Something that is alot of fun to any geek is to work around any limitation imposed on a device, either to see how it works under the hood or to expand its capabilities.
In and IT environment this happens all the time with people overclocking hardware, jailbreaking phones, installing OS X in non-supported hardware and so on.
I have decided to put here in writing how I explore what my IPTV device does when connected to the network. For this I will use my laptop, two ethernet cables, the ethernet port on my laptop, an usb to ethernet adaptater, Wireshark and the OS X capability of sharing the internet connection.
Straight forward the steps are:
- Install Wireshark
- Install the usb to ethernet adaptor
- Connect one cable to the wall
- Connect the other ethernet to the IPTV
- Set up dhcp for both ethernet interfaces
- Launch Wireshark and start capturing on the bridge0 interface (tcpdump is great but this is better)
- In the sharing preference select to share the internet from the wall connected interface
- Turn on your IPTV
It is all about filters!
When you do something like this the amount of data you get is huge. So if you don’t start filtering you won’t get to your needle. In my case I wanted to see to wich server it was connecting and wether the negotiation was done encrypted or not.
Well as it turns out when the device turns on it does encrypt the connection and negotiates using the MAC address to download the list of available channels that you can access. This comes as no surprise because when you upgrade your subscription you need to provide the devices MAC address. The good thing, and here is the find, is that the actual viewing channels is done trhough a non encrypted UDP multicasting.
I did setup the following filter that allowed me to narrow down the channel negotiation after realizing that the in and out of channels was done via IGMPv3
This is how it looked like
The only thing left is to fire up a viewer like VLC, connect to the UPD stream and voila! you have an IPTV in your laptop.