On Sep 23, 2008, at 5:00 PM, Colin O'Flynn wrote:
It's my understanding Wireshark has 802.15.4 support in it since
version
1.0.0. However I'm trying to understand how to enable this...
"Support" for a given protocol doesn't necessarily mean "you can
encapsulate it in anything"; in the case of 802.15.4, the support was
put in for the benefit of people who were directly capturing 802.15.4
packets and writing 802.15.4 packets to a file with no encapsulation.
My hardware shows up as an ethernet interface, so I've routed the
raw 802.15.4
packets as data encapsulated by an ethernet header.
What hardware is that? And, when you say "routed", to what are you
referring?
I.e., what's the full hardware and software data path from the
hardware up to either libpcap/WinPcap or whatever other software is
either feeding packets to Wireshark (over a pipe?) or writing packets
to a file for Wireshark to read later? If that data path can be made
to just pass raw 802.15.4 packets, with no encapsulation, and with a
DLT_ value of DLT_IEEE802_15_4 (195), it might be possible to have
Wireshark read those packets without any change.
If I right-click on these received packets and select "decode as", I
don't see
the "wpan" option. Which is kinda what I was hoping would happen, as
that
roughly ends my knowledge of wireshark!
"Decode as" doesn't implement a full NxM matrix where arbitrary
dissector A can be plugged into arbitrary packet type value B, so that
won't work.
