Home arrow Blog arrow News arrow Wireshark - Open Source Zigbee/802.15.4 Protocol Analyzer
Wireshark - Open Source Zigbee/802.15.4 Protocol Analyzer | Print |
Written by Akiba   
Thursday, 27 March 2008
Engineers that have worked with Ethernet and TCP/IP are probably familiar with Wireshark and libpcap/winpcap .  WinPCAP is a widely used open source (GPL)  library that allows applications to transmit and capture ethernet packets by bypassing the OS protocol stack. Wireshark was formerly called Ethereal and is an Ethernet and TCP/IP open source protocol analyzer based on libpcap/winpcap. It was originally written by Gerald Coombs when he was looking for a way to capture and analyze Ethernet packets. Thus was born Ethereal. He later left his job but his employer continued to hold on to the trademark of the Ethereal name (boo...). Instead of fighting for the trademark, he forked the project and called it Wireshark. Development on Ethereal has since ceased (duh... source code is useless without someone maintaining and supporting it) and Wireshark is flourishing. So much so, that it's tough for commercial vendors to sell ethernet protocol analyzers any more since Wireshark covers most of the needed features. But I'm not here to talk to you about ethernet...

Turns out that there's a company called Exegin that offers a plugin for Wireshark that allows it to decode 802.15.4 and Zigbee frames as well. The project is open-source under the GPL license agreement and can be downloaded here . In its current form, the software expects an Exegin board to provide it with data and sends it to the PC via Ethernet. On their website, they encourage hacking the source code, especially if you want to decode a non-standard Zigbee profile.

Since the interface uses Ethernet and TCP/IP, you can actually remotely debug a Zigbee network as well which leads to some interesting possibilities. I'll let your imagination run wild on the potential applications, but I already have my own mad scientist schemes going on in my head with the ability to remotely analyze a Zigbee network.

Hits: 11135
Trackback(0)
Comments (4)Add Comment
It just works with the board?
written by Leonardo, April 29, 2008
Hi, I was wondering if this product works only with the specific board mentioned...
thanks
report abuse
vote down
vote up
Votes: +0
...
written by Akiba, April 29, 2008
As far as I know, it only works with the Exegin board. However the software is open source so theoretically, you can download it and try to port it to a different board. I'm not sure how much effort it would take though, since I haven't taken a look at the source code yet.
report abuse
vote down
vote up
Votes: +0
The 15.4 Probe Ethernet Wireshark thing?
written by EG, February 26, 2010
Hi,

Anyone knows how it works? Does the Exegin probe send 802.15.4 frames in IP packets to the host running Wireshark, or does it send 15.4 frames with Ethernet headers added? In that case, does Wireshark recognize a custom IP Protocol header (or a new EtherType)?

…does it send raw 15.4 frames (I don’t think so)?

Any hint is welcome!
report abuse
vote down
vote up
Votes: -1
...
written by Akiba, March 01, 2010
You'll probably need to ask the guys from Exegin. I believe there is some data added to make it work with Wireshark, but it should be documented and fairly identifiable. Other than that, not too much information. I'm hopefully going to be working with it soon so I'll have more info at that time.
report abuse
vote down
vote up
Votes: +0

Write comment

busy
  No Comments.

Discuss...
< Prev   Next >