How to extract 802.15.4 frames and higher layers?
802.15.4 frames delivered to Wireshark contains several layers (from Ethernet to ZEP) required only for transportation. In case that you want to get raw 802.15.4 frames you may use editcap command line tool included in the Wireshark package.
Syntax is following (remove first 74 bytes of each packet)
\Wireshark\editcap -T wpan -F libpcap -C 74 original.pcapng extracted.pcap
Wireshark crashes after ZEPv3 plugin installation. Which Wireshark version should I use ?
There are several ranches of Wireshark distribution. You are free to use an arbitrary branch of Wireshark.
If you want to use our ZEPv3 plugin which brings additional info such as precise timestamp, channel and band info you need to use the Wireshark 1.12.x. ZEPv3 for latest Wireshark branch will be released soon. Here one can find more info among Wireshark branches: https://www.wireshark.org/docs/relnotes/ .
I can’t connect to the Open Sniffer web interface
1) Please check your power cable and Ethernet cable. LEDs within Ethernet socket should blink. If you are using retractable cable from the kit package use it always in unrolled state. This cable is not really Ethernet compliant, so you should use proper Ethernet cable instead.
2 ) Check the IP host settings, if you are not sure about the configuration do the RESET procedure in order to get sniffer’s default configuration.
How can I encrypt Zigbee packets in Wireshark?
Zigbee Network key can be set in the Wireshark menu Edit -> Preferences -> Protocols -> Zigbee NWK.
The key should be 16 bytes long and it is written in XX:XX:XX:… format, where XX is one byte in hex notation.
How can I find a firmware version?
Firmware version is written at the bottom of Open Sniffer home page.
Wireshark 1.12.x under Win8
Some users report problems with freezing graphical interface with Wireshark 1.12.x under Win8. Workaround for this case is “scroll-down” with mouse wheel which typically refresh the GUI or use Wireshark branch 1.10.x where no such issues were reported.