Getting Started

Installation

  1. Install Wireshark 3.0.x stable release.

    1. Download Wireshark installer from: https://www.wireshark.org/#download
    2. Install Wireshark to default location (Depending on platform this will be either C:\Program Files (x86)\Wireshark or C:\Program Files\Wireshark).

    Note

    It is important that Wireshark 3.0.x version is used. Older Wireshark versions may not be compatible.

  2. Install TI Uniflash Flash programming tool used to program the capture devices. This tool can be downloaded from: https://processors.wiki.ti.com/index.php/Category:CCS_UniFlash

  3. Install SmartRF Packet Sniffer 2 to default location.

    Note

    Wireshark (step 1) should be installed before SmartRF Packet Sniffer 2. The SmartRF Packet Sniffer 2 installer will copy dissector plugins to Wireshark if Wireshark is installed on the default installation path.

Hardware Setup

Required Hardware

The packet sniffer firmware supports the following hardware:

For IEEE 802.15.4ge - sub 1 GHz (15.4 Stack), RF proprietary and EasyLink protocols:

  • CC1312R LaunchPad (LAUNCHXL-CC1312R1 with chip revision E/2.1) or,
  • CC1352R LaunchPad (LAUNCHXL-CC1352R1 with chip revision E/2.1) or,
  • CC1352P LaunchPad (LAUNCHXL-CC1352P1 or LAUNCHXL-CC1352P-2 with chip revision E/2.1) or,
  • CC1310 LaunchPad (LAUNCHXL-CC1310 with chip revision B/2.1 or later) or,
  • CC1350 LaunchPad (LAUNCHXL-CC1350 with chip revision B/2.1 or later).

For IEEE 802.15.4 - 2.4 GHz:

  • CC1352R LaunchPad (LAUNCHXL-CC1352R1 with chip revision E/2.1) or,
  • CC1352P LaunchPad (LAUNCHXL-CC1352P1 or LAUNCHXL-CC1352P-2 with chip revision E/2.1) or,
  • CC2650 LaunchPad (LAUNCHXL-CC2650 with chip revision C/2.2 or later) or,
  • CC2652R1 LaunchPad (LAUNCHXL-CC26X2R1 chip revision E/2.1).
  • CC2652RB LaunchPad (LAUNCHXL-CC26X2RB chip revision E/2.1).

For Bluetooth Low Energy:

  • CC1352R LaunchPad (LAUNCHXL-CC1352R1 with chip revision E/2.1) or,
  • CC1352P LaunchPad (LAUNCHXL-CC1352P1 or LAUNCHXL-CC1352P-2 with chip revision E/2.1) or,
  • CC2652R1 LaunchPad (LAUNCHXL-CC26X2R1 chip revision E/2.1).
  • CC2652RB LaunchPad (LAUNCHXL-CC26X2RB chip revision E/2.1).

Setup

The LaunchPad board must be programmed with packet sniffer firmware before it can be used as sniffer device. There is one firmware image for each hardware board located under <install_path>\sniffer_fw\bin (The default installation path is C:\Program Files (x86)\Texas Instruments\SmartRF Tools\SmartRF Packet Sniffer 2).

An overview of the different sniffer firmware images and what they support can be found in the Packet Sniffer Firmware section.

Perform the following steps to program the LaunchPad board with Sniffer firmware:

  1. Connect the LaunchPad board to the PC with a USB cable.

  2. Start Uniflash. See Fig. 1.

  3. The connected device should now be shown under ‘Detected Devices‘. Click Start.

    Note

    If the device is not shown under ‘Detected Devices‘ choose your device type from the list under ‘New Configuration‘. Then click Start.

