Mirroring/intercepting SunPower Monitoring Traffic?

This weekend I did some more experimentation of watching the TCP traffic from the SP supervisor, and I think I've figured out how to interpret the data. To do this I used a man-in-the-middle style tap, i.e. took a computer with two network interfaces (I used two ethernet-to-USB "adapters"), with the SP powerline adapter plugged into one, and the other leading to my router, then setup a software bridge and used tcpdump to capture the traffic so I could walk through it offline afterwards. I captured an hour of data, during a time when I had both consumption and production.

I won't go into the details of their posting protocol here, but let's just say that all the data from the WattNode net meter and the SMA inverter are available (as well as some meta-data from the SP supervisor). Of these, the most relevant values are the "Inverter Interval Energy Produced(kWh)" (i.e. the "interval production energy"), and the "Net Meter Total Lifetime Energy(kWh)". The latter is only useful when you compare t0 with t-1, and that delta yields the interval net meter energy (i.e. the "interval net energy"). So then the "interval consumption energy" is just the "interval production energy" + the (potentially negative) "interval net energy". Now with both interval consumption and production values, I've got what I need.

So I wrote a perl script (using the Net::Pcap and Network::Packet::{Ethernet,IP,TCP,UDP} modules) that can observe the traffic, and extract the "Inverter Interval Energy Produced(kWh)" and "Net Meter Total Lifetime Energy(kWh)" values, to produce the "interval production energy" and "interval net energy" values (the latter can only be had after the second set of data posts, since it is a delta-from-previous). I should then (haven't gotten here yet) be able to use that to trigger my cross-posting script (I do not want to do any heavy-lifting in the pcap packet callback, and perl doesn't really support multi-threading very well), which will then collect the data into local files for local hosting (see details in my previous reply) and cross-post to PVOutput. Worst comes to worst, I can simply collect the data into a file, and have the cross-posting script poll that file for new entries; this will still be quicker than polling the SP site, since I can use a much shorter polling interval.

Now the MitM approach to tapping/observing the packets is annoying, probably has performance implications, and will take the network down if the host goes down, so I'm not too keen on that. Furthermore, it requires two _additional_ network interfaces (since I'm using the main one for hosting and cross/posting, and the bridge requires dedicated NICs), which not only means two additional USB dongles consuming both USB ports on my rPi, but much greater (well, relatively) power consumption for the rPi... I'm looking into network switches that support mirroring of selected ports, or even a simple old-fashioned hub (if I can find one), since true hubs mirror all traffic to all ports, or even a simple tap. That way my rPi can coexist on the network with the SP powerline adapter, and not interfere with it, just observe the traffic. It can also use the same NIC for both observing the packet flow, and for hosting and cross-posting the data. The only caveat is that the NIC will be running in promiscuous mode to allow for observing the traffic, and I'm not sure if that will result in performance issues for the poor little rPi...

I'll post more as I make more progress, in case there is anyone still reading this... I will not post the details of the SP protocol (or where the traffic is going), as it's possible SP might consider that intellectual property or something, and I am also keen to not piss off the "powers that be" that own/moderate solarpaneltalk.com. Sniffing the traffic and reverse-engineering the protocol are neither illegal nor unethical, but posting the details of what I've found is grey enough that I think it wise to avoid... However, I can say that it's fairly straight-forward to replicate what I've done, so anyone handy with the technologies involved can do so on their own.

This is identical to the system I have, except I also have the "Consumption Monitoring Kit", which is just a WattNode sensor connected to the "PV Supervisor" via RS-485.

No, just through SunPower's site(s).

I am using a "feature" of their public site that lets you download csv files with the interval data. It is basically an API, but not a published one, and I fear that one day they will stop supporting it, especially if they realize that people are using it to mine the data, and especially if they notice the frequency of this mining (every 5 minutes or so)...

