Mirroring/intercepting SunPower Monitoring Traffic?

While the individual values I am capturing for panels and consumption meter match the old SunPower site, the total consumption and total production do not match the values being shown on the new Sunpower site. The numbers are a quite a magnitude different.

For example, for production today, my count based on the sum of the deltas in total production at each 5 minute sampling period for each panel (deltas between ltea_3phsum_kwh for each panel):

select
sum(l.total_lifetime_energy_delta_kwh)
from
line l
where
l.type=130 and
l.ts > date(now());

Consumption comes out to 6.19 kWh, however, the new SunPower site is showing only 4.3 kWh.

Likewise, if I compare net energy usage, the number I get by comparing the start of the day to now is (the difference between the start of the day and now in net_ltea_3phsum_kwh) :

SELECT
((select l.total_lifetime_energy_kwh from line l where l.type = 140 and l.ts > date(now()) order by l.ts desc limit 1) -
(select l.total_lifetime_energy_kwh from line l where l.type = 140 and l.ts > date(now()) order by l.ts asc limit 1) )

Production comes out to 14.61, however, the new SunPower site is showing usage at 15.1.

Are there some other calculations I am missing? I believe all these numbers are already reported in AC.

I cannot take the credit... this was in part discussed earlier in this thread.

While connected, you can try: http://sunpowerconsole.net/cgi-bin/d...and=DeviceList to get a list of devices and their status.

I got some data for inverter production which matches the old SunPower website. However, I am having trouble comparing totals to what the new site is reporting. My total lifetime energy generated does not quite match what is reported on the site.

Need to re-read the thread to see if anyone produced any math for converting the numbers to what Sunpower shows. The individual values match on the dot, but totals are off.

Based on the numbers I am seeing for the total lifetime energy, the sum of all my panels comes up with 1192 kWh (DC?), but the Sunpower monitoring site shows that lifetime production is 1130.33 kWh (AC?). I cannot explain the discrepancy between these two numbers and if there is DC->AC conversion going on, not sure how to do that conversion.

Has anyone come up with calculations on total consumption/generation that somehow matches what the Sunpower site is reporting? Again, the individual numbers (as I have labeled them) are on the dot. It is the cumulative and lifetime totals which seem to be somewhat off.

Good detective work, and good information. Thanks for sharing.

When I click on "Residential", I get "The PVS indicated there was a problem."

Is SP collecting your consumption data along with generation? They absolutely would have to encrypt consumption.

I just noticed that my browser opened up another tab at some point while trying to connect to the PVS. It rendered raw json. The only interesting things I see scanning through it is: "MODEL":"PV Supervisor PVS5", "HWVER":"3.3", "SWVER":"5.0.0, Build 313".

So you are 12 builds ahead of me.

Here are a few interesting commands gathered from the session:

1) Get version number: http://sunpowerconsole.net/cgi-bin/dl_cgi?Command=Start
2) Get communication interfaces: http://sunpowerconsole.net/cgi-bin/d...mmand=Get_Comm
3) Get a list of devices: http://sunpowerconsole.net/cgi-bin/d...and=DeviceList

Here are the steps to figure out the Firmware version of the device:

1) Remove the front panel, it's held in by the 3 screws on the bottom of the unit
2) Connect an Ethernet cable to the "installer's port" (see image 1)
3) Connect a device to the other end configured for DHCP
4) Visit sunpowerconsole.net
5) Press "Residential Install"
6) Press Next through to the Firmware Verification step (see image 2)
7) The screen will show the Firmware currently running

I played most of the day today trying to figure out how this is working. I did notice the cellular kick in when the broadband was disconnected. I was able to block with tinfoil around my unit. I also was able to create the firewall rules to block access to port 8883 which it appears to be using now to report via an encrypted method. If I used Block on the firewall, after a few minutes of trying the network unit inside the monitor resets and tries again with a different mac address. When set to Reject, the unit attempted to retry for a long time. All during the testing, the path through 204.194.111.66 was indeed open, however, the unit never returned to it.

Feels like there was a firmware update such that the unit started to send encrypted data.

