ArtNet Not Going Through? Your Switch Might Be Protecting You

Screenshot of Wireshark, showing that source and destination port for ArtNet packets are the same

Cool technology often comes at a cost, and it’s not always that this cost is justified. For instance, [Rainfay] tells us about how the the ArtNet protocol’s odd design choices are causing incompatibility with certain Ethernet switches. ArtNet is a protocol for lighting control over DMX-512 – simply put, it allows you to blink a whole ton of LEDs, even literally. Unlike DMX-512 which can use different physical mediums, ArtNet uses Ethernet, taking form of the usual kind of network packets – and it does seem to do a great job about that, if it weren’t for this one thing.

For some reason, ArtNet connections are required to use the same destination and source port – unlike the usual network traffic, where the destination port is protocol-dependent and the source port is randomized. This behaviour violates RFCs, and not just in an abstract manner – such behaviour is indicative of certain kinds of attacks, that switches on the smart side are able and are supposed to prevent. As a result, ArtNet traffic actually triggers some protections on switches at the fancier end, specifically, so-called BLAT protection.

In short, if your ArtNet stream is mysteriously not going through and your switch is on the fancier side, [Rainfay] says you might need to disable some security mechanisms. Sadly, as she points out, this problem isn’t even a direct consequence of some inherent property of ArtNet, but merely a consequence of a bizarre design choice. Once you’re done disabling protections, however, do check out some ArtNet projects for inspiration – it’s a genuinely useful protocol supported in a ton of fancy software, and it might be that you want to use it in the firmware of your RGB strip controller board!

11 thoughts on “ArtNet Not Going Through? Your Switch Might Be Protecting You

  1. Does traffic actually need to follow that rule, or do manufacturers just ignore it? I’ve only used it with Arduino based implementations and never heard of it before, and it seems rather pointless.

    1. It’s widely used in the professional lighting industry. Became increasingly popular when the limitations of DMX became overwhelming, like when you need to control a lot of LEDs separately.

    2. These rules are just recommendations. Good for internet connections, not needed for isolated networks. Art-Net isn’t designed to co-exist with general purpose IP networking on the same medium.

    3. ArtNet is basically obsolete. sACN has replaced it in just about any professional application. Only very old hardware will only support artnet. sACN has some technical advantages but being non proprietary is just about reason enough.

    1. The importance of source port randomization is a newer thing, it came to light a decade or two ago because of the DNS spoofing exploits. Basically, the consensus was that any benefits of predictable source ports (using a source port below 1024 requires root, so it was supposed to be “safer” by keeping out the riffraff) was far outweighed by the real world drawbacks, as it made udp spoofing attacks straightforward.

      So the old protocols get retrofitted with random source ports and we officially declare predicable source ports to be stupid, and tell people to quit it.

        1. Well, since most, but not all, destination services have destination port addresses below 1025 and the source port number is random generated from 1025 to 65534 that won’t happen often.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.