如何使用免费的Wireshark做Zigbee Sniffer抓包工具?

对于开发无线标准协议相关的产品的来说,在实际开发过程中常常需要通过分析空中交互的数据包来分析问题,调试程序。对Zigbee相关产品的开发当然也不例外。

之前在选择TI的Zigbee芯片( CC2530/CC2531/CC2538/CC2630/CC2650/CC2652R )进行产品开发时,我们一般推荐两个抓包工具,一个是TI开发的免费抓包工具Packet Sniffer,另外一个是第三方公司Ubilogix开发的付费软件Ubiqua Packet Analyzer。对于第一个来说,优点是免费的,缺点是对Zigbee协议的解析并不好,没办法具体解析到数据包中每个字节,每个位,另外也没办法对加密的数据包进行解密分析,用户开发产品中如果使用了加密的话,使用起来非常的不方便。对于第二个软件Ubiqua Packet Analyzer来说,优点显而易见,来自一家专业做抓包工具的公司,该软件堪称Zigbee抓包工具中做的最好的一个(没有之一),除了能够完成Zigbee协议的完美解析以外,还有其他的功能可能使用。不太完美的一点是它是一个付费软件,每年需要付一定的license费用。

所以我们也一直在寻找一款既能够完成Zigbee协议数据报文解析,包括MAC,NWK, APS, ZCL等不同层次,又可以对加密数据包进行解密,而且是一款免费的工具。下面我们将介绍使用免费的Wireshark工具完成对Zigbee协议的解析。当然如果工程师想要最求最完美的Zigbee数据包解析效果,还是需要购买Ubiqua Packet Analyzer软件。

(1) Wireshark + CC2531 USB Dongle

  1. 1.       Required Hardware

  1. 2.       Install the Required Software

  1. 3.       Hardware Setup

  • Connect CC Debugger(JTAG) to CC2531 USB Dongle via DEBUG connector.
  • Plug-in the CC2531 USB Dongle to PC USB port for power on the device.
  • Plug-in the CC Debugger USB to PC USB port.
  • Open the SmartRF Flash Programmer and choose the sniffer_fw_cc2531.hex and download to CC2531 USB Dongle. The sniffer_fw_cc2531.hex file located at C:\Program Files (x86)\Texas Instruments\SmartRF Tools\Packet Sniffer\bin\general\firmware

  1. 4.       Running the Packet Sniffer

  • Connect your sniffing hardware CC2531 USB Dongle to your PC via USB port.
  • Start TiWsPc and select Device Configuration

  • Select your IEEE channel to sniff and Click Start

  • If your TiWsPc looks like this, you are ready to set up Wireshark

  • Create a new Desktop shortcut for Wireshark and add the following to the path: -i\\.\pipe\tiwspc_data –k  

This will set up the Pipe that sends data from Sniffer Agent into Wireshark.

 

  • Open Wireshark and you will the TiWsPc looks like this.

  • In Wireshark, go to Edit > Preferences > Protocols > Zigbee add the Zigbee TC Link Key “5a6967426565416c6c69616e63653039”

  • You will see Wireshark sniffing Zigbee data in the setting channel as below.

 

(2) Wireshark + CC2650/CC2652R LaunchPad

  1. 1.       Required Hardware

  1. 2.       Install the Required Software

  1. 3.       Hardware Setup

  • Connect the CC2650/CC2652RLP to the computer and determine the correct COM Port for your LaunchPad. It will be the “XDS110 Class Application/User UART” port for your device, you can determine this in Windows by going to Device Manager > Ports
  • If necessary, program your relevant sniffer hardware.
    • For CC2650/CC2652LP, use sniffer_fw_15_4.hex at C:\Program Files (x86)\Texas Instruments \SmartRF Tools\SmartRF Packet Sniffer 2\sniffer_fw\bin\{your_device}}\15.4 and UniFlash.

  1. 4.       Running the Packet Sniffer

  • Connect your sniffing hardware to your PC.
  • Start SmartRF Packet Sniffer 2 Sniffer Agent and select Device Configuration

  • Select your IEEE channel to sniff

  • If your Sniffer Agent looks like this, you are ready to set up Wireshark:

  • Add the TI 15.4 Wireshark Dissector to Wireshark (assuming x64 installation)

Navigate to C:\Program Files (x86)\Texas Instruments\SmartRF Tools\ SmartRF Packet Sniffer 2\wireshark\plugins\2.4.x\ and copy ti802154ge-x64-2x.dll and tirpi-x64-2x.dll to C:\Program Files\Wireshark\plugins\2.4.3\

  • Open Wireshark go to Edit > Preferences > Protocols > Zigbee add the Zigbee TC Link Key

5a6967426565416c6c69616e63653039

  • Close Wireshark and create a new Desktop shortcut for Wireshark and add the following to the path: -i\\.\pipe\tiwspc_data -k

This will set up the Pipe that sends data from Sniffer Agent into Wireshark

  • Open Wireshark with the new shortcut and you will see Wireshark sniffing Zigbee data.

 

 此帖子为Victor Xu 所写,有问题可以私信我或者在下面留言。

Thanks

15 个回复