Capturing WPAN traffic

Document created by adewanga on Aug 26, 2014Last modified by linyan on Aug 4, 2015
Version 2Show Document
  • View in full screen mode

Instructions for CG-OS:

The following are few things we typically do on the FAR to monitor traffic:

  1. Start ethanalyzer to capture traffic going through wpan
  2. Use show CLI to get packets count
  3. Use ethanalyzer to filter CSMP traffic

Example/Syntax for 1:
Router# ethanalyzer local interface wpan limit-captured-frames 0
total args=7
/usr/bin/sudo tshark -t ad -l -i wpan0
Capturing on interface(wpan0)
2013-01-04 12:37:05.923627 2003:dead:beef:cafe:aaaa::3a -> 2001:420:7bf:5f::800 UDP Source port: 49152  Destination port: 61624
2013-01-04 12:37:14.043806 2003:dead:beef:cafe:aaaa::3a -> 2003:dead:beef:cafe:: ICMPv6 Unknown (0x9b) (Unknown (0x02))

 

Example for 2:
plc-3# show wpan packet-count

TOTAL:
         incoming: 2518       (408136   bytes)
         outgoing: 256        (32066    bytes)
-------------------------------------------------
lowpan:
         incoming: 2518       (408136   bytes)
         outgoing: 256        (32066    bytes)
dot1x:
         incoming: 0          (0        bytes)
         outgoing: 0          (0        bytes)
outage:
         incoming: 0          (0        bytes)
-------------------------------------------------
lowpan.icmp:
         incoming: 1849       (196410   bytes)
          rpl dao: 283        (51116    bytes)
          rpl dio: 920        (98918    bytes)
          rpl dis: 0          (0        bytes)
          nd ns  : 631        (44816    bytes)
         outgoing: 253        (31778    bytes)
          rpl ra : 198        (26730    bytes)
          nd rs  : 12         (576      bytes)
lowpan.dhcp:
         incoming: 377        (37700    bytes)
         outgoing: 0          (0        bytes)
lowpan.csmp:
         incoming: 255        (169882   bytes)
          - mcast: 0          (0        bytes)
          - ucast: 255        (169882   bytes)
         outgoing: 0          (0        bytes)
          - mcast: 0          (0        bytes)
          - ucast: 0          (0        bytes)
lowpan.c1222:
         incoming: 0          (0        bytes)
          - mcast: 0          (0        bytes)
          - ucast: 0          (0        bytes)
        outgoing: 0          (0        bytes)
          - mcast: 0          (0        bytes)
          - ucast: 0          (0        bytes)
lowpan.unknown:
         incoming: 0          (0        bytes)
         outgoing: 3          (288      bytes)
-------------------------------------------------
ucast:
         incoming: 1561       (305074   bytes)
         outgoing: 11         (1144     bytes)
mcast:
         incoming: 37         (4144     bytes)
         outgoing: 32         (3328     bytes)
bcast:
        incoming: 920        (98918    bytes)
         outgoing: 213        (27594    bytes)
-------------------------------------------------
bridge:
         incoming: 1023       (14935    bytes)
         outgoing: 1032       (9997     bytes)
-------------------------------------------------
(cgos):
         incoming: 834        (77868    bytes)
         outgoing: 2518       (443388   bytes)
(hdlc):
         incoming: 4893       (556360   bytes)
         outgoing: 1355       (91960    bytes)
-------------------------------------------------
udp checksum error:
         incoming: 0          (0        bytes)
icmp checksum error:
         incoming: 0          (0        bytes)
plc-3#
 

Example for 3:

ethanalyzer local interface wpan display-filter udp.port==61624 limit-captured-frames 0 detail

 

 

 

Instructions for IOS (for IPv6 packets):

1. Enable IPv6 CEF on CGR

FAR#conf term

Enter configuration commands, one per line.  End with CNTL/Z.

FAR(config)#ipv6 cef

FAR(config)# end

2. Define a Capture Point

FAR#monitor capture point ipv6 cef (or process switch)CAPTURE-POINT WPAN 5/1 both

3. Define a Capture Buffer

FAR#monitor capture buffer CAPTURE-BUF size 1024 max-size 1518 circular

4. Associate Capture Buffer to Capture Point

FAR#monitor capture point associate CAPTURE-POINT CAPTURE-BUF

5. Start the capture

FAR#monitor capture point start CAPTURE-POINT

6. Wait for required packets to be captured. Stop the capture:

FAR#monitor capture point stop CAPTURE-POINT

7. Obtain a pcap:

FAR#monitor capture buffer CAPTURE-BUF export flash:test.pcap

Export the test.pcap to an external device if required.

8. Review the capture:

FAR#more flash:test.pcap

00000000:  A1B2C3D4 00020004 00000000 00000000    !2CT .... .... ....

00000010:  000005EE 0000000C 53F79818 000A5247    ...n .... Sw.. ..RG

00000020:  00000064 00000064 60000000 003C3A3F    ...d ...d `... .<:?

00000030:  20010DB8 00030005 00013B0B 00300039     ..8 .... ..;. .0.9

00000040:  20010DB8 00030005 00000000 00000000     ..8 .... .... ....

00000050:  810038DF 220C0000 00010203 04050607    ..8_ "... .... ....

00000060:  08090A0B 0C0D0E0F 10111213 14151617    .... .... .... ....

00000070:  18191A1B 1C1D1E1F 20212223 24252627    .... ....  !"# $%&'

00000080:  28292A2B 2C2D2E2F 30313233 53F79818    ()*+ ,-./ 0123 Sw..

00000090:  000BF826 00000064 00000064 60000000    ..x& ...d ...d `...

000000A0:  003C3A3F 20010DB8 00030005 00013B0B    .<:?  ..8 .... ..;.

000000B0:  00300039 20010DB8 00030005 00000000    .0.9  ..8 .... ....

000000C0:  00000000 81001EC4 220C0001 01020304    .... ...D "... ....

000000D0:  05060708 090A0B0C 0D0E0F10 11121314    .... .... .... ....

000000E0:  15161718 191A1B1C 1D1E1F20 21222324    .... .... ...  !"#$

000000F0:  25262728 292A2B2C 2D2E2F30 31323334    %&'( )*+, -./0 1234

00000100:  53F79819 0002630B 00000064 00000064    Sw.. ..c. ...d ...d

00000110:  60000000 003C3A3F 20010DB8 00030005    `... .<:?  ..8 ....

00000120:  00013B0B 00300039 20010DB8 00030005    ..;. .0.9  ..8 ....

00000130:  00000000 00000000 810004A9 220C0002    .... .... ...) "...

00000140:  02030405 06070809 0A0B0C0D 0E0F1011    .... .... .... ....

00000150:  12131415 16171819 1A1B1C1D 1E1F2021    .... .... .... .. !

00000160:  22232425 26272829 2A2B2C2D 2E2F3031    "#$% &'() *+,- ./01

00000170:  32333435 53F79819 00063399 00000064    2345 Sw.. ..3. ...d

00000180:  00000064 60000000 003C3A3F 20010DB8    ...d `... .<:?  ..8

00000190:  00030005 00013B0B 00300039 20010DB8    .... ..;. .0.9  ..8

000001A0:  00030005 00000000 00000000 8100EA8D    .... .... .... ..j.

000001B0:  220C0003 03040506 0708090A 0B0C0D0E    "... .... .... ....

000001C0:  0F101112 13141516 1718191A 1B1C1D1E    .... .... .... ....

000001D0:  1F202122 23242526 2728292A 2B2C2D2E    . !" #$%& '()* +,-.

000001E0:  2F303132 33343536 53F79819 000A5A17    /012 3456 Sw.. ..Z.

000001F0:  00000064 00000064 60000000 003C3A3F    ...d ...d `... .<:?

00000200:  20010DB8 00030005 00013B0B 00300039     ..8 .... ..;. .0.9

00000210:  20010DB8 00030005 00000000 00000000     ..8 .... .... ....

00000220:  8100D072 220C0004 04050607 08090A0B    ..Pr "... .... ....

00000230:  0C0D0E0F 10111213 14151617 18191A1B    .... .... .... ....

00000240:  1C1D1E1F 20212223 24252627 28292A2B    ....  !"# $%&' ()*+

00000250:  2C2D2E2F 30313233 34353637 XXXXXXXX    ,-./ 0123 4567 XXXX

 

9. Monitor the Capture Point and Capture Buffer:

FAR#show monitor capture point all

Status Information for Capture Point CAPTURE-POINT

IPv6 CEF

Switch Path: IPv6 CEF            , Capture Buffer: CAPTURE-BUF        

Status : Active

 

Configuration:

monitor capture point ipv6 cef CAPTURE-POINT Wpan5/1 both

 

 

FAR#show monitor capture buffer all parameters

Capture buffer CAPTURE-BUF (circular buffer)

Buffer Size : 1048576 bytes, Max Element Size : 1518 bytes, Packets : 0

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : CAPTURE-POINT, Status : Active

Configuration:

monitor capture buffer CAPTURE-BUF size 1024 max-size 1518 circular

monitor capture point associate CAPTURE-POINT2 CAPTURE-BUF

 

10. Delete the Capture Point and Capture Buffer:

FAR#no monitor capture point ip cef CAPTURE-POINT WPAN 5/1 both

FAR#no monitor capture buffer CAPTURE-BUF

Attachments

    Outcomes