SmartRF™ Packet Sniffer User Manual - TI E2E Community
Contents
1. Advertising Channel 38 2425 MHz Iv Connect to Initiator Address 1 12233445566 hex The capture device can be configured to follow a data connection between a specific Bluetooth low energy master initiator and slave device In the Radio Configuration tab click the checkbox next to the Connect to Initiator Address and write the address of the initiator master device If this option is not selected the capture device will start following the first data connection that appears on the current advertising channel 16 31 TEXAS SWRU187E INSTRUMENTS 2 7 Select fields The field selection tab can be used to select which fields to display and which to hide in the packet list This feature is particularly useful for low resolution screens less than 1024x768 The fields are grouped in several colour coded categories The time stamp can be displayed in microseconds or milliseconds The payload data can be displayed as hex bytes or as plain text In plain text format all non printable characters will be replaced by a The Selected Fields list box gives the possibility to select predefined field groups It is also possible to select all or Each frame can be shown either with its LQI Link Quality Indication ranging from 0x00 to OxFF or RSSI Received Signal Strength Indicator with an approximation to the actual RF level in dBm The parameter is derived from the IEEE802 15 4 ZigBee protocol specif2. values This condition should be given as follows FCF Type BCN Ack_req 1 When all conditions that should be evaluated with the AND operator are defined the condition can be moved to the multi line Filter condition window with the L 1 button Enter will give the same result In this window several filter conditions can be added and all the conditions in vertical direction will be evaluated with the OR operator To summarize Conditions in the horizontal direction are evaluated with the AND operator Conditions in vertical direction are evaluated with the OR operator To remove a line from the multi line filter condition select the required line and click the Remove button To remove all the lines from the multi line filter condition click the Al button The button 200005 will activate the filter and the packet window will be redrawn with packets that comply with the given filter condition The ft fiter button should be used to disable the filter function The packet window will be redrawn again and all packets will be visible The filter function can be enabled and disabled while the sniffer is running 20 31 5 SWRU187E NSTRUMENTS Capturing device Configuration Select fields Packet details Address book Display filter Time line Field Mame Template Filter management Frame cantral field Pndzz First And Add
3. 250 Freg 2433MHz Fate 2 smpl sniffer 1110 smpl cc1111 smpl c A581 1 Select Channel a Register Value 1 FSCTRLO Osii FREQZ 0 2 FREQO 3E MOMCFG4 L JT LE JOrn y Po Browse Write File Apply The radio settings should be given in a text file The file can be created by SmartRF Studio This makes it easy to get all the correct register settings calculated by SmartRF Studio See chapter 6 for further details After installation of the SmartRF packet sniffer a default file will be available in the subdirectory of the applicable plugin The format of the file is shown in the example below 15 31 TEXAS Name PKTLEN PKTCTRL1 PKTCTRLO FSCTRL1 FREQ2 FREQ1 FREQO MDMCF G4 MDMCFG3 MDMCFG2 MDMCFG1 MDMCFGO DEVIATN MCSM1 MCSMO FOCCFG BSCFG AGCCTRL2 AGCCTRL1 AGCCTRLO FREND1 FRENDO FSCAL3 FSCAL2 FSCAL1 FSCALO NSTRUMENTS Addr OxDFO2 OxDFO03 OxDF04 OxDFO07 OxDFO09 OxDFOA OxDFOB OxDFOC OxDFOD OxDFOE OxDFOF OxDF10 OxDF11 OxDF13 OxDF14 OxDFI5 OxDF16 OxDF17 OxDF18 OxDF19 OxDF1A OxDFIB OxDFEIC OxDF1D OxDF1E OxDF LF PA TABLEO OXDF2E OxFD 0x04 0x05 0x07 OxIC 0x80 0x00 Ox2D Ox3B 0x73 0x22 OxF8 0x00 OscOC 0x10 Ox1D OxIC OxC7 Val Description Packet length Packet automation control Packet automation
4. 8 kB buffer Data Buffer gt USB controller Temporary Disk file Data Buffer Cache buffer In RAM Screen GUI Figure 9 Dataflow for the packet sniffer SoC For the moment it is only the CC2520 transceiver that is supported by the packet sniffer The buffer is only applicable for the System on Chip devices SoC If the PC application is not able to read the packets from the connected devices data buffer fast enough an Overflow error will be given by the device and the packet sniffer will show the error on screen 1 4 Software The firmware on the SoC s required to run the sniffer will be checked and loaded automatically if needed when the sniffer is started This can be seen on the status bar in the lower left corner The same apply for the USB controller but the user will be asked to do the update and the user has the possibility to reject the update In that case it might be that the sniffer is not working properly The following operating systems are supported Windows XP Pro 32 bit Windows Vista 32 bit Windows Vista 64 bit Windows 7 32 bit Windows 64 bit 9 31 TEXAS SWRU187E INSTRUMENTS 2 User Interface 2 1 Launch Window To select between the different options for protocol and HW configuration a launch window will be shown when starting the sniffer t Texas Instuments Packet Sniffer Packet
5. CC Debugger and the chip type is CC1110 or CC2510 an additional option will be visible in the Capturing device panel The sniffer communication interface must be selected The default value is USARTO and is applicable when CC Debugger is used together with the SmartRFCCxx10TB board See figure below Capturing device Configuration Select fields Packet details Address book Display filter Time line Select capturing device ID 1254 Chip type CE1110 EB type Debugger Sniffer communication interface t USAATO C USART USART 1 should be used for all other combinations with CC1110EM or CC2510EM 14 31 5 SWRU187E NSTRUMENTS 2 6 Radio Configuration The Radio Configuration tab is used to select the parameter values required to configure the radio of the capturing device The parameters depend on the selected capturing device IEEE 802 15 4 devices For IEEE 802 15 4 devices the required channel must be selected Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line IEEE 902 15 4 Channel 0x11 2455 MHz Proprietary devices These radios support a lot of programmable RF parameters Capturing device Radio Configuration Select fields Facket details Address book Display filter Time line Register settings Select File Registers Register Update 2d433Mhz 250kKB aud 434MHz 250kKB aud hl BbBMhz