  4. Browse to correct flash image under <install_path>\SmartRF Packet Sniffer 2\sniffer_fw\bin.

  5. Click Load Image.

../_images/uniflash.png

Fig. 1 Uniflash flash programmer

Software Setup

SmartRF Sniffer Agent Setup

The SmartRF Sniffer Agent can transfer data to Wireshark in the following ways:

  • Pipe (recommended): Data is sent to Wireshark on the local machine (Vista/Windows 7 or higher only).
  • Socket (stand-alone mode): Data is sent to the Microsoft Loopback Adapter with Wireshark running on the local machine.
  • Socket (remote mode): Data is sent to Wireshark on another machine or the local machine using the network adapter.
  • File: Data is sent to a PCAP file that can later be opened in Wireshark.

The following guide demonstrates how to use pipe for data transfer with Windows 7 or Windows 10. For more details consult the SmartRF Sniffer Agent readme file located in <install_path>\sniffer_agent.

  1. Start SmartRF Sniffer Agent.

  2. Select Options -> Data Out. Check ‘Use Pipe’, and click OK as shown in Fig. 2.

    ../_images/sniffer_agent_pipe.png

    Fig. 2 Use Pipe

  3. Press the Device Configuration button. Select a sniffer device. Then click the Configuration button and select protocol, PHY setting and frequency band as shown in Fig. 3. Select channel or frequency (The frequency input is enabled only for the Generic settings). Then press Ok.

    ../_images/sniffer_agent_device_config.png

    Fig. 3 Device Configuration

    For BLE protocol see also the section Configuration for Bluetooth Low Energy.

  4. Press Start All. The incoming data indicator becomes green and the outgoing data indicator becomes blue. The program icon is blue.

  5. Create a new Wireshark desktop shortcut. Then modify the Target setting of the new shortcut: Add -i\\.\pipe\tiwspc_data -k to the end as shown in Fig. 4.

    Example target entry: C:\<path>\wireshark.exe" -i\\.\pipe\tiwspc_data -k

    ../_images/wireshark_shortcut.png

    Fig. 4 Shortcut Properties

  6. Run Wireshark from the new shortcut.

Wireshark now shows the captured data and the Sniffer Agent icon turns green. The Sniffer Agent encapsulates all packets in UDP/IP and the packets sent to UDP port 17760 indicate TI RPI (Radio Packet Info) packets.

Configuration for Bluetooth Low Energy

For BLE, the advertising channel (37, 38 or 39) must be selected.

../_images/ble_configuration.png

Fig. 5 BLE Configuration

The capture device can be configured to follow a data connection between a specific Bluetooth Low Energy Master (Initiator) and Slave device. In the ‘Radio Options’ dialog and under ‘BLE Settings’, click the checkbox next to ‘Connect to Initiator Address’ and write the address of the Initiator (Master) device. If this option is not selected, the capture device will start to follow the first data connection that appears on the selected advertising channel.

Decryption of encrypted data is not supported. The BLE sniffer will not update the connection parameters if a connection parameter update request (or similar requests) is sent over an encrypted connection. As a consequence, the sniffer will either disconnect or loose packets.

Wireshark Dissector Setup

1. Open Wireshark and verify that the plugins are installed. Go to Help->About Wireshark and click the Plugins tab. The dissector plugin files

  • ti802154ge-x(86/64)-2x.dll,
  • tirpi-x(86/64)-2x.dll and
  • ti-ble-packet-info-x(86/64)-2x.dll

shall all be listed as shown in Fig. 6.

../_images/wireshark_plugins.png

Fig. 6 Wireshark Plugins

Note

If the three TI dissector plugins (ti802154ge-x(86/64)-2x.dll, tirpi-x(86/64)-2x.dll and ti-ble-packet-info-(x86/64)-2x.dll) are not shown , try one of the following:

  • verify that Wireshark are installed at default location and then run the SmartRF Packet Sniffer 2 installer again, or
  • copy the plugin files manually from SmartRF Packet Sniffer 2 install location (<install_dir>\wireshark\plugins\3.0.x) to Wireshark plugins folder (<wireshark_install_dir>\plugins\3.0\epan). Use the x86 version of plugins if you have a 32 bits installation of Wireshark or the x64 if you have a 64 bits version of Wireshark installed.

