I originally I wanted an alarm that would send logs via IP to Splunk, so I bought a Visonic PowerMax and the PowerLink2 module(IP Interface). It wasn't quite as simple as I thought it would be, as I didn't realise that the module was really just meant to be for monitoring stations.

I decided that I would try and get it to work anyway. So while running Wireshark I could see that PowerLink was trying to talk with my laptop on dst_port 8080, and I set Splunk to receive traffic on TCP port 8080. Every two minutes the PowerLink keeps sending the below. At first I thought it was related to authentication, and then saw it mentions update.php and upgrade_status???

GET /scripts/update.php?serial=00a0a0&id=ID&account=001234&ver_sw=6.3.2&ver_hw=123&ver_var=6000&upgrade_status=0&configuration_status=0 HTTP/1.1
Host: X.X.X.X:8080
Accept: */*

I have never done any scripting or coding before and come from a networking background, but a fast learner and would really appreciate your help.


Posted 3 years ago