How to use Wireshark to capture and analyze Zigbee
Click on the upper left corner
“关注”to update Zigbee's latest information regularly, there is always the information you want!
1 Overview
There are currently three Zigbee packet capture tools on the market, namely TI’s official " Packet Sniffer" , "Ubiqua" and "Wireshark" . Let's talk about these three packet capture tools separately below.
(1) Packet Sniffer
packet capture software: Packet Sniffer 2.18.1
Packet capture hardware: SmartRF05EB+CC2530, CC2531 Dongle
Packet Sniffer is TI’s official packet capture tool, which can be used for simple packet capture analysis. The data packet cannot be parsed automatically, but the data is simply processed in layers, and the user needs to parse the data packet according to the Zigbee protocol. And unable to parse encrypted data packets, it is the most difficult to use among the three tools.
(2) Ubiqua
packet capture software: Ubiqua
packet capture hardware: CC2531 Dongle
Ubiqua's packet capture function is very powerful, which can be said to be the best among these three tools. It can parse Zigbee's various clusters and commands; support the resolution of the latest Zigbee 3.0 protocol commands; support filtering data packet display; by setting "TC LINK KEY" and "NWK KEY", you can analyze encrypted data packets; The topology of the Zigbee network is graphical!
but! Ubiqua software is not free, it costs $65 USD per month, which is 435 yuan per month. This is really a bit unaffordable for individuals to develop Zigbee. Although the new account can try ubiqua for 21 days, and after 21 days expire, you can register another account and continue to use it for 21 days, but the trial account can only grab 1000 pieces of data at a time, and you must clear the data after 1000 pieces of data to continue. Grabbing data will still cause inconvenience to R&D. So I still highly recommend the following software, Wireshark.
(3) WireShark
packet capture software: TiWsPc/SmartRF Packet Sniffer 2
Analysis software: WireShark
packet capture hardware: CC2531/CC1352R/CC1352P/CC2650/CC2652R1
Why are there divided into packet capture software and analysis software? Because Wireshark itself is just an artifact that analyzes various protocols, it needs to cooperate with packet capture software to capture Zigbee data packets, and then send the data packets to Wireshark in real time for analysis. Wireshark's analysis function is also very powerful. Compared with Ubiqua, it only lacks the function of graphical network topology. It can parse Zigbee's various Clusters and commands; supports the analysis of the latest Zigbee 3.0 protocol commands; by setting "TC LINK KEY" and "NWK KEY", it can parse encrypted data packets; and Wireshark has a stronger ability to filter data packets than Ubiqua Many also support the function of coloring and distinguishing data packets for a certain parameter.
2. How to install and use Wireshark
Next, the article mainly explains the following points in detail:
(1) Step by step teach you how to install the CC2531 packet capture software "TiWsPc" correctly to avoid the situation that Wireshark cannot search for the local interface.
(2) Teach you how to correctly configure the CC2531/CC1352R/CC1352P/CC2650/CC2652R1 packet capture software "SmartRF Packet Sniffer 2".
(3) How to use Wireshark to parse "encrypted packets".
(4) How to use Wireshark's "filter coloring" function to color and distinguish data packets, which is convenient for developers to analyze.
(5) How to use the "filter packet function" to filter data packets.
(6) Explain the contents of the Zigbee data packet on the right side of Wireshark.
GitChat article link ( click the picture below ): Scan the QR code in the picture on WeChat to get a free reading quota. The quota is limited, first come first served!
