802.15.4 traffic monitoring (wireshark?)

Zonker · 2018-10-14 04:21:00 UTC

What type of hardware interface is needed to monitor the mesh traffic between nodes in a particle mesh network? (I’m looking for specific pointers to hardware that will work with my soon-to-arrive pre-ordered devices…) I think it would help to have pointers to devices known to work. I understand that you might be reluctant to recommend one or two products over another, but you are also launching a technology that most of us are not familiar with. There was a reference to such tools for monitoring in the opening presentations at #Spectra18, but I can’t find any pointers here in the forums and my notes.

I’ve been trying to find USB devices to use with Windows and wireshark, but maybe those keywords are hampering my search? I’ve found soe Zigbee radios, but it’s not clear if those radios will read the Particle Mesh packets. The options all seem to be priced in Euros (and range from 37-119). I’m willing to pay a fair price for the “right tool”, but that’s a lot of money to simply try, hit-or-miss. Please help us find the tools to help us get deeper into these new devices.

rickkas7 · 2018-10-14 09:31:50 UTC

As far as I know, no one has done it. But I suspect it’s possible, at least two different ways:

Using a USB SDR device, GNU Radio, RFTap, and Wireshark. I found a couple examples of doing Zigbee. Particle Mesh is Thread Mesh, 6LoWPAN over 802.15.4, not Zigbee, but they’re similar. You should be a able to decode at least up to Thread Mesh, though the actual Particle cloud connection is encrypted so you won’t be able to see inside the CoAP over DTLS packets.
Using an nRF52840 development kit with Wireshark:
http://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.threadsdk.v0.11.0%2Fthread_sniffer.html

syrinxtech · 2018-10-14 14:33:36 UTC

@zonker, this might be what you want:

https://wiki.wireshark.org/IEEE_802.15.4

It may or may not decrypt if you’re using any application-layer encryption or special encoding.

Zonker · 2018-10-14 18:38:41 UTC

@rickkas7: That’s an ideal answer! The “Thread Mesh, 6LoWPAN over 802.15.4, not Zigbee” portion is what we need to dig in deeper, and should help in the product selection. The SDR answer is a good idea, since a recent ADABOX (007, I think) included a USB SDR.

I hoped/expect that the data going from my mesh to the particle cloud is encrypted.

@syrinxtech: The drill-down on the wireshark page is also useful, pointing out that the decoder in Wireshark is mature. Time to see if my Surface Pro 4 can run wireshark with the USB SDR.

As I collect any other useful pointers, I’ll put together a wiki with what I learn, in an effort to help others. I’ll keep posting here in the forums, but there are signs that the water here could get pretty deep. My hope is to lay a foundation for the beginners to follow.

Zonker · 2019-01-03 03:47:21 UTC

So, nobody at Particle has a “lightweight” solution for monitoring test traffic in the lab, as they are tweaking the new code? Wireshark is a good option, and I also have access to OmniPeek (a high-end commercial packet sniffer), but lack a radio module set up for 802.15.4. I have a ZigBee Pro module, but cannot figure out how to put it into a promiscuous mode… lots of inference, but the code to unlock a module’s Layer-1 is a well-kept secret.

ninjatill · 2019-01-03 04:02:38 UTC

There was some discussion about using Nordic’s USB development dongle on this thread that you might find interesting: