Protocols – Wireshark
automatically identifies the protocol in use. All supported protocols are
enabled by default, go to Analyze>Enabled Protocols to see all the
menu options. The user can use this option to enable or disable protocols as per
the requirement.
Note: The user must ensure all the
required protocols are enabled before capturing the packets.
Security – It is possible to
monitor encrypted ZigBee network data by entering the Network (NWK) security key
used in the network. Go to Edit>Preferences>Protocols>ZigBee.
The following figure illustrates the security key configuration options in
Wireshark.
From the “Pre-configured
Keys”, click Edit to enter the security keys (see Figure 4-2).
Figure 4-1. Security Preferences
in Wireshark
The security level can be set as per the Zigbee Specification Revision 22
1.0. The following table provides details about the security levels.
Table 4-1. Security Levels Available to
the NWK, and Application Support Sub-Layer (APS)
Security Level Identifier
Security Level Subfield
Security Attributes
Data Encryption
Frame Integrity (Length M of MIC,in Number of Octets)
0x00
000
None
OFF
NO (M = 0)
0x01
001
MIC-32
OFF
YES (M = 4)
0x02
010
MIC-64
OFF
YES = (M = 8)
0x03
011
MIC-128
OFF
YES (M = 16)
0x04
100
ENC
ON
NO (M = 0)
0x05
101
ENC-MIC-32
ON
YES (M = 4)
0x06
110
ENC-MIC-64
ON
YES = (M = 8)
0x07
111
ENC-MIC-128
ON
YES (M = 16)
Note: For more details on the security levels,
refer to the Table 4-30 Security Levels Available to the NWK,
and APS Layers in the Zigbee Specification Revision
22 1.0 (05-3474-22).
It is possible to add multiple keys and edit or remove existing keys. The following
figure illustrates the security key entries.
For example, for a Zigbee network that uses centralized security in the APS layer, a
device joining the network establishes a link key with the trust center. To view all APS
transactions happening in this link, such as the APS Transport Key
command, add the Trust Center Link Key and network key
under the preferences tab in Wireshark (see the following figure).Figure 4-2. Security Key Entries
The user can customize the following viewing options in the Wireshark:
For arranging the layout of the
panels, go to Edit>Preferences>Layout.
For adding columns to the packet
display pane (for example, HW Src Addr), go to
Edit>Preferences>Columns.
To colorize frame formats (for
example, NWK Link Status Frames), go to View>Coloring Rules. For more
details, refer to the Packet colorization (11.3).
Perform the following steps to
apply filters to display frames based on chosen fields in a frame:
Right-click the field
Select Apply as
Filter
Figure 4-3. Wireshark Capture Screen
Layout
The online versions of the documents are provided as a courtesy. Verify all content and data in the device’s PDF documentation found on the device product page.