I use a perl script (running on a Raspberry Pi) that pulls the data from the SP site, massages it for how PVOutput likes it (notably for energy vs interval power, and also the date/time format), and then posts it to PVOutput using their posting API. I have a web front end to restart this perl script when it dies (which happens when the SP or PVOutput sites are down, or we lose the network (thank you Comcast...)); I am also making the script more robust as well, to get it so that it simply waits and re-tries when it encounters network issues.

I recently decided to go ahead and host the data directly, in addition to mirroring it to PVOutput, so the same perl script also collects it to local .csv files, and also aggregates daily/monthly/yearly totals. I then wrote a web interface that will download those .csv files, and present the results (both in a graph using SVG and a table) with interactivity, all using javascript on the client side. Since I'm hosting both the data-collection/cross-posting script and the web interface on the rPi, I needed to keep computation light, so I'm letting the client do the graphing, rather than doing it server-side. All modern browsers on reasonable systems (even my super-slow first-gen iPad) render the data in a responsive fashion. I'm pleased with the results.

Yes, it's working fine for me. The only gotcha I encountered was that sometimes the most recent data values are reported back as available, but the values are not accurate. So I intentionally ignore the last couple entries, which of course extends my latency by 10-15 minutes. My total latency, with this additional latency due to skipping the last couple entries, is about 20-25 minutes. Not realtime, but close enough, I suppose.

But I think I've had a breakthrough in the approach of monitoring the traffic now, using a man-in-the-middle approach, and will follow up in another post soon...

I think the architecture on all of the Sunpower systems is not identical.

The system I'm interested in has the following:
RS-485 from SMA inverter to "PV Supervisor"
Ethernet from PV Supervisor to Powerline converter
AC power from Powerline converter to Ethernet Gateway
Ethernet from Ethernet Gateway to modem/router

No consumption monitoring has been installed yet, but the system has not yet received PTO and the installer won't fully hook up the monitoring system until after it has been running for a week or so. Perhaps a Wattnode meter with CT's is still coming. If it does, I am guessing it will either hook up to RS-485 port 2 on the PV Supervisor, or it will daisy chain with the RS-485 to the inverter.

The RS-485 messaging should be much easier to decode than the TCP/IP, but the hardware to get in the middle of that is more expensive, especially if the Wattnode meter and the Inverter are not on the same RS-485 chain. SMA's RS-485 protocol is available (although, for whatever reason, they choose not to support Sunspec/Modbus in the RS-485 card, only the Webconnect card), as well as Wattnode's.

Open questions for me, that some of you might be able to answer:

1) Is data also available from the SMA Sunny Portal, or only the Sunpower site?
2) Is data from the Sunpower site available from a direct API call, or are you scraping it from a page?

Honestly, getting production and consumption from the Sunpower site, even with a 15 min delay, would be an adequate solution that would enough to publish to PVOutput, but if it is only scraped, it isn't likely to be very robust.

Bummer...

I think I'm back to my MitM solution then, sniffing the packets coming from the SunPower supervisor, and decoding that. From my experimentation to date, this gets me all the data in realtime _except_ the actual cons/prod energy data (which, erm, is the most important...), and then I can download that about 10-15 minutes after the fact from the SunPower site... I suppose I could try to figure out how the SP supervisor is deriving that data, since it must be deriving it from the data from the inverter and WattNode monitor data, presumably?

Or I could figure out the format of the binary base64 payload that the SP supervisor is sending as "system" data...

If I get either of those figured out, then I would have no need to poll the SP website... It's the last piece of the puzzle...

Unfortunately, you can only one monitoring card installed in the inverter at a time.

Thanks, logdin, yes, that's the setup I have.

I wouldn't mind getting the WebConnect card, do you know if both the RS-485 and WebConnect option cards can be active at the same time? I'd rather not perturb the existing SunPower monitoring setup, but would love to be able to additionally add in the ability to directly access the SMA inverter via the WebConnect card. Yes, I like to both retain, and consume, my baked goods...

