Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] (no subject)

From: Rahul Jain <rahul@xxxxxxxxxxx>
Date: Thu, 7 May 2009 03:15:05 +0200
Hello all,

I am running the following setup:
http://www.sics.se/contiki/tutorials/tutorial-running-contiki-with-uipv6-and-sicslowpan-support-on-the-atmel-raven.html

I am trying to understand the following packet:

16      35.577489       02:12:13:ff:fe:14:15:16 Broadcast       IEEE
802.15.4   Data,
Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS

Frame 16 (111 bytes on wire, 111 bytes captured)
Ethernet II, Src: MS-NLB-PhysServer-18_13:14:15:16
(02:12:13:14:15:16), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
IEEE 802.15.4 Data, Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS
Data (78 bytes)

Now, as I understand the setup, the RZ Raven USB bridges 802.15.4
packets to the ethernet. Now when I analyze the frame it tells me that
there are three protocols in it (eth:wpan:data).

Comparing the above frame with frame 15:
15      35.561236       fe80::12:13ff:fe14:1516 ff02::1 ICMPv6  Router
advertisement

Comparing IPv6 local link and MAC address I see that the frames are
from the RZ Raven USB. The Ethernet II frame is same for the both,
while the IPv6 frame in 15 is replaced by a 802.15.4 frame in 16 (Is
this the result of 6lowpan? and if I get it right 6lowpan takes place
on RZ Raven...) and then there is a frame called data (varying bytes
in each 802.15.4 frame) which could be said to correspond to the
ICMPv6 frame. What is this data?

So, if I get it right the router daemon running on the usb0 interface
sends out daemon advertisements which are then encapsulated into
802.15.4 through 6lowpan on the RZ Raven USB - but how come wireshark
still sees this packets - for they are no longer generated on the host
pc?
Also, what is this date protocol in the 802.15.4 packet?

Please inform me
Rahul Jain