Home
/
Ubisys
/
IEEE 802.15.4 usb stic with wireshark...
/
Reference Manual

Ubisys IEEE 802.15.4 usb stic with wireshark..., Reference Manual

Share

4 pages before
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Page: 19 / 30

background image

19

www.ubisys.de



9.

Using Wireshark to Analyze Encrypted ZigBee PRO Traffic

You can use Wireshark to decrypt ZigBee PRO traffic on-the-fly. Both, secure NWK and APS frames,
can be dissected, as well as ZigBee Green Power.

To set the AES-CCM* security level according to your particular network setup, open the Preferences
for the ZigBee protocol. From the Edit menu, choose Preferences and expand the Protocols section.
Locate and

lect the appropriate security level. For example a ZigBee Home

Automation Network is going to use security level 5, which means AES-128 encryption and 32-bit
message integrity code.

Figure 12: ZigBee NWK Preferences in Wireshark

For a ZigBee home automation network, you may use the default Trust Center link key

as long as it has not

been changed via commissioning

k security setup. Notice

that the label is used to identify which key has been used by Wireshark to decode the frame.

Figure 13: Entering a ZigBee link or network key

Once you have entered the key, Wireshark is able to decrypt the Transport Key APS command.

Now, open the network for new devices, i.e. permit joining, and let a device join the network to trigger
transmission of the transport key command from the trust center to the joining device.

«
...
17
18
19
20
21
...
»

Summary of Contents for IEEE 802.15.4 usb stic with wireshark...

Page 1: ...REFERENCE MANUAL...

Page 2: ...his reference manual provides operating and maintenance instructions command references etc If you have any questions or need additional support software or drivers please visit our engineering suppor...

Page 3: ...indows 10 7 Setting the Channel for Capture Linux 11 8 Using Wireshark for IEEE 802 15 4 Captures Quick Introduction 13 9 Using Wireshark to Analyze Encrypted ZigBee PRO Traffic 19 10 Multiple Channel...

Page 4: ...n slow 8 16 bit controllers with limited RAM typically 8KB On board PHY Texas Instruments CC2520 On board meandered inverted F antenna USB 2 0 full speed device bus powered Power consumption 50mA in a...

Page 5: ...files in the driver package into any folder on your hard disk Plug the device into any spare USB port on your PC Windows will ask you for drivers Point to the path where the extracted driver package f...

Page 6: ...data captured by Wireshark In order to do so open the adapter settings via control panel network connections Figure 2 Network Connections Right up menu that appears Next make sure that all protocol li...

Page 7: ...rnel package You are also going to need the kernel sources since ubisys provides a patch to the rndis_host c driver module The community patch and accompanying shell script have both been provided by...

Page 8: ...active and rmmod to remove active modules If rndis_wlan is also loaded you have to unload it first since it depends on rndis_host lsmod sudo rmmod rndis_host It is strongly recommended that you disabl...

Page 9: ...9 www ubisys de In the interface list shown in Wireshark pick eth3 as the capture interface Tested on ubuntu 12 04 i686 Kernel 3 2 0 32 and debian 6 0 6 ppc64 Kernel 2 6 32 5...

Page 10: ...f you want to capture packets on all channels simultaneously e g to analyze frequency hopping systems In order to select the channel for capture open Windows Device Manager and right click on your ubi...

Page 11: ...e802154_options sh c 26 If you want to make sure the command has been accepted use dmesg to print the kernel message log and look out for a rndis_host message like this one 349673 652872 rndis_host ie...

Page 12: ...12 www ubisys de...

Page 13: ...ou recently installed the driver please restart the packet capture driver Winpcap first You can either restart your computer or terminate Wireshark and then run the following commands from a command p...

Page 14: ...Figure 7 Wireshark Live Capture in Progress You can select any of the captured packets while the live capture is still in progress Two detail sections are available with decoded information as well as...

