UWB SNIFFER INSTALLATION

PACKET ANALYZER FOR 802.15.4a UWB TECHNOLOGY

1) Hook up cables to UWB Sniffer

Connect ethernet cable and power cable to UWB Sniffer as it is depicted in picture below.

uwb_sniffer_connection

2) Setting TCP/IP at the host side

In this section we are going to adjust TCP/IP settings at PC host in order to be able to communicate with the UWB Sniffer device.

Parameter Value
DHCP server OFF
Filter 802.15.4 frames with bad CRC OFF
IP address 10.10.10.2
Network mask 255.255.255.0
Gateway address 10.10.10.1
Remote Host IP address 10.10.10.1
Remote Host port 17754

Host’s IP address must be within the same network scope as the UWB Sniffer device. Set host IP to 10.10.10.1 and network mask to 255.255.255.0. This can be done via “Network and Sharing Center” in Windows. Press CTRL+R and type “ncpa.cpl” Enter. Then you need to select network interface, where you have attached the sniffer and set IP and network address.

network_settings_windows

3) Connect to the UWB Sniffer homepage

Now, point a browser to sniffer’s home address http://10.10.10.2, homepage should appear.

uwb_sniffer_homepage

UWB Sniffer acts as a probe which capturing 802.15.4 frames and forwards them to a remote host computer. In order to be able to work with those frames Wireshark software is used.

1) Wireshark installation

Download, install and run Wireshark. Please select the latest stable vesrion appropriate for your operating system and architecture.

2) Start Wireshark capture

Select the ethernet interface (linked to UWB Sniffer) from the available capture interfaces and start capturing frames.

wireshark_startcapture

Wireshark implicitly shows all frames from wired and wireless networks delivered to the selected interface. Therefore, it is useful to apply 802.15.4 filter which is referred as “wpan”.

wireshark_wpan

3) Start UWB Sniffer

Now the host side is ready and you need to start UWB Sniffer via web interface. Point the browser to sniffer’s IP address and press RUN. How to change sniffer’s channel and other params can be found here.

uwb_sniffer_RUN

4) Let’s sniff some communication

Sniff your own UWB hardware or download our captured file.

uwb_sniffer_decawave

Adjusting Wireshark for 802.15.4 networks

In the part two you have ended with some data captured and delivered to Wirehark. You may download the sample file uwb_twr_demo.

1) Wireshark columns

Wireshark has default columns settings for wired Ethernet network, see picture below.

uwb_sniffer_wireshark_default

Columns are defined for the default Wireshark profile as follows:

Column name Description
No. Frame number counted from the start of capture in Wireshark. This is NOT number of a frame received from UWB Sniffer. It includes all packets (wired&wireless) delivered to the host’s ethernet interface
Time Ethernet timestamp of the frame assigned by the operating system. This is NOT precise timestamp from UWB Sniffer.
Source Source Address
Destination Destination Address
Protocol Protocol
Length Length of entire Ethernet frame including transportation overhead. This is NOT length of 802.15.4 frame
Info Protocol details

 

From the table above it is obvious the default column settings are not associated with 802.15.4. Therefore, user can adjust them to the 802.15.4 frame info. Let’s refresh the encapsulation scheme for each 802.15.4 frame delivered to the host (see picture below). While the grey colored protocols are used only to transport the 802.15.4 frame through a network infrastructure, the ZEP – Zigbee Encapsulated Protocol carries all the important information such as sequence number, timestamp or channel number related to the every 802.15.4 captured by the UWB Sniffer device.

uwb_sniffer_com_scheme

2) Install ZEPv3 plugin

Although, Wireshark natively contains ZEP protocol v2, we have developed ZEPv3 which is backwards compatible. It brings additional information related to band, channel page and precise timestamp information.
In case that additional information are not interesting for you, you may skip installation of this plugin.

  1. Download ZEPv3 plugin here: Win_x86, Win_64
  2. Extract and copy plugin to the Wireshark plugin folder.
    Windows c:\Program Files\Wireshark\plugins\1.x.x\,
    Linux /usr/local/lib/wireshark/plugins/1.x.x/.
  3. Start Wireshark. menu Analyze -> Enabled Protocols (CTRL+SHIFT+E)
  4. Uncheck ZEP, check ZEPv3
  5. Apply, OK.
  6. If frames are not decoded with ZEPv3 go to menu Analyze -> Decode as -> ZEPv3 -> Apply, OK.

 

ZEPv3 contains fields depicted in picture below:

zepv3_fields

Zepv3 Field description
zepv3.version zep version
zepv3.type type of packet
zepv3.channel_id channel number
zepv3.device_id unique ID of the sniffer, based on MAC address
zepv3_lqi_mode LQI/CRC either LQI is send to Wireshark or CRC value
zepv3.lqi LQI value, not used in UWB Sniffer
zepv3.time Time elapsed since sniffing was started at UWB Sniffer
zepv3.reltime Relative time since sniffing was started at UWB Sniffer
zepv3.abstime Absolute time converted to host timezone
zepv3.difftime Differential time among packets
zepv3.seqno Sequence number of packet send from UWB Sniffer
zepv3.band IEEE 802.15.4 frequency band
zepv3.chanpage IEEE 802.15.4 channel page
zepv3.length IEEE 802.15.4 frame length

3) Adjusting Wireshark columns to 802.15.4 frame

Note: The procedure below describes how to adapt Wireshark columns to 802.15.4 frames. You may skip this section if you are satisfied with default settings.

Adjusting columns procedure:

  1. Right click on the columns header
  2. Select Column Preferences
  3. Adjust columns to 802.15.4

uwb_sniffer_wireshark_columns

wireskhark_columns

Adjusted Wireshark columns should seems like this:

uwb_sniffer_wireshark_final

Further reading

Wireshark is an extensive and powerful tool. We advise you to read its documentation page. It contains not only Wireshark itself but also several command line tools such editcap, mergecap, tshark, dumpcap etc. which might be useful where non trivial task are needed.

You may continue to read about UWB Sniffer Configuration.