Packet Sniffer¶

Install the Required Software¶

1. Install the CC13x0 SimpleLink SDK. This SDK installs:

   • TiWsPc2 at

     C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\TiWsPc2
     

   • .DLL files at

     C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\tiwsds\plugins
     

2. Install the 2.0.x stable Wireshark release from https://www.wireshark.org/#download. The architecture version downloaded (64-bit vs 32-bit) effects which plug-in to install.

   Note

   The latest Wireshark version is not compatible, only use v2.0.x.

3. Run the Wireshark installer as administrator. If this step is not done and a previous Wireshark version is installed, the installer can fail with the message: Error opening the file for writing: C:\ProgramFiles\Wireshark\uninstall.exe

4. Download SmartRF Flash Programmer 2 from https://www.ti.com/tool/flash-programmer and install it. This tool is used to program firmware for the packet sniffer device.

Required Hardware¶

Either of the following boards can be used as packet sniffer device:

• CC1350 Launchpad with chip revision 2.1 or later (LAUNCHXL-CC1350).
• CC1310 Launchpad with chip revision 2.1 or later (LAUNCHXL-CC1310).

Setup¶

The Launchpad board must be programmed with the correct firmware before it can be used as packet sniffer. The firmware image to use depends on the frequency band and TI-Stack PHY mode. See Table 1‑1 below.

The firmware can be programmed with SmartRF Flash Programmer 2.

Perform the following steps to program the Launchpad board with sniffer firmware:

1. Connect the Launchpad board to the PC with a USB cable.

2. Start SmartRF Flash Programmer 2. See Figure 63. below.

3. Select the CC1350/CC1310 device in the list of connected devices at left side.

4. In the Main tab browse to the correct sniffer firmware image depending on your TI 15.4-Stack configuration (See Table 19.). The sniffer firmware images are located with the SimpleLink CC13x0 SDK installation in the folder

   C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\TiWsPc2\sniffer_fw\bin.
   

5. Make sure that Erase, Program and Verify are checked. Then click the ‘Play’ button at the lower right side in the Main tab to initiate the programming.

   

   Figure 63. SmartRF Flash Programmer 2

For more information about the sniffer firmware, please see the documentation found in the sniffer_fw/docs folder located with the TiWsPc2 installation.

Texas Instruments Wireshark Packet Converter 2 Setup¶

The following are ways to transfer data from Texas Instruments Wireshark Packet Converter 2 (TiWsPc2) to Wireshark:

• Pipe – (recommended): data is sent to Wireshark on the local machine. (Vista/Windows 7 or higher only)
• Socket – (stand-alone mode): data is sent to the Microsoft Loopback Adapter with Wireshark running on the local machine.
• Socket – (remote mode): data is sent to Wireshark on another machine or the local machine using the network adapter.
• File – data is sent to a PCAP file that can be opened in Wireshark.

The following guide demonstrates how to use the pipe solution with Windows 7. More advanced users might want to try a socket; for more details, consult the TiWsPc2 README for instructions.

1. Run TiWsPc2.

2. When the TiWsPc2 opens and prompts to select a device family, select TIMAC/TI 802.15.4ge.

3. Select Data → Data Out, check Use Pipe, and click Ok as shown in Figure 64..

   

   Figure 64. Use Pipe

4. Press the Device Configuration button. Select a sniffer device, frequency band and channel to use, then press Done. (Make sure that the sniffer firmware that matches the selected frequency band is programmed on the sniffer device. See Table 19.).

5. Press Start All; incoming data goes green, and outgoing turns blue. The TiWsPc2 icon is blue.

6. Create a new Wireshark desktop shortcut, modifying the target by adding -i\\.\pipe\tiwspc_data -k to the end, as shown in Figure 65..

   Example target entry: C:\<path>\wireshark.exe" -i\\.pipe\tiwspc_data –k

   

   Figure 65. Shortcut Properties

7. Run Wireshark from the new shortcut, which opens the other end of the pipe.

   Wireshark now shows captured data (packets sent to UDP address 17757 indicate TI 802.15.4GE packets, now set up the dissector to enable detailed dissection of this protocol), and the TiWsPc2 turns green.

Wireshark Dissector Setup¶

1. Check which architecture version (32-bit or 64-bit) of Wireshark was downloaded. Follow Step 2 according to that choice before going to Step 3.

2. For 32-bit: Copy ti802154ge-x86-2x.dll

   From: .. parsed-literal:: none

   C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\tiwsds\plugins

   To:

   C:\Program Files (x86)\Wireshark\plugins\2.0.x (x can be any number)

   For 64-bit: Copy ti802154ge-x64-2x.dll

   From: .. parsed-literal:: none

   C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\tiwsds\plugins

   To:

   C:\Program Files\Wireshark\plugins\2.0.x (x can be any number)

3. Open Wireshark, and check that the plug-in is installed by going to Help->About Wireshark and clicking the Plugins tab. The ti802154ge-x (32/64)-2x.dll file is listed, as shown in Figure 66..

   If so, the plugin is installed and receives packets from TiWsPc2. If not, see the following for troubleshooting.

   

   Figure 66. Wireshark Plugin

4. If using TiWsPc2, navigate to Edit → Preferences and select Protocols → TI 802.15.4GE under the left- hand menu. The first two checkboxes must be checked, as shown in Figure 67..

   

   Figure 67. Wireshark Preferences

   Additionally, to use secured packets, add a decryption key and static address pairings (for pairing short address and PAN-IDs with long addresses for decryption)

TiWsPc2 Troubleshooting¶

• If a Communication error occurs when a device is started, try power-cycling the sniffer hardware to correct the issue.
• If a Data Buffer Overflow occurs, the TiWsPc2 program cannot get the data fast enough from the device. Try any or all of the following: reduce CPU load, network traffic, and disk load from other programs, or reduce the number of capturing devices.
• If Wireshark reports corrupted memory or throws an assertion and exits, this is a Wireshark issue; TiWsPc2 can deliver more messages in a short period of time than Wireshark can handle. Try reducing the number of sniffer device options in use, to reduce the flow to Wireshark using the file data out. Alternatively, configure the TiWsPc2 packet limit option for the selected data output method. When this limit is reached, TiWsPc2 automatically stops the current data capture.

Wireshark Dissector Troubleshooting¶

• If after installing Wireshark, the error shown in Figure 71. appears, a 64-bit plugin is installed, but you are using 32-bit Wireshark. To debug, repeat Steps 1 and 2 Wireshark Dissector Setup.

  

  Figure 71. Wireshark Plugin Error

• If after starting Wireshark, the error shown in Figure 72. appears, delete one of the two TI 802.15.4ge plug-ins in the Wireshark plug-ins folder

  

  Figure 72. Wireshark Debug Error

• When opening Wireshark, you may get an error that opens a command prompt from the Wireshark Debug Console and reads Err Field (abbrev=’Frame Length’) does not have a name, and Press any key to exit. Alternatively, you may get a message that reads The procedure entry point ep_alloc could not be located in the dynamic link library libwireshark.dll. These start-up errors indicate that the installed plug-in is for an incompatible version of Wireshark. Check this by going to Help → About Wireshark, and check that the version number is 2.0.x. If the version number is not 2.0.x., download and install a 2.0.x release, because the plug-in is not backwards-compatible.

• For any other questions or problems, consult the README at

  C:\ti\simplelink_cc13x0_sdk_1_30_00_xx\tools\ti154stack\tiwsds\README.rtf