Zigbee Tools Wireshark - Jim-tech/IoT-Developer-Boot-Camp GitHub Wiki
Table of Contents
Sniffer is a useful tool to analyze Zigbee network issues. Currently, there are three typical sniffer tool in the industry:
- Ubiqua Protocol Analyzer
- Wireshark
- Network Analyzer in Simplicity Studio
Ubiqua Protocol Analyzer is a commercial software and it's pretty expensive. Network Analyzer can only be used in Simplicity Studio. Furthermore, Network Analyzer is pretty slow when analyzing big sniffer files. Wireshark is an open-sourced software and free to everyone, and it's also possible to add plugins to decode custom file format. It's much much faster than Network Analyzer to analyze big files.
In this page, we will introduce how to analyze Zigbee network issues with Wireshark.
Usually we met three files types of sniffer file:
- .cubx file
- .dcf file
- .isd file
Currently, Wireshark can open .dcf file directly.
.cubx file is the capture file format used by Ubiqua Protocol Analyzer. There is a Wireshark plugin which can be used to decode .cubx file in Wireshark. Below is the steps of using this plugin:
- Download Wireshark 3.2.5 or 3.4.5 (Currently, only provided for these two version) from Wireshark download page, then install it.
- Download Wireshark cubx plugin.
- version 3.4.5:
- Put cubx.dll at Wireshark\plugins\3.4\wiretap
- Put usniffer.dll at Wireshark\plugins\3.4\epan
- version 3.2.5:
- Put cubx.dll at Wireshark\plugins\3.2\wiretap
- Put usniffer.dll at Wireshark\plugins\3.2\epan
- version 3.4.5:
- Start Wireshark as administrator, and you can open the .cubx file with it. The reason why it needs to be opened with administrator is that the plugins will extract the keys from the cubx file and store them in user's config.
ISD file is not supported by Wireshark right now, but it's possible to write a Wireshark plugin to support it.
| Filter | Value | Description |
|---|---|---|
| wpan.frame_type |
|
|
| wpan.dst_pan | 16-bit number | |
| wpan.dst16 | 16-bit number | |
| wpan.src16 | 16-bit number |
| Filter | Value | Description |
|---|---|---|
| zbee_nwk.frame_type |
|
|
| zbee_nwk.dst | 16-bit number | only filter dest Node ID |
| zbee_nwk.src | 16-bit number | only filter src Node ID |
| zbee_nwk.addr | 16-bit number | filter both dest and src Node ID |
| zbee_nwk.dst64 | 64-bit hex | filter dest Eui64 |
| zbee_nwk.src64 | 64-bit hex | filter src Eui64 |
| zbee_nwk.addr64 | 64-bit hex | filter both dest and src Eui64 |
| zbee_nwk.cmd.id | 8-bit number |
|
| zbee_nwk.cmd.status | 8-bit number |
|
| Filter | Value | Description |
|---|---|---|
| zbee_aps.type |
|
|
| zbee_aps.dst | 8-bit number | Destination Endpoint |
| zbee_aps.src | 8-bit number | Source Endpoint |
| zbee_aps.cluster | 16-bit number | Cluster |
| zbee_aps.profile | 16-bit number | Profile |
| zbee_aps.cmd.id | 8-bit number |
|
Wireshark allows users to customize the display specific packets with a specific color. Below are the steps of customizing color:
- In menu "View", select "Coloring Rules", you will see a dialog about coloring. First add a rule, set its name and filter, then pickup a color you want.
- In menu "View", toggle the item "Colorize Packet list" to toggle whether you want to show the color or not.
Home | 
Zigbee | 
Bluetooth | 
ZWave | 
Proprietary | 
Thread | 
Matter | 
Hardware | 
Common
All resources of this repository are released under license CC BY-NC-ND 4.0 