6. Filter condition Remove Open FLF BLM Remove All Save Apply filter Menge Figure 19 Display filter panel Filter management On the right side of the panel a Filter management function is provided The filter management contains a database of defined filters The database can be saved to a file and read from a file The file is formatted as a plain text file and can be manually updated if required Below is an example of a filter database file The filter name is given within square brackets and the filter conditions are given on the following lines In this example the filter condition is Dest Address 0x2430 OR 0x1749 address DAD 0x2430 DAD 0x1749 To add a filter definition to the database the Add button should be used In order to add the filter to the database a filter name must be given in the window to the left of the button When the name is given and the Add button is pushed the current filter definition the multi line window of the filter condition will be added to the filter database The name of the filter will appear in the list of filters Window below the filter name To remove a filter select the required filter in the list of filters and push the __Femave button The filter database can be read from a file with the pen button To save the filter database to a file use the Swe button To add filter definitions from a file without deleting the exis
7. For revision A and B of CC2430 register CHVER s 0x02 the jumpers must be set in the horizontal direction in parallel with the display like in Figure 2 For newer revisions of CC2430 the jumpers should be set in the vertical direction this is the default position 6 31 3 TEXAS SWRU187E INSTRUMENTS Smar t RF85 evaluetion Board Ray X 4 LJ 1 3 lat ub e b E L 7 Figure 5 CC2511 CC1111 USB Dongle Both the CC2511 and the CC1111 USB Dongle can be used as capturing device with the packet sniffer The Dongles must be pre programmed with special firmware in order to work with the packet sniffer After installation of the packet sniffer the hex file to be programmed can be found on the following directory installation directory GenerallFirmware sniffer fw ccxx1 1 hex The firmware can be programmed with the SmartRF Flash Programmer To program the firmware on the dongle it must be connected to SmartRFOSEB or the CC Debugger via the debug connector See user manual for the flash programmer for details on how to use the flash programmer 7 31 3 TEXAS SWRU187E INSTRUMENTS Figure 6 CC2531 USB Dongle The CC2531 USB Dongle must be pre programmed with special firmware in order to work with the packet sniffer After installation of the packet sniffer the hex file to be programmed can be found on the following directory installati
8. Haw data hex 41 88 00 10 20 BB FF ASS dBm 34 Correlation value 105 CAC OF 1 Figure 17 Packet details panel The packet index shows the index for each captured packet starting with index 1 for the first packet The RSSI value is read from the connected device and adjusted with a given offset value to get an approximate value in dBm The correlation value is equal to the value read from the connected device See the datasheet of the connected device for detailed information on the RSSI and correlation values 18 31 5 SWRU187E NSTRUMENTS 29 Address book The address book contains all known Node addresses from the most recent session By selecting Auto register on by default the packet sniffer will register all addresses automatically and add entries into the address book The example below show the fields defined for the IEEE 802 15 4 ZigBee protocols Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line Remove Auta registered 0 OvO08C 00001 0 000000000102031 w Auto register Auta registered 1 0 0000 DU FFFFFFFFFFFFFFFF Auta registered 2 O 004C OF FFF 05001 246 000006 M UF Auta registered 3 OvO04C 43 04001 2460000088061 chis Move DOWN Figure 18 Address book panel Nodes are added replaced manually by clicking the Add button or by pressing the Enter key while standing in
9. OxFFFF Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line SOURCE 148 ArU gt Unregistered broadcast BEBE E E E NEN Auto registered 0 PTT Auto registered 1 Auto registered 2 Auto registered 3 Facket count 286 Error count amp Filter Figure 11 Packet sniffer screenshot from the IEEE8022 15 4 ZigBee protocols 11 31 TEXAS NSTRUMENTS 2 3 Menus and Toolbars Menu Button Key File Reset i File Open data c File Save data La p F5 i F6 F Settings gt Cash buffer size Settings gt Clock multiplier Settings gt Packet broadcast Help gt About the PSD file format Help User Manual Help Rev History SWRU187E Description Empties the packet buffer and the packet list Load packet buffer from file Save packet buffer to file Display the tabs at the bottom of the window Start the packet sniffer does not empty the buffer Pause the packet sniffer Delete all captured packets when starting Switch automatic scrolling on off owitch between normal font or small font in the packet view window The size of the packet RAM buffer in megabytes A clock multiplier which allows you to compensate for clock speed differences on the connected device and the hardware running the network applicatio
