protocol

CoAP protocol is a simplified HTTP protocol operating through UDP.
Unlike the HTTP, the protocol, which is strictly text, CoAP can transmit in the request and answer and binary data too.

Since the UDP does not guarantee delivery, the reception control is implemented.

In order to save the resources of the transmission channel, CoAP is often used in the COAP protocol " piggy-backed " answer. (In logistics in the field of cargo transportation, this term "Piggyback" it means Associated cargo delivery ). Here, in the receipt of the reception, the results of the request is immediately sent to the reception.

Для передачи текста в запросах и ответах используется кодировка UTF-8. Если в качестве запроса или полезной нагрузки используется строка, то её длина не превышает 270 байт. Что сделано для маломощных устройств (с малым объемом ОЗУ). Но некоторые теги могут повторяться по нескольку раз, чтобы передать всю необходимую информацию.

Security : The answer must comply with the request ( "Request/Response Matching" ).
In Piggy-BackED response to the response toke should correspond to the query token.

Request:

Answer:

I note that the time between the request and the answer is small - only 50 milliseconds.

Description of the fields of request and response

Options are divided into two groups of "critical" and "optional". The difference is how the nerespaned parameters are processed by the end point:

• The optional parameters, if their value is not recognized by the end point, should be silently ignored.
• Unrecognized parameters of the class "critical" in the correctly compiled request, should cause the "Bad Option" error. This response should include a suitable for a person to read an error message.
• All unrecognized "critical" messages in the answer must be rejected with the message about the restart
• The optional parameters in the response of the server, not recognized by the client, must be silently ignored.

Critical and optional messages from the "obligatory" should be distinguished. No COAP option is mandatory. All these rules are invented for processing unrecognized (or unrealized) requests and answers.

Conclusions:

1. Studying the Internet of Things using WireShark открывает лишь наружную часть протокола (можно узнать IP адрес сервера, запрошенный URI ресурс и ответ - данные в закодированном или ином нечитаемом для человека виде).

2. Although the request and data were decoded, it is impossible to understand the internal logic of the application: to find out why the device is intended for, and who is the owner of the domain where the data was sent.

3. The packages that I intercepted are very short - approximately 40-89 bytes long. Packages are in groups: request-response.

4. The period of time between programs (packages and groups) in the CoAP standard can be very significant - from several minutes to many months or even years.

CoAP protection using DTLS

If increased safety and protection of the contents from reading and changing during transmission are necessary, together with CoAP can be used DTLS - реализация TLS поверх UDP. При использовании DTLS обеспечивается защита соединений и протоколов, а также самих данных.

Sources:

• [IETF.PRG Drawer of Standard, Description](https: //tools.ietf.org/id/draft-ietf-core-coap-08.html)
• [RFC 7252, final version of the standard](https: // datatracker.ietf.org/doc/html/rFC7252)

• Article on wikipedia (Eng)

  Links:

• https: // coap.technology/

Related publications

Какую версию TLS использует сайт Налоговой инспекции РФ и как решить проблему, что её веб сайт не открывается?

Determination of processes that go on the Internet

Удаление пакета и службы tracker-miner-fs

VPN по протоколу L2TP за 5 минут

Root certificates update for PC in Windows