Thanks, sensij, I will be interested to hear your progress! The inverter is connected to the SunPower "supervisor" directly via RS-485, otherwise (if it were via the Webconnect card) I think it would be more straightforward.

I'm using a Raspberry Pi for the data management. I've had it for a while, got on a whim, and didn't have a project for it at the time, so it sat idle for a long while. It's working beautifully at this task now; surprisingly well for a $35 device.

Currently, I download the prod/cons data from the SunPower site every 10 minutes, massage it and store it locally. I have a web interface to graph and present the data, which fits my needs. But so far all I have is the prod/cons data, and I know (from the old SunPower monitoring site) that there are a lot more data types available, not only from the inverter. Regardless, the rPi should be sufficient for any processing, data movement/interception or other tasks.

I have done some packet captures using the rPi as a man-in-the-middle bridge, and I can see the POSTs that the SunPower supervisor is doing to its posting server, but most of the data is base64 packed-binary data, which without knowing the specifics of the protocol, and without extensive reverse-engineering, will be difficult (at best) to figure out... Was hoping someone else may already have done this. I doubt SunPower would be helpful, and am loathe to contact them, as their "tech support" folks seem to be somewhat clueless (even for simple things like when their website is down, I get answers like "is your computer plugged in?" (*facepalm*) ).

I'm pretty sure that the SunPower monitoring setup uses the RS-485 connection method.

The SunPower monitoring device basically takes the place of the SMA WebBox.

thanks for share

I tried to respond earlier this morning, but my message timed out will writing. I'm interested in knowing the answer too. Sensi has you headed down the right path. SMA brands a module called a "webconnect" that provides direct ethernet connection from the inverter to your home network. If you have a direct network connection to your inverter, and find its IP, there's a chance that some creative SMA users/developers have developed software that queries the inverter, stores it in a mysql database, and uploads to PVoutput.

If this sounds like your setup, PM me, and I'll provide some of the Pi based software I know PVoutput users are using for their SMA setups. I dont want to get in trouble with the moderators by posting it, especially if it turns out it is a dead end.

If you have the RS-485 setup, then you are probably using another device that has the ethernet connection and performs the upload to Sunpower. Thats likely a non starter with the SMA approach. Perhap GITHUB may provide some results.

There are ways to intercept and rebroadcast the TCP/IP packets, but I'm not sure that is really the best approach to achieve your goal. I will be attempting to solve the same problem on a coworker's system in the next couple weeks, and will let you know how it goes. I intend to try polling the inverter directly. Do you have a Webconnect card in your inverter? How is the Sunpower equipment connected to the inverter... via RS-485, or ethernet? What kind of device to you intend to use for your data management... something dedicated like a Raspberry Pi, or maybe Windows software that will run on a server that is always on?

Thanks for the link to the old advanced view SunPower monitoring site. That's really cool!

However, there is no way to download the data without interacting with the UI. Again, the goal here is to download the data locally, so I can present my own web page with the data. This Flash-based () website only allows downloading the data that is currently being presented in the graph, and only 4 parameters at a time, and you have to manually click on the export button to get it. There is no URL to curl programmatically to get the data (the flash-based data exchange is tied up with their authentication model).

So in case there are others lurking, again does anyone have any experience intercepting the network packets from the monitoring "supervisor" unit to the sunpower servers, so I can collect the data in parallel?

Excellent, thanks!

The site you indicated works with the normal (lame) user account.

I had been disappointed with https://monitor.us.sunpower.com and the lack of any detailed information.

The site https://www.sunpowermonitor.com/partner/partner.aspx# takes the same username and password and provides a lot more data, specifically with information on your inverter(s).

Geez I should. I have it saved and go there pretty much daily...can't seem to find the way in from the standard site anymore. It's been awhile!

Here's the link sans my 5digit address if that helps:

Do you have a link? The only website I know about is the standard monitoring website, which just offers basic consumption and production monitoring data...