Our install was done June 6th this year. So a fairly new install. Plugged in by power block back and have been monitoring traffic with WireShark. I did exactly what you suggested. Blocked any AWS servers (found 3 so far) that the unit tries to talk with while leaving 204.194.111.66 open. The only traffic I continue to see via 204.194.111.66 is the 100/102 reporting.

Looks like the unit does support "Automatic Firmware Upgrades".

Well, evidence is mounting that SP stopped sending clear text for you. Can you think of any reason why you might be on the cutting edge with them? Recent purchase maybe? Maybe related to whether or not signed up for consumption monitoring (I did not). Sure wish we could figure out firmware revisions.

I wonder what will happen if you block just 52.7.213.242, forcing exclusive path through of 204.194.111.66.

But I'm not sure that blocking specific IP addresses is definitive. Load balancing could leverage other IPs.

I too purchased panels, but SP was also my dealer/installer. I called the residential number listed at sunpower.com/support. They told me that I could send email, can't remember if it was supposed to go to technicalsupport or customersupport@sunpower.com.

I took the 4 hours to mean a hard continuous limit, though I can't be certain. I was under the impression that it was a 3G cost issue for them.

Given the flaky nature of my powerline, I'm surprised that your installer didn't provide a second network option. You might want to start with them. Tell them you've noticed networking issues in your house affecting powerline and that you're concerned about the integrity of your data.

Does that mean 4 hours per day or 4 hours total or 4 hours of actual sending of data (which could take quite a bit of time to exhaust as it probably takes a couple of seconds to send the stats for an hour)?

What phone number did you call to reach SP? I had my system purchased so I think my options are to either chat with them via the web-site or talk with my installer.

Interesting device... wondering if I should wrap it with tin foil...

This is the unit I have: http://www.southcoastsolar.com/docum...-Datasheet.PDF. According to the specs it has 3G UMTS.

I now blocked 52.7.213.242 (which is the AWS machine I saw traffic going to) as well as 204.194.111.66 which is the collector end point. I am still seeing usage and generation data being reported by the SunPower website. The updates are on the hour now, not every 5 minutes. So, it cannot be using WiFi as I do not see any unrecognized devices. Furthermore, all traffic on the FireWall has been blocked to the above two IP addresses. I am starting to think that there is some sort of a low-band wireless device built into the unit such that it can still deliver stats, but only once per hour.

It may be that the built-in cellular has taken over. When I spoke with SP support, they indicated that cellular will function for up to 4 hours (as per my memory). They asked me to leave my powerline disconnected for the duration while they researched wifi status.

So, after about an hour of no data, everything came in for an hour with all the details. I am wondering if the unit has some sort of mobile communication capability, such as 2G? I now blocked any outgoing traffic at my firewall, to see if the data flow stops.

Something really strange is happening. At first, I was convinced that the data was going via the power brick. Since my monitoring was still picking up 100/102 lines. So, I unplugged the power brick and waited. The web-site still showed data was coming in. This morning, I am still trying to figure out how the data is reaching the website. Could be going over wifi, but I am not able to find the IP of the device on the network. It so happens I had another power brick network in the house, so perhaps it switched to using that network? I just unplugged that power brick network to see if the data stops. When I log into my wireless router, I don't see any unknown devices in the DHCP table. So, I am puzzled as to how the traffic is still being sent out.

I unplugged the cable from the switch and no data was being reported by the website. So it is still using the power brick. I am kinda bummed as I kinda liked knowing exactly how each panel was performing and this was going to be a fun project to work on. Need to do some nmap scans against service port to see what's open.

To install a cert, you would need to be able to login to the PVS. I assume it is Linux based, so you would need to ssh, which means you would need to get lucky guess with password. I guess they might have a back door through the service port, but who knows..

Make sense that HTTPS initiator would require special treatment, or no one could bank over the web. I'm afraid I sent you down an unlikely path.

I think highly unlikely that SP switch to https without a firmware update. I've been unable to determine what version I have (or even if it is upgradeable).

When I made a wrong turn due to PVS switchover to wifi, I called SP support and asked them if there was a problem with my system because my powerline adapter wasn't working. They had to refer to second tier support, and eventually I was informed definitively that wifi was enabled even though I had no recollection of telling the installers my wifi password. You might want to do similar and see if you can get them to tell you how the PVS is managing to report while your powerline is unplugged.