10. control Frequency synthesizer control Frequency control word high byte Frequency control word middle byte Frequency control word Modem Modem Modem Modem Modem Modem low byte configuration configuration configuration configuration configuration deviation setting when FSK modulation is enabled Main Radio Control State Machine configuration Main Radio Control State Machine configuration Frequency Offset Compensation Configuration Bit synchronization Configuration AGC control AGC control AGC control Front Front Frequency Frequency Frequency Frequency PA Output end end RX configuration RX configuration synthesizer calibration synthesizer calibration synthesizer calibration synthesizer calibration Power Setting When the file is selected the register values will be shown in the Registers frame SWRU187E To modify the register value double click the register name The register name will appear in the Register update frame The value can be changed in the Value field Click on Apply to use the new value The changes can be seen in the Register frame The new values can be written to file with a click on the Write to file button Bluetooth Low Energy devices For Bluetooth Low Energy devices the Advertising channel must be selected Capturing device Configuration Select fields Packet details Address book Display filter Time line
11. defined by combining these fields with AND and OR operators o Time line Displays a large sequence of packets about 20 times as many as in the packet list and sorted by either source or destination addresses The packet sniffer screenshot in Figure 11 shows an example from the IEEE802 15 4 ZigBee protocol The status bar displays the total unfiltered number of captured packets the number of packets with errors checksum error and the number of occurrences of buffer overflow and the status of the filter function If filter is on it will show the number of packets which have passed current filter conditions 10 31 3 TEXAS SWRU187E INSTRUMENTS 3 Texas Instruments 5martRF Packet Sniffer IEEE 802 15 4 MAC and ZigBee 2006 File Settings Help Lj al Ca gt ZigBee 2006 Sequence number Sequence number Frame control field Sequence Type Sec Pnd Ack req compr number ACE 0 0 0 0 Frame control field Sequence Type Sec Ack req PAN compr number Frame control field Sequence number xCF Frame control field Sequence Dest Type Sec Pnd Ack req PAN compr number Address CHD 0 0 0 OxFFFF DEFFFF Frame control field Sequence Source Source Type Sec Pnd Ack req PAN compr number PAH Address BCH 0 0 0 0 0x79 OxO04C Ox0000 Frame control field Sequence Dest Dest Type Sec amp ck req PAN compr number PAN Address CMD 0 0 0 Ox FE
12. 0 9 TOC UIE INT EE 30 2 31 TEXAS NSTRUMENTS SWRU187E 1 Introduction The SmartRF Packet Sniffer is a PC software application used to display and store RF packets captured with a listening RF HW node Various RF protocols are supported The Packet Sniffer filters and decodes packets and displays them in a convenient way with options for filtering and storage to a binary file format The Packet Sniffer is installed separately from SmartRF Studio and must be downloaded from the Texas Instruments web site A shortcut for all supported signalling protocols will be placed on the Windows Start menu after the installation 3 31 TEXAS INSTRUMENTS 1 1 Protocols SWRU187E The supported protocols can be seen in the Launch window when starting the packet sniffer The following combinations of protocols and HW RF Device are supported Protocol Bluetooth low energy SimpliciT Generic Version Bluetooth core spec 4 0 2007 PRO 2006 2003 ZigBee RF4CE 1 0 1 mk IX ek l3 ORDO Capture device CC2540 USB Dongle CC2540EM SmartRFO5EB CC2531 USB Dongle CC2530EM SmartRFO4EB SmartRFO5EB CC2520EM SmartRFO5SEB CC2430EM SmartRFO4EB SmartRFO5EB CC2431EM SmartRFO04EB SmartRFO5EB CC2430DB 2003 CC2420EM CC2400EB CC2531 USB Dongle CC2530EM SmartRFO4EB SmartRFO5SEB CC2520EM SmartRFOSEB CC2430EM SmartRFO4EB SmartRFO5EB CC2431EM SmartRFO4EB S
13. 3 TEXAS INSTRUMENTS SmartRF M Packet Sniffer User Manua 4i Texas Instruments SmartRF Packet Sniffer IEEE 802 15 4 MAC and ZigBee 2006 File Settings Help aial 5 5 ZigBee 2006 Time ms Frame control field Sequence 0 Type Sec Pnd Ack req compr number 0 ACK 0 0 0 0 OxCE Frame control field Sequence Source Type Sec Pnd Ack req PAN compr number Address 0 1 1 Ox21 0 0006 Frame control field Sequence Type Sec Pnd Ack req P N compr number 0 0 0 0 0 21 Frame control field Sequence Source Type Sec Pnd Ack req compr number Address DATA 0 0 1 1 OxCF 0 0000 Frame control field Sequence Type Sec Pnd Ack req P N compr number 0 0 0 0 OxCF Frame control field Sequence Dest Dest Type Sec Pnd Ack req compr number Address CMD 0 0 0 0 OxFD OxFFFF OxFFFF Frame control field Sequence Source Source Type Sec Pnd Ack req compr number Address BCN 0 0 0 0 0 79 OxOO04C Ox0000 Frame control field Sequence Dest Dest Type Sec Pnd Ack req PAN compr number PAN Address CMD 0 0 0 0 xFE OxFFFF OxFFFF Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line SOURCE 148 270 gt Unregistered broadcast BEBE 8 8 8 PEPER EEE Pa Auto registered 0 Auto registered 1 Auto registered 2 Auto registered 3 E Error coun
14. EM CC1110EM or CC2510EM SmartRFOSEB CC2430EM CC1110EM CC2510EM CC2520EM or 2530 CC2531 USB Dongle CC Debugger SmartRFCCxx10TB CC2540 USB Dongle The applicable board must be connected to the PC through USB Figure 1 CC2400EB CC2420 Note The Packet Sniffer started when selecting IEEE802 15 4 ZigBee 2420 will be different from the others A different GUI application will be started The most important difference is that the packets will only be stored in a RAM buffer That means the GUI application will not be able to handle more packets when the buffer is full See the user manual for Packet Sniffer CC2420 for more details The manual can be found under the documentation option of the start menu start gt Texas Instruments gt Packet Sniffer gt Documentation gt Packet Sniffer CC2420 user manual 5 31 SWRU187E 3 TEXAS INSTRUMENTS Figure 2 CC2430DB NI betel 0 2 3 m 3 ag 1 1 02 R amp N E L c Chipcon Smar tRFO4EB 1 9 5 04 Evadusz AS R381 os NN ga AT2 2 ELIT f ASG i Evam L 27 Salles norit Een E dM 1 LE Cie De ues an in _ _ UBL gt C301Fh c261 1777711 a ve Figure 3 SmartRFO4EB Note Observe the jumpers on header P3
