wireshark

malvira edited this page Mar 22, 2013 · 2 revisions

Using Wireshark to sniff 802.15.4/Zigbee/6lowpan traffic:

Econotags are easy to use as 802.15.4, Zigbee, or 6lowpan sniffers.

wireshark capture: 6lowpan RPL traffic

Firmware

The firmware used to sniff 802.15.4 with Econotags is the rftest-rx program. This is part of libmc1322x. You can also buy econotags pre-programmed with this firmware from the Redwire Store.

Generating a .pcap

The next step is to run the control python script, rftestrx2pcap.py, (also part of libmc1322x). This script will set the channel on the econotag and then create a .pcap with the packets received.

Download rftestrx2pcap.py

rftestrx2pcap.py

Install dependencies

Needs pyserial

Debuntu

apt-get install python-serial

PIP

pip install pyserial

Usage

./rftestrx2pcap.py tty chan [outfile]

rftestrx2pcap.py takes the tty/com port as the first argument and the 802.15.4 channel as the second (from 11 through 26). The third argument is an optional output file.

Linux

Dump packets to a file:

$ ./rftestrx2pcap.py /dev/ttyUSB1 26 > foo.pcap

This .pcap can then be opened in wireshark.Alternatively for live captures, you can pipe directly into wireshark with:

$ ~/libmc1322x/tools/rftestrx2pcap.pl -t /dev/ttyUSB1 | wireshark -k -i -

Windows

For windows you can use the optional third argument to output to a .pcap:

$ ./rftestrx2pcap.py /dev/ttyUSB1 26 foo.pcap
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.