Header Byte Swapping on LAN protocol

Hi All,
I think I have my decoding for the received UDP messages from the bulbs messed up, is any able to decode the raw and tell me what i should be getting, Thanks.

What I have: Raw: 0x 29 00 00 54 00 00 00 00 D0 73 D5 00 07 43 00 00 4C 49 46 58 56 32 00 00 C4 F4 D9 50 ED 03 2A 14 03 00 00 00 01 7C DD 00 00 Header: Size: 41 Origin: 1 Tagged: false Addressable: true Protocol: 1024 Source: 0 Target: 0x D0:73:D5:00:07:43:00:00 ReservedA: 0x 4C:49:46:58:56:32 ReservedB: 0 AckRequired: false ResRequired: false Sequence: 0 ReservedA: 536883882 PacketType: 3 ReservedD: 0 Payload: 0x 01 7C DD 00 00
What I am looking to do is identify the message as a LIFX bulb and then decode to update my status in my program.

Here is the results when I plugged the raw data into my python dissector:

lifx_packet(
  frame_header=frame_header(
    size=41,
    origin=1,
    tagged=0,
    addressable=1,
    protocol=1024,
    source=0),
  frame_address=frame_address(
    target=73697357820880,
    reserved1=55346429577548,
    reserved2=0,
    ack_required=0,
    res_required=0,
    sequence=0),
  protocol_header=protocol_header(
    reserved1=1452978147579000004,
    pkt_type=3,
    reserved2=0),
  payload=payload_stateservice(
    service=1,
    port=56700))

So your app seems to have decoded it properly.

Thanks Daniel,
another quick question is there an easy way to tell if the UDP packet is from a LIFX bulb?

As I get some strange packets on port 56700 I’ll try and log one next time it happens.

Instead of listening on port 56700 I recommend listening to an ephemeral port, and then sending them through that socket. This way the packets will be sent with the source port of the port you are listening on. Then if you set the source field to non zero the packets will be returned to that port and your listening socket. You are much less likely to see other traffic this way.

One way to possibly tell if the packet comes from a LIFX bulb would be to look at the MAC address. Currently all LIFX MAC addresses should start with D0:73:D5. This isn’t really future proof though as in the future we might get more MAC address ranges.