15. S SWRU187E NSTRUMENTS 4 Know Issues 41 Bluetooth Low Energy The capture device currently ignores the connection timeout parameter for an active connection This means that the sniffer will not know that a connection between two BLE devices is down if no new packets are received for the duration of the connection timeout The reason this is not supported by the sniffer is to remedy the case where the sniffer follows a data connection between two remote devices and thus is likely to lose a number of packets for a period of time that exceeds the connection timeout When the actual connection is terminated due to a connection timeout the sniffer must be stopped click the pause stop icon and restarted click the play icon in order to follow a new connection 24 31 5 SWRU187E NSTRUMENTS 5 Format of packets saved to file The figure below describe the packet format for packets saved to a Packet Sniffer Data PSD file The number of bytes is given for each field 1 4 1 S FCS Payload Length Timestamp Packet number Packet Information Figure 21 Packet format in PSD file Packet Information New field introduced from version 2 3 0 Contains information used by the packet sniffer to read the data correctly Length includes FCS Bit 1 Correlation used Bit2 Incomplete packet Bit 3 7 Not used Timestamp 64 bit counter value To calc
16. Sniffer TEXAS INSTRUMENTS Ver 2 10 1 Select Protocol and chip type Required Hv platform SmartRF 4EB CC2430EM or C2430065 Click Start button to launch Packet Sniffer Figure 10 Screen shot of the packet sniffer launch window To start the packet sniffer a combination of protocol and chip type should be selected Then the start button should be clicked If a packet sniffer session has been started and the launch window is closed the sniffer session will still remain active and must be closed explicit if required 2 2 Packet Sniffer window of an active session The main window of the packet sniffer can be divided into two sections e Atthe top A packet list which displays the various fields of the decoded packets e Atthe bottom The following seven tabs o Capturing device Selects which capturing device to use o Radio Configuration Input data to configure the radio of the capturing device E g Channel number for IEEE 802 15 4 devices o Select fields Select which fields to display in the packet list Packet details Displays additional packet details e g raw data o Address book Contains all known nodes from the current session Addresses be registered automatically or manually and they can be changed or deleted o Display filter Packet filtering with user defined filter conditions A list of all fields which can be used to define the filter condition is given From this list a filter condition can be
17. compliance with all legal and regulatory requirements in connection with such use TI products are neither designed nor intended for use in automotive applications or environments unless the specific TI products are designated by TI as compliant with ISO TS 16949 requirements Buyers acknowledge and agree that if they use any non designated products in automotive applications TI will not be responsible for any failure to meet such requirements Following are URLs where you can obtain information on other Texas Instruments products and application solutions Products Applications Amplifiers amplifier ti com Audio www ti com audio Data Converters dataconverter ti com Automotive www ti com automotive DSP dsp ti com Broadband www ti com broadband Clocks and Timers www ti com clocks Digital Control www ti com digitalcontrol Interface interface ti com Medical www ti com medical Logic logic ti com Military www ti com military Power Mgmt power ti com Optical Networking www ti com opticalnetwork Microcontrollers microcontroller ti com Security www ti com security RFID www ti rfid com Telephony www ti com telephony RF IF and ZigBee Solutions www ti com Iprf Video amp Imaging www ti com video Wireless www ti com wireless Mailing Address Texas Instruments Post Office Box 655303 Dallas Texas 75265 Copyright 2010 Texas Instruments Incorporated 31 31
18. ed 22 40 2010 The table with combinations of protocols HW has been updated A picture of the HW platform for CC2420 is added Document updated with information about capturing device used for the Bluetooth Low 25 08 2010 Energy protocol Screen shots have been updated B 03 11 2009 SmartRFCCxx10TB added as possible capturing device 19 02 2009 Description for SmartRFO5EB added 30 31 5 SWRU187E NSTRUMENTS IMPORTANT NOTICE Texas Instruments Incorporated and its subsidiaries TI reserve the right to make corrections modifications enhancements improvements and other changes to its products and services at any time and to discontinue any product or service without notice Customers should obtain the latest relevant information before placing orders and should verify that such information is current and complete All products are sold subject to Tl s terms and conditions of sale supplied at the time of order acknowledgment TI warrants performance of its hardware products to the specifications applicable at the time of sale in accordance with 5 standard warranty Testing and other quality control techniques are used to the extent Tl deems necessary to support this warranty Except where mandated by government requirements testing of all parameters of each product is not necessarily performed Tl assumes no liability for applications assistance or customer product design Customers are responsible for their products a
19. en acted cel aes 17 2 8 2 N E et rM Mu er E et ac et EEE 18 2 9 PRU IRE SS oa ir cen cien Mar un 19 Zu SDISPESYAOEIETER ene oem RETEST a Se 20 ZR 21 3 FNC RYP EPV 23 3 1 HOW TO USE THE DECRYPTION EB VIUBE doy eee re Bea Le Oa EA EUR 23 3 2 EINITATION TERT 23 4 KNOW TSSUES prc V v 7 7 P 24 4 1 BLUETOOTH LOWENERGY tir totam a vn eae atone Leta dessa 24 5 FORMAT OF PACKETS SAVED TO FILE ee eee eee eee e eee eee e eee ee eee eee esee see esses 25 6 EXPORTING REGISTER SETTINGS FROM SMARTRE STUDIO 26 7 HELP m P 27 8 TROUBLESHOOTING oain Eee Pee oo Oo Le ee ue UE odo 28 9 GENERAIINFORMATIQDN 21i es eos ce Teck bote cbe Qus unu ab Deos Ee eco iva ee ebore 3
20. f bytes given in the lt protocol gt plt file Located in the plugin folder The file contain Packet length raw data n where n is the buffer size excluding the packet info byte E g Packet length raw data 150 means that the total number of bytes for each packet should be 151 Time us RSSI 0 FCS f 31 2369 OK Figure 13 Sample packet in Packet Sniffer GUI C Perl bin perl exe UDP Server Waiting for client on port 4668 127 8 8 255 1993 gt sent 3 bytes 01 HH HH HB 2A FE HH BH 1H 61 88 H7 2H 61 19 19 H4 H1 HE EB _ Figure 14 Sample packet as shown by udp receive pl 13 31 TEXAS INSTRUMENTS SWRU187E 2 5 Capturing device The Capturing device tab is used to select the required device Depending on the selected protocol the applicable devices will be shown in the list The list will automatically be updated when an applicable device is connected to a USB connector The Capturing device must be selected before the packet sniffer can be started which is done by clicking the tool bar button or hitting the F5 key Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line Select capturing device ID 5451 Chip type CC2540 EB type 2540 USE Dongle Figure 15 Capturing device Sniffer communication interface If the EB type is
21. he vertical direction will be checked with an OF operator Remove Open Save Menge n Figure 23 Display filter panel with the tool tip shown Keyboard and mouse button events will cause the tool tip to disappear or not be displayed at all 27131 l TEXAS INSTRUMENTS SWRU187E 8 Troubleshooting This section contains some troubleshooting tips that should be used if the packet sniffer does not function as expected Execute the steps one by one until the problem is solved A The evaluation board is not detected it does not appear in the list box in the Setup tab Using smartRFO4EB CC2430EM Make sure that the USB cable is connected and that a CC2430EM is mounted Check that the jumper between OUT IN is connected Check that the jumpers on P3 are mounted correctly see the CC2430DK user manual Press the Reset button Using 2430DB Make sure that the USB cable is connected and power switch is in USB position Check that the jumper on P3 pin 1 2 is mounted Check that all tree jumpers on P5 are mounted Press the Reset button B When pressing the start button the following message is given Not able to Start Sniffer Try upgrade of USB firmware Check if latest Firmware version of the USB controller is used This should be version 0037 or later This can be seen by using the SmartRF Flash Programmer from Texas Instruments The figure below show an example from the fla
22. ication The exact definition will depend on the used protocol The example below shows the fields defined for the protocol Capturing device Radio Configuration Select Fields Packet details Address book Display filter Time line LJ Packet Header LJ Simplicity Header App Payload LI Network App Footer Time stamp uz Miscellanious Application payload Ping Length byte Dest address Link client E source address Link Server Port Join client E Device Infa Join Server Transaction ld Security security header Frequency Frequency CCC Time stamp Milisecands Payload format Bytes Selected Fields All LGI RSSI Figure 16 Select Fields panel Tips Extended selection is used to operate the controls select a range of fields o Click and drag over the fields that should be selected or select the first field hold down the Shift key and select the last field e oselect unselect a single field o Hold down the Ctrl key and click on the field to be toggled 17 31 SWRU187E NSTRUMENTS 2 8 Packet details By double clicking on a packet in the packet list additional details as shown below will be displayed This example show details from the protocol Capturing device Radio Configuration Select fielde Packet details Address book Display filter Time line Packet index 1 Length 11
23. martRFO5EB CC2430DB CC2531 USB Dongle CC2530EM SmartRFO4EB SmartRFO5EB CC2520EM SmartRFO5EB CC2430EM SmartRF04EB SmartRFO5EB CC2431EM SmartRFO04EB SmartRFO5EB CC2430DB CC1110EM SmartRF04EB SmartRFO5EB CC1111 USB Dongle CC2510EM SmartRFO4EB SmartRFO5EB CC2511 USB Dongle CC2531 USB Dongle CC2530EM SmartRFO4EB SmartRFO5EB CC2520EM SmartRFO5EB CC2430EM SmartRF04EB SmartRFO5EB CC2431EM SmartRFOA4EB SmartRFOBEB CC2430DB CC1110EM SmartRFOA4EB SmartRFOBEB CC1111 USB Dongle CC2510EM SmartRFO4EB SmartRFO5EB CC2511 USB Dongle Table 1 Supported protocols Can used to capture packets from CC2540 Bluetooth low energy devices CC2420 CC2430 2431 CC2480 CC2520 CC2530 CC2531 CC2533 CC2530 CC2531 CC2430 CC2431 CC2520 CC2530 CC2531 CC1100 CC1100E CC1101 CC1110 CC1111 CC430 CC2500 CC2510 CC2511 CC2420 CC2430 2431 CC2480 CC2520 CC2530 CC2531 CC2533 CC1100 CC1100E CC1101 CC1150 CC1110 CC1111 CC430 CC2500 CC2550 CC2510 CC2511 When sniffing in the sub 1 GHz frequency bands you need hardware that supports the operating frequencies Also note that CC1110 and CC1111 have limited support for some frequencies supported by CC1100E 4 31 TEXAS SWRU187E INSTRUMENTS 1 2 Hardware Platform The packet sniffer can be used with different HW platforms The following HW can be used CC2400EB CC2420EM CC2430DB SmartRFOAEB CC2430EM CC2530
24. n Configuration of packet broadcast Enable disable the feature select broadcast address and UDP port number select broadcast only Help on the file format used to save data Opens this document in your PDF file viewer Revision history bug fixes new features etc The application is closed by double clicking in the top left corner or single clicking on the X symbol in the top right corner Items marked with a star are saved to Windows registry between each session For the ZigBee and protocol there are options to select the protocol version This can be seen in the toolbar as a drop down lis between each session Cash buffer size c ZigBee 2006 The selected version will be saved The cash buffer is a RAM buffer that is allocated to contain packets that is displayed by the packet sniffer It is used to optimize the access time when the GUI asks for information to display a packet The cash buffer function tries to anticipate which packets that will be requested next and will try to load the buffer with these packets in the background Clock multiplier A clock multiplier which allows you to compensate for clock speed differences on the connected device and the hardware running the network application Synchronizing the clock on the sniffer device with the clock on the network devices Example Ensure that the time stamps are given in microseconds to get accurate number
25. n the left section of the time line to switch between destination and source Packets are selected by clicking and or holding down the left mouse button The time line can be scrolled clicking and holding down the right mouse button drag 22 31 TEXAS SWRU187E NSTRUMENTS 3 Encrypted Payload Decryption of encrypted data is only supported by the Bluetooth low energy packet parser 31 How to use the decryption feature 1 Copy the file Itk txt with the Long term key LTK to the root directory c V The file can be found in the BLE plugin directory Typically C Program Files Texas Instruments VPacket Sniffer General Plugin ble 2 Modify Itk txt with the right Itk The format is MSO LSO E g If the Itk 0x00112233445566778899AABBCCDDEEFF The file will have to be 00112233445566778899AABBCCDDEEFF as its very first line 3 Run the sniffer like normal Encrypted packets will be decrypted and flagged as Encryption Enabled Payload and MIC will be displayed on the GUI 3 2 Limitations Decryption is supported with the following limitations 1 The decryption will fail if one or more packets are sent but failed to be captured by the capturing device The decryption algorithm depends on the timing packet counters one for each side and the direction of the packet There are algorithms in the parser to determine these parameters but they can t capture all the scenarios where one or more packets missing 23 31 TEXA
26. nd applications using Tl components To minimize the risks associated with customer products and applications customers should provide adequate design and operating safeguards TI does not warrant or represent that any license either express or implied is granted under any patent right copyright mask work right or other TI intellectual property right relating to any combination machine or process in which 1 products or services are used Information published by TI regarding third party products or services does not constitute a license from TI to use such products or services or a warranty or endorsement thereof Use of such information may require a license from a third party under the patents or other intellectual property of the third party or a license from under the patents or other intellectual property of TI Reproduction of TI information in data books or data sheets is permissible only if reproduction is without alteration and is accompanied by all associated warranties conditions limitations and notices Reproduction of this information with alteration is an unfair and deceptive business practice is not responsible or liable for such altered documentation Information of third parties may be subject to additional restrictions Resale of TI products or services with statements different from or beyond the parameters stated by for that product or service voids all express and any implied warranties for the a
27. on directory XGenerallFirmware sniffer fw cc2531 hex The firmware can be programmed with the SmartRF Flash Programmer To program the firmware on the CC2531 Dongle it must be connected to SmartRFOSEB or the CC Debugger via the debug connector See user manual for the flash programmer for details on how to use the flash programmer Figure 8 CC2540 USB Dongle The CC2540 USB Dongle must be pre programmed with special firmware in order to work with the packet sniffer After installation of the packet sniffer the hex file to be programmed can be found on the following directory installation directory XGenerallFirmware sniffer fw cc2540 hex The firmware can be programmed with the SmartRF Flash Programmer To program the firmware on the CC2540 Dongle it must be connected to SmartRFOSEB or the CC Debugger via the debug connector See user manual for the flash programmer for details on how to use the flash programmer 8 31 5 SWRU187E NSTRUMENTS 1 3 Data flow On the PC side the packets will be stored in a disk buffer The total amount of packets that can be stored depends on the packet size and the size of the hard disk During operation the packets will be cached in a RAM buffer to improve the access time when a packet is to be displayed in the GUI Figure 9 Dataflow for the packet sniffer SoC below shows the data flow for the packet sniffer Connected Device PC v Abstraction layer SoC Transceiver
28. one of the top fields Nodes can be removed by clicking the Remove button or by pressing the Delete key while a node is selected in the address list Nodes can be moved up down by using the rightmost buttons or the Alt U and Alt D key combinations Depending on the protocol it may be required with manual editing of the fields in the address book to correct for address conflicts Below are examples where manual editing for the IEEE 802 15 4 protocol are given e There has been a PAN ID conflict e device has left the network and another device has been given an already used short address the extended address will be replaced e Association response commands have not been detected Tips Fast editing of node names can be done using the following procedure Select the first auto registered item in the address list Hit Enter to copy the data and move to the node name field Enter the new name Hit Enter to replace the old entry and move back to the address list Move one line down by using the down arrow Go to step 2 Did oo Iur 19 31 5 SWRU187E INSTRUMENTS 2 10 Display filter The Display filter tab allows for filtering on all fields defined in the Field Name window A template is provided to ease the definition of the filter condition The template will show the short name for each field If the field has sub fields the definition of all sub fields will be shown within brackets Some field
