Wireshark · Wireshark-dev: [Wireshark-dev] Support for Miwi dissector

Wireshark-dev: [Wireshark-dev] Support for Miwi dissector

From: Peter Lambrechtsen <peter@xxxxxxxx>

Date: Sat, 6 Feb 2021 06:38:02 +1300

I am trying to decode some Miwi traffic which is pseudo Zigbee traffic using a CC2531 as a sniffer but miwi has a different payload after the initial 802.15.4 header.

If I wanted to add support for Miwi I assume modifying the current zigbee dissector and submitting a PR with the new dissector is the best way to go?

Microchip have documented the miwi protocol in a few PDFs but I suspect much of it is proprietary:

http://ww1.microchip.com/downloads/en/DeviceDoc/MiWi-Software-Design-Guide-User-Guide-DS50002851B.pdf

And

https://ww1.microchip.com/downloads/en/DeviceDoc/00001204C.pdf

http://ww1.microchip.com/downloads/en/Appnotes/00001283B.pdf

The zigbee dissector semi-decodes the frames:

But the payload is:

08 70 00 a6 13 35 00 33 63 03 c5 23 b5 01

The byte is the Frame Control byte with Acknowledgement Request enabled,

Then the second byte is sequence number etc.

So I suspect the best way to decode the traffic is to either build my own dissector or to export the frames and parse them outside wireshark.

Cheer, Peter

Prev by Date: Re: [Wireshark-dev] Pipeline stuck?
Next by Date: [Wireshark-dev] Adding personal repository remote
Previous by thread: Re: [Wireshark-dev] Pipeline stuck?
Next by thread: [Wireshark-dev] Adding personal repository remote
Index(es):
- Date
- Thread