wireshark

malvira edited this page Mar 22, 2013 · 2 revisions

Using Wireshark to sniff 802.15.4/Zigbee/6lowpan traffic:

Econotags are easy to use as 802.15.4, Zigbee, or 6lowpan sniffers.

wireshark capture: 6lowpan RPL traffic

Firmware

The firmware used to sniff 802.15.4 with Econotags is the rftest-rx program. This is part of libmc1322x. You can also buy econotags pre-programmed with this firmware from the Redwire Store.

Generating a .pcap

The next step is to run the control python script, rftestrx2pcap.py, (also part of libmc1322x). This script will set the channel on the econotag and then create a .pcap with the packets received.

Download rftestrx2pcap.py

rftestrx2pcap.py

Install dependencies

Needs pyserial

Debuntu

apt-get install python-serial

PIP

pip install pyserial

Usage

./rftestrx2pcap.py tty chan [outfile]

rftestrx2pcap.py takes the tty/com port as the first argument and the 802.15.4 channel as the second (from 11 through 26). The third argument is an optional output file.

Linux

Dump packets to a file:

$ ./rftestrx2pcap.py /dev/ttyUSB1 26 > foo.pcap

This .pcap can then be opened in wireshark.Alternatively for live captures, you can pipe directly into wireshark with:

$ ~/libmc1322x/tools/rftestrx2pcap.pl -t /dev/ttyUSB1 | wireshark -k -i -

Windows

For windows you can use the optional third argument to output to a .pcap:

$ ./rftestrx2pcap.py /dev/ttyUSB1 26 foo.pcap