29. rect device has been selected a list of preferred register settings will be shown in the Normal view tab After selecting the preferred register settings and optionally changing any of the register values choose File Export CCxxxx code from the menu to start the code export This will open the following window Code export Export Format Select Registers Preview EN Comment Delimiterz FSCTRLI1 OxO00B O0x06 Frequency Synthesizer Contre A Header fu on a0 oh vo lt Registers GPNG G lt lt lt lt G0x AHG IOCFGO FSCTELO FREQZ FREQ MDHCFiU3 HDHCF iZ HpHCrEGU CHANNHE DEVIATN FREND1 Ox0002 0x06 CDO00 Output Pin Configuratic OxO00C O0x00 Frequency Synthesizer Contre OxO00D Frequency Control Word OxO00E Ox62 Frequency Control Word Mid OxO00F Ox 6 Frequency Control Word Low OxO010 O0xFS Modem Configuration OxO011 0x683 Modem Configuration Ox001l2 0x13 Hodem Configuration OxO0013 O0x2z2 Modem Configuration OxO014 OxFS Modem Configuration OxO00048 0x00 Channel Number x nl5 xl5 Modem Deviation Setting nx nzl x5e6 Front End Configuration nx nzz xl Front End Tx Configuration nx nls 0xlsS Main Radio Control State Mac Ox0019 0x16 Frequency Offset Compensatic x Dl amp xec Bit Synchronization Config Con
30. s default Measure a known time interval e g the distance between a few beacons for the IEEE 802 15 4 protocol Divide the desired value by the real value and enter this floating point factor into this field Clock multiplier 12 31 TEXAS SWRU187E INSTRUMENTS 2 4 Packet broadcast From version 2 14 of the General Packet Sniffer it is possible to stream packet data to other applications via a UDP port This feature can be configured from the Settings Packet broadcast menu The feature can be disabled altogether and it is possible to select broadcast P adaress and UDP port The IP address is restricted to the local interface to avoid inadvertently flooding the network with packets Optionally the operator may choose to broadcast data only This is useful when capturing data over time for storage as it avoid the problem of the buffers of the Packet Sniffer GUI application filling up Packet broadcast Broadcast Address 127 Iw Broadcast enable Figure 12 Packet broadcast setup A PERL script is provided as an example of how to use the broadcast data It is located in installation directory scriptsiudp receive pl It received data on port 4000 and displays the packets hexadecimal format Please note that the packet format is the same as the PSD format described in chapter 5 Format of packets saved to file To save a PSD file the application will have to pad the payload so it makes up the total number o
31. s will be dependent of other fields This will also be shown in the template When the required field is selected the template can be moved to the single line Filter condition window by pushing the Fia button or the nd button The First button will remove all existing conditions and set current template as the first condition The And button will add current template to the existing conditions and the conditions will be evaluated with the AND operator When the template has been moved to the single line Filter condition window it must be modified to give the real values of the requested fields The value is indicated with an x in the template If the filter condition of a field with sub fields only requires evaluating the first sub field value the sub field value can be given without brackets Example Figure 19 below shows an example from the IEEE 802 15 4 ZigBee protocols The template of the Frame control field is FCF Type x Sec x Pnd x req x Intra PAN x If it is only required to test on the Type sub field the condition can be simplified the following way FCF BCN Note This is only possible for the first field in the definition of sub fields It is not required to fill in the values of all fields If the filter condition only requires checking some of the sub fields only those fields should be given Example Same as previous example but this time it includes checking the Type and Ack req
32. sh programmer The column EB firmware rev will show the version The Flash Programmer can be download from the Texas Instruments web site Texas Instruments 5martRF Flash Programmer j 1 TEXAS 2 _ INSTRUMENTS EBID Chiptype EB type firmware ID_ EB firmware rew 00 2 CC2430DB 0400 0037 Sustem on Chip application USB EB application serial EB bootloader MSP430 Actions Erase and program Erase program and verify C Append and veri Verify against hex file C Head fash inta hex file Perform actions Figure 24 SmartRF Flash Programmer C When pressing the start button the sniffer stops immediately the start button is not grayed out 28 31 TEXAS SWRU187E NSTRUMENTS Disconnect the USB cable from the SmartRFO4EB or CC2430DB board and plug it back in e Press the Reset button on the board e Disconnect the power cable from all evaluation boards and install the latest version of the packet sniffer e Reboot the computer D The program does not respond e Press the Reset button on the connected Evaluation Board EB E The packets are not decoded correctly e Packets with an FCS failure will probably not be parsed correctly FCS ERR sure that the packet really is correctly formatted compare the fields with the raw data in the packet details tab F Weird packets appear in the packet sniffer when not transmitting an
33. ssociated product or service and is an unfair and deceptive business practice Tl is not responsible or liable for any such statements products are not authorized for use in safety critical applications such as life support where a failure of the product would reasonably be expected to cause severe personal injury or death unless officers of the parties have executed an agreement specifically governing such use Buyers represent that they have all necessary expertise in the safety and regulatory ramifications of their applications and acknowledge and agree that they are solely responsible for all legal regulatory and safety related requirements concerning their products and any use of TI products in such safety critical applications notwithstanding any applications related information or support that may be provided by TI Further Buyers must fully indemnify TI and its representatives against any damages arising out of the use of TI products in such safety critical applications TI products are neither designed nor intended for use in military aerospace applications or environments unless the TI products are specifically designated by as military grade or enhanced plastic Only products designated by as military grade meet military specifications Buyers acknowledge and agree that any such use of TI products which TI has not designated as military grade is solely at the Buyer s risk and that they are solely responsible for
34. t 6 Filter OFF SWRU187E 5 SWRU187E INSTRUMENTS Table of contents 1 MINE ROD G rr 3 1 1 PROTOCOL e odisse a eee MET RCT 4 12 EIAPDWSBETDATEORMN ced s dtd 5 1 3 ee M ec 9 1 4 SCRE ML LU CD UU 9 2 USERAINTERENCTE 2 5 2 2 1 1 9 23 10 2 1 I ERR INDO Wy M NCC p 10 2 2 PACKET SNIFFER WINDOW OF AN ACTIVE SESSION sccsceccsceccececcececcsceccscscescscscscescscesescecescesescesescesescscess 10 2 3 MENO SAND ROOLBARS 15 ante aue Cosas Cu rop HE stc can ta lC tcu 12 2 4 PACKETABROADCAS E Honea Dp Deer sci dnte iL EO 13 2 5 CAPTURING DEVICE See 14 2 6 RADIO CONFIGURATION eal at ee ae LA 15 Zeal SEEECTEIBIEDS 4 Ad Site tutte LT Lee uM eat
35. ting filters in the database the __ Merge button should be used This will open the given file and add the filters to the existing filter database If the given filter name already exist in the filter database the name will be modified with an additional digit at the end of the name To use a filter from the filter database double click on the filter name and the filter condition will appear in the multi line filter condition window at the left side Note When packets are filtered out the delta times shown in the Time fields still show the delta time to the previous packet captured not the previous packet shown 2 11 Time line The time line displays all received packets ordered horizontally by the time of reception and vertically by source or destination address Selecting a packet from the time line will instantly be reflected in the packet list and vice versa thus allowing for efficient navigation in large collections of packets 21 31 Pa Texas SWRU187E NSTRUMENTS Capturing device Radio Configuration Select fields Packet details Address book Display filter Time line SOURCE 144 270 5 lt linregistered broadcast EHE M E PEPE Auta registered 0 ES E EN P TTT Auta registered 1 EE I i E 5 a E NH Auta registered 2 Auto registered 3 E EE Figure 20 Time line panel Double click i
36. trol Templates AGCCTRLI OxO01C Ox40 4CC Control ACCCTRLO 1 Control Own F CAL3 xO 0z3 xES Frecquency Synthesizer Calihi Packet sniffer settings Open qa y C51 SFR definitions Export ta File html Copy to Clipboard FRENDO Footer FOCCFG BSCFG AGCCTRL2 Packet sniffer settings RF settings Soc RF settings struct typedef RF settings Figure 22 SmartRF Studio Code Export Select Packet sniffer settings The register settings with correct formatting can be seen in the Preview tab to the right Select Export to file to save the settings to file 26 31 Texas SWRU187E NSTRUMENTS 7 Help The packet sniffer provides help through so called tool tips By moving the cursor over a field e g a button or a text field and holding it in the same position for about half a second the text will appear in a yellow box slightly below the cursor Capturing device Radio Configuration Select fields Facket details Address book Display filter Time line Field Mame Template Filter management Frame cantral field Pndzx Ack reg x First And Add Filter condition FCF BCN Add a P ie i Remove All Tele ike The complete Filter consist of conditions in horizontal and vertical direction The conditions in horizontal direction will be checked with an SND operator The conditions in t
37. ulate the time in microseconds this value must be divided by a number depending on the clock speed used to drive the counter tics on the target E g CC2430EM 32 10 gt 26 SmartRFO5EB CC2520EM gt 24 The timestamp on the first packet will be used as offset value for all packets That means that packet number 1 will be shown in the packet sniffer with time 0 Length The length will or will not include the FCS field depending on Bit in the Packet information Payload Packet Information Bit 0 0 gt n Length Packet Information Bit 0 1 n Length 2 FCS The checksum of the frame has been replaced by the radio chip in the following way BYTE 1 RSSI and if Correlation used this byte is also used to calculate the LOI value BYTE 2 Bit 7 Indicate CRC OK or not Bit 6 0 If Correlation used Correlation value If Correlation not used LQI See data sheet for the applicable chip for further details Spare The number of spare bytes depends on the total amount of bytes used by the packet sniffer to save the packet The number of bytes depends on the protocol and can bee seen from the description of the packet format under the help menu 25 31 5 SWRU187E NSTRUMENTS 6 Exporting register settings from SmartRF Studio SmartRF Studio and its user manual can be downloaded from the Texas Instruments web site See the SmartRF Studio user manual for more details When the cor
38. ything e CC2430 will try receiving packets down to the RF noise floor Sometimes it will also decode packets which are decoded from noise only These will appear in the packet sniffer To avoid this enable FCS filtering in the toolbar G The packet sniffer stays idle and does not receive any packets after start button has been pressed e Check that correct channel is used in the setup panel e Check the jumper settings see section 1 2 in this document If a SmartRFO4EB board with an CC2430EM module is used make sure that the jumpers are set correct depending on the chip revision Revision A and B register CHVER lt 0x02 horizontal Later revisions vertical H Error message when trying to start the packet sniffer If an error message about missing msvcp80 dll appears or the error message shown below appears when attempting to start the application you may be required to install an additional package from Microsoft The package contains some additional runtime components needed by applications developed with Visual C To resolve this problem download the file vcredist x86 exe from the URL below and install the package http www microsoft com Downloads details aspx FamilyID232bc1bee a3f9 4c13 9c99 220b62a191ee amp displaylang en 29 31 5 SWRU187E NSTRUMENTS 9 General Information 9 1 Document History Revision Date Description Changes 14 03 2011 Description of Packet Broadcast add
Download Pdf Manuals
Related Search