Zigbee Tools Wireshark |
您所在的位置:网站首页 › ubiqua protocol analyzer › Zigbee Tools Wireshark |
Zigbee Tools Wireshark
|
Table of Contents
1. Overview
2. Sniffer File Format
2.1. CUBX File
2.2. ISD File
3. Using Wireshark
3.1. Frequently Used Zigbee Filters
3.1.1. MAC Layer Filter
3.1.2. NWK Layer Filter
3.1.3. APS Layer Filter
3.2. Customize Color
1. Overview
Sniffer is a useful tool to analyze Zigbee network issues. Currently, there are three typical sniffer tool in the industry: Ubiqua Protocol Analyzer Wireshark Network Analyzer in Simplicity StudioUbiqua Protocol Analyzer is a commercial software and it's pretty expensive. Network Analyzer can only be used in Simplicity Studio. Furthermore, Network Analyzer is pretty slow when analyzing big sniffer files. Wireshark is an open-sourced software and free to everyone, and it's also possible to add plugins to decode custom file format. It's much much faster than Network Analyzer to analyze big files. In this page, we will introduce how to analyze Zigbee network issues with Wireshark. 2. Sniffer File FormatUsually we met three files types of sniffer file: .cubx file .dcf file .isd fileCurrently, Wireshark can open .dcf file directly. 2.1. CUBX File.cubx file is the capture file format used by Ubiqua Protocol Analyzer. There is a Wireshark plugin which can be used to decode .cubx file in Wireshark. Below is the steps of using this plugin: Download Wireshark 3.2.5 or 3.4.5 (Currently, only provided for these two version) from Wireshark download page, then install it. Download Wireshark cubx plugin. version 3.4.5: Put cubx.dll at Wireshark\plugins\3.4\wiretap Put usniffer.dll at Wireshark\plugins\3.4\epan version 3.2.5: Put cubx.dll at Wireshark\plugins\3.2\wiretap Put usniffer.dll at Wireshark\plugins\3.2\epan Start Wireshark as administrator, and you can open the .cubx file with it. The reason why it needs to be opened with administrator is that the plugins will extract the keys from the cubx file and store them in user's config. 2.2. ISD FileISD file is not supported by Wireshark right now, but it's possible to write a Wireshark plugin to support it. 3. Using Wireshark 3.1. Frequently Used Zigbee Filters 3.1.1. MAC Layer Filter Filter Value Description wpan.frame_type Beacon Command Data Beacon wpan.dst_pan 16-bit number wpan.dst16 16-bit number wpan.src16 16-bit number 3.1.2. NWK Layer Filter Filter Value Description zbee_nwk.frame_type Data Command zbee_nwk.dst 16-bit number only filter dest Node ID zbee_nwk.src 16-bit number only filter src Node ID zbee_nwk.addr 16-bit number filter both dest and src Node ID zbee_nwk.dst64 64-bit hex filter dest Eui64 zbee_nwk.src64 64-bit hex filter src Eui64 zbee_nwk.addr64 64-bit hex filter both dest and src Eui64 zbee_nwk.cmd.id 8-bit number 1 - Route Request 2 - Route Reply 3 - Network Status 4 - Leave 5 - Route Record 6 - Rejoin Request 7 - Rejoin Response 8 - Link Status 9 - Network Report 10 - Network Update 11 - End Device Timeout Request 12 - End Device Timeout Response zbee_nwk.cmd.status 8-bit number 0x0D - Address Conflict 0x0F - PAN ID Update 3.1.3. APS Layer Filter Filter Value Description zbee_aps.type Data Command zbee_aps.dst 8-bit number Destination Endpoint zbee_aps.src 8-bit number Source Endpoint zbee_aps.cluster 16-bit number Cluster zbee_aps.profile 16-bit number Profile zbee_aps.cmd.id 8-bit number 0x05 - Transport Key 0x06 - Update Device 0x07 - Remove Device 0x08 - Request Key 0x09 - Switch Key 0x0E - Tunnel 0x0F - Verify Key 0x10 - Confirm Key 3.2. Customize ColorWireshark allows users to customize the display specific packets with a specific color. Below are the steps of customizing color: In menu "View", select "Coloring Rules", you will see a dialog about coloring. First add a rule, set its name and filter, then pickup a color you want.
In menu "View", toggle the item "Colorize Packet list" to toggle whether you want to show the color or not.
|
【本文地址】