Page 15: ...Detail Views Notice that the IEEE 802 15 4 frame is encapsulated in a ZEPv2 frame which is transferred via UDP IP and Ethernet RNDIS The ZEP frame includes channel number information and an LQI value...

Page 16: ...ce that this field is in CC2420 format i e the frame check sequence is not the value actually transmitted over the air Instead of the 16 bit CRC there is only one bit that determines whether the FCS w...

Page 17: ...17 www ubisys de Figure 10 Example of a ZigBee PRO Link Status Frame...

Page 18: ...bottom area of the window Figure 11 Raw Binary Packet Data Notice that Wireshark is a powerful tool with various filtering capabilities capture options etc Please refer to the Wireshark documentation...

Page 19: ...to use security level 5 which means AES 128 encryption and 32 bit message integrity code Figure 12 ZigBee NWK Preferences in Wireshark For a ZigBee home automation network you may use the default Trus...

Page 20: ...ommand to obtain the current network key In the present example the standard network key is 000102030405060708090a0b0c0d0e0f and can be added to the pre configured keys just like the Trust Center link...

Page 21: ...21 www ubisys de Figure 15 Wireshark ZigBee pre configured keys...

Page 22: ...band sixteen sticks are required which can be ordered as a bundle Additional sticks are also beneficial to mitigate the effects of multipath fading in indoor environments In this case tune more than o...

Page 23: ...e a message from node 0xc6fa at the border of wireless range Notice Simultaneous capture on multiple interfaces is inherently supported by later versions of Wireshark as shown above The information be...

Page 24: ...ties for the new connection and disable all protocols as you have done for all the individual ubisys IEEE 802 15 4 adapters You can add and remove other adapters from the group of bridged devices by a...

Page 25: ...no enterprise security software firewall or anti virus program blocks the network adapter Contact your IT department if you are uncertain Some of these applications require the IT administrator to aut...

Page 26: ...26 www ubisys de 12 Physical Dimensions Figure 20 USB Stick with on board PCB antenna...

Page 27: ...Use the specified order code for your orders Please contact ubisys support if you require any customization Case Firmware variant Product Number Order Code Black Wireshark RNDIS U0101 010110 02 9010...

Page 28: ...ompatibility Directive EMC 2006 95 EC Low Voltage Directive LVD 2002 96 EC Waste Electrical and Electronic Equipment Directive WEEE 2002 95 EC Restriction of Hazardous Substances Directive RoHS EN 300...

Page 29: ...apter 1 3 15 12 2011 Minor corrections 1 4 16 10 2012 Minor corrections Added diversity capture example and updated multiple capture interface information Conformity statement included 1 5 20 12 2012...

Page 30: ...Contact UBISYS TECHNOLOGIES GMBH HARDWARE AND SOFTWARE DESIGN ENGINEERING AND CONSULTING AM WEHRHAHN 45 40211 D SSELDORF GERMANY T 49 211 54 21 55 00 F 49 211 54 21 55 99 www ubisys de info ubisys de...

Reviews:

No comments

Related manuals for IEEE 802.15.4 usb stic with wireshark...

Brand: Sangoma Pages: 6

Armor 101 Series

Brand: Lochinvar Pages: 28

Armor 101 Series

Brand: Lochinvar Pages: 44

EXPANSION CARD X-DANTE

Brand: Behringer Pages: 65

Brand: IOtech Pages: 16

NI WLS/ENET-9163

Brand: National Instruments Pages: 36

IntroSpect Analyzer 2 Series

Brand: Aruba Pages: 5

RocketCache 3240X8

Brand: HighPoint Pages: 17

Brand: Dataprobe Pages: 16

Brand: Xilinx Pages: 27

Brand: uneron Pages: 13

Brand: Xcellon Pages: 24

Brand: Magewell Pages: 10

Brand: Z3 Technology Pages: 18

Brand: Keithley Pages: 108

Brand: Renesas Pages: 4

Brand: ADLINK Technology Pages: 86

Brand: Allen-Bradley Pages: 76

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands