Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] how to capture tinyos packets with wireshark?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 18 Aug 2010 16:35:05 -0700
On Aug 17, 2010, at 11:48 PM, Hamidreza Ghafghazi wrote:

> I have been using tinyos and need to capture its packet info for further analysis. I found out that wireshark is so great and powerful so  I installed it on ubuntu. the problem however is that I cannot capture tinyos packets because the packet is not an IP one.

Wireshark is perfectly capable of capturing non-IP packets; nothing whatsoever in Wireshark prevents it from capturing non-IP packets and, in fact, I capture ARP packets, for example, all the time.  (No, ARP packets are not IP packets, even though they're used by IPv4; they're also used by other protocols, and they are layered directly atop Ethernet or various other 802.x link-layer types, not atop IP.)

The only limitations on the packets that Wireshark can capture are the limitations of the hardware on the machine on which Wireshark is running and the libpcap/WinPcap software that Wireshark uses to capture using that hardware.

> Actually TinyOS is an OS for Sensor motes and communicate via wireless link which the protocol is 802.15.4
> In addition, nodes should be connected to PC with USB port

I doubt that *all* of the sensor nodes need to be connected to a PC - presumably there are some that aren't, and that communicate only with other nodes or a host using 802.15.4.

> but the problem is Wireshark cannot detect it since it uses different packet format.

Wireshark is quite capable of handling 802.15.4, even if the traffic sent over the 802.15.4 network isn't IP-based.  The hard part is *capturing* 802.15.4, which requires

	1) hardware capable of capturing it

and

	2) software that can talk to that hardware.

The page on the Wireshark Wiki for 802.15.4:

	http://wiki.wireshark.org/IEEE_802.15.4

says:

	What capture hardware is being used?

	It's an Exegin Q51 IEEE/802.15.4 ZigBee Transceiver, which captures and forwards radio traffic over a TCP/IP connection.

The link from that page for that device is at

	http://www.exegin.com/hardware/q51app.php

Released versions of libpcap/WinPcap don't support capturing 802.15.4 traffic; however, the current top of the trunk and the libpcap 1.1 branches both include a patch to support capturing 802.15.4 traffic on Linux.  The Linux 802.15.4 code it works with (which is not currently in the mainstream kernel) might, however, only be able to capture 802.15.4 traffic sent by or received by the Linux machine, rather than all the traffic on the air.

> I have search a lot and have found out that I need to use socket programming to connect TinyOS to a socket and then to Wireshark.

Where did you see that?  I'm not sure what "connect TinyOS to a socket" means - it appears that BLIP:

	http://docs.tinyos.net/index.php/BLIP_Tutorial

provides a socket API inside TinyOS, but that just allows the device running TinyOS to send and receive IPv6 packets, that's not anything that helps with capturing network traffic.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube