On 08/06/2014 08:46 AM, Christian Aurich wrote: > Hi, > > reading blog about sniffing NRF24 data with wireshark [1] I wondered if would > be possible to use sigrok in conjunction with Wireshark. Basically I would > like to use wireshark to dissect my traffic say on an SPI line. In one case I > have a device that transfers ethernet data over SPI. But while developing the > linux driver for this SPI device I also would like to be able to see the SPI > protocoll to work as expected... For this use I cannot imagine to work with > sigrok alone - simply because I would not bother to implement an ethernet > decoder for it ;) > > So maybe there is an easy solution available already. Otherwise this should > be a discussion about how to implement such a feature... I already had a > start reading and understanding the sigrok code and am willing to implement > such a feature. > > A minimalistic example of how to get data into wireshark from external > programs is: (Tested on ubuntu 14.04) > > wireshark -k -i <(echo -e > "\xD4\xC3\xB2\xA1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x10\x00\x00\x00\x41") > > This passes wireshark the pcap header (struct pcap_hdr in [2]), the header of > the actual packet (struct pcaprec_hdr in [2]) and "0x41" as the content of > this packet. Wireshark opens with displaying that packet with "A" as the only > content. > > Generally the full duplex nature of SPI could be a problem for wireshark... I > have never seen any implementations of high level protocols that use SPI in > full duplex, usually they switch between tx and rx in some point of the > transmission. But just from watching the SPI you are not able to know where > this point is. Therefore one might need to use a sigrok high level decoder to > be useful with wireshark... > > Any comments how I can combine sigrok with wireshark are welcome. > > [1] http://hackaday.com/2014/08/05/sniffing-nrf24l01-traffic-with-wireshark/ > [2] > https://github.com/Yveaux/NRF24_Sniffer/blob/master/SerialToPipe/src/Nrf24Sniff/Nrf24Sniff.cpp > > Mit freundlichen Grüßen / Kind regards > Christian Aurich
Hi, You can write a protocol decoder that stacks on top of the existing SPI decoder and dissects the commands to the ethernet controller. Protocol decoders are written in Python, take the nrf24 decoder [1] as an example, the working of your ethernet controller will probably be very similar (some setup commands, write your own device's address into the chip, write transmission payload, poll for incoming packets, read received payload). In your decoder, use the OUTPUT_BINARY decoder output [2] to output the ethernet packets as PCAP when you encounter the read/write payload commands. You should then be able to use sigrok-cli to save the PCAP file like this (assuming your decoder is called 'enc28j60'): $ sigrok-cli <other options> -P spi,enc28j60 --protocol-decoder-binary enc28j60 > capture.pcap Or, use one of the other methods described at [3] to do a live capture by piping the output of sigrok-cli directly into wireshark. MfG, Jens [1] http://sigrok.org/wiki/Protocol_decoder:Nrf24l01 [2] http://sigrok.org/wiki/Protocol_decoder_API#Backend_library [3] http://wiki.wireshark.org/CaptureSetup/Pipes ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ sigrok-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sigrok-devel