TI IEEE 802.15.4ge dissector

If you are using IEEE 802.15.4ge at sub-1 GHz frequency the TI IEEE 802.15.4ge dissector will be used. The following section describe how to configure the dissector for decrypting encrypted SimpleLink 15.4 data packets.

IEEE 802.15.4 dissector

If you are using IEEE 802.15.4 at 2.4 GHz frequency the built-in IEEE 802.15.4 dissector in Wireshark will be used.

To configure the built-in IEEE 802.15.4 dissector navigate to Edit ->Preference in Wireshark. The expand Protocols and select IEEE 802.15.4. Make sure that TI CC24xx FCS format is left unchecked. If you use secured packets, add a decryption key and static address pairings (for pairing short address and PAN-ID with long addresses for decryption)

../_images/ieee802.15.4_dissector.png

Fig. 9 IEEE 802.15.4 dissector

Bluetooth Low Energy dissector

For Bluetooth Low Energy the built-in Bluetooth LE dissector in Wireshark will be used. No configuration is required for this dissector.

Wireshark Usage

Wireshark Packet Display

Fig. 10 below shows the packet display in Wireshark. In this case a ZigBee data packet is displayed. Each packet sent from the SmartRF Sniffer Agent to Wireshark is encapsulated in a UDP/IP packet. The UDP/IP packet info can be ignored. The IEEE 802.15.4 packet is encapsulated in TI Radio Packet Info which displays meta information about each packet:

  • Interface type and ID the packet was captured from
  • Frequency
  • Channel (depending on protocol)
  • PHY description
  • Signal Strength of the packet (RSSI value in dBm)
  • Frame Check (CRC) status

The packet information can be expanded to see more information on each layer.

../_images/wireshark_packet_display.png

Fig. 10 Wireshark Packet Display

Packet Filter

In Wireshark you can filter the packet display on a certain packet attribute.

  1. Right click on the selected packet attribute.
  2. Choose Apply as Filter, and then Selected as shown in Fig. 11.
../_images/wireshark_packet_filter.png

Fig. 11 Packet Filter Selection

You can also edit the filter text box above the packet display as shown in Fig. 12.

../_images/wireshark_packet_filter_textbox.png

Fig. 12 Filter Textbox

The attribute name of any field in a packet and the description of the attribute can be seen at the bottom of the screen below the raw packet data viewer as shown in Fig. 13.

../_images/wireshark_filter_attribute.png

Fig. 13 Get Attribute Name

Troubleshooting

SmartRF Sniffer Agent Troubleshooting

  • If SmartRF Sniffer Agent does not detect any sniffer devices, make sure the connected sniffer hardware is programmed with one of sniffer firmware images and connected to the PC with a USB cable.
  • If a Data Buffer Overflow occurs the SmartRF Sniffer Agent program cannot get data fast enough from the device. Try any or all of the following: Reduce CPU load, network traffic and disk load from other programs on the host PC, or reduce the number of capture devices.
  • If Wireshark reports corrupted memory or throws an assertion and exists this is a Wireshark issue. The SmartRF Sniffer Agent can deliver more messages in short period of time than Wireshark can handle. Try to reduce the number of sniffer devices to reduce the data flow to Wireshark. Alternatively, configure the SmartRF Sniffer Agent packet limit option for the selected data output method. When this limit is reached, SmartRF Sniffer Agent automatically stops the data capture.

Wireshark Dissector Troubleshooting

  • If Wireshark shows the error in Fig. 14 during startup, the 64-bits plugin is installed but you use 32-bits Wireshark. Repeat the instructions in the section ‘Wireshark Dissector Setup’.
../_images/wireshark_dll_load_error.png

Fig. 14 Wireshark Plugin Error

  • If there are errors when Wireshark is opened, for example an error similar to shown in Fig. 15, this may indicate that the installed plugins is for an incompatible version of Wireshark. Check Wireshark version under Help -> About Wireshark and verify that the version number is correct. The dissector plugins are not backwards compatible.
../_images/wireshark_startup_error.png

Fig. 15 Wireshark Startup Error