Setting up wireshark on a loopback interface
This tutorial describes how to monitor traffic to the minimal-net platform, with Wireshark and a loopback interface, using the webserver as an example.
Using this platform makes for easier debugging since you can add printfs without worrying about fitting everything into flash. Also the turnaround time is just a few seconds.
You don't need to install the loopback on Windows if you pass an address to an active interface at webserver startup, but this will mix webserver packets with all the other traffic on that interface. WinPcap can also be installed independently of Wireshark.
Here is a screen dump of ip4 and ip6 webservers running side by side on the minimal-net platform:
.
1. Install Wireshark. Development versions above 1.3.3 have the dissector for 802.15.4 radio packets. Bleeding-edge http://www.wireshark.org/download versions are recommended for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. If your local network already has 10/8 assignments you need to look at the addresses in /platform/minimal-net/contiki-main.c:
uip_ipaddr(&addr, 255,0,0,0);
printf("Subnet Mask: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setnetmask(&addr);
uip_ipaddr(&addr, 10,1,1,100);
printf("Def. Router: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setdraddr(&addr)
If necessary change to an unused or more restricted subnet, e.g. address=10.10.10.1, mask=255.255.255.0, router=10.10.10.100.
3. Build webserver with the minimal-net platform:
cd ./examples/webserver make TARGET=minimal-net
and run with administrator privileges. If you modified the addresses in step 2, start it in the background by appending & to the command:
sudo ./webserver.minimal-net &
It will output:
ifconfig tap0 inet 10.1.1.100 route add -net 172.16.0.0/16 gw 10.1.1.100 IP Address: 10.1.1.1 Subnet Mask: 255.0.0.0 Def. Router: 10.1.1.100
4. If the tap0 address is wrong or you changed the addresses in step 2 you now have to reconfigure the tap0 address to correspond: [Q]:
sudo ifconfig tap0 inet 10.10.10.100 sudo route add -net 172.16.0.0/16 gw 10.10.10.100
5. Launch Wireshark as root (in Ubuntu it is in "Applications->Internet->Wireshark (as root)" and start it on the tap0 interface. Direct a browser to http://10.1.1.1 and you should see the traffic and the index.html page.
6. To stop the background webserver process type fg 1 (assuming it is job 1) to bring it to the foreground and then control-C out. You can change /cpu/native/net/tapdev.c to the 10.10.10.100 address to avoid having to type it each time you run the webserver application.
7. If additional webservers are run with different ip addresses each will create a different tapn which needs configuring similar to the above.
The steps for ipv4 above apply but the address autoconfigures. Build webserver6 with the minimal-net platform:
cd ./examples/webserver-ipv6 make TARGET=minimal-net
and run with administrator privileges
sudo ./webserver6.minimal-net &
It will create a tap0 with an ipv6 address that you can see with ifconfig. Launch Wireshark as root, capture from this interface, and direct a browser to http://[fe80::0206:98ff:fe00:0232%tap0] This will probably not work, as many browsers don't support the interface designator %tap0, but you may get lucky with curl/wget, and will hopefully be resolved in the future. Additional webserver6 instances can be reached by using %tap1, %tap2, etc. Use brctl to combine them onto a single bridge interface %br0. The startup autoconfigure currently does not seem to handle address conflicts, so at present each needs a unique uip_lladdr in /core/net/uip6.c
Webserver6 configures itself with an aaaa::/64 prefix, but it doesn't tell the tap0 interface about it. Autoconfiguration isn't THAT smart. So if you want to get the page using http://[aaaa::206:98ff:fe00:232] you have to add the prefix to the tap0 interface.
$sudo ip -6 address add aaaa::1/64 dev tap0
That's enough for getting to the interface with a browser. Thankfully, most browsers can use that address without the %tap0 issue. However, you probably want more routing, and so setup radvd.
(add the following)
interface tap0
{
AdvSendAdvert on;
IgnoreIfMissing on; # because tap0 isn't always turned on
AdvLinkMTU 1280;
AdvCurHopLimit 128;
AdvReachableTime 360000;
MinRtrAdvInterval 100;
MaxRtrAdvInterval 150;
AdvDefaultLifetime 200;
prefix aaaa::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvPreferredLifetime 4294967295;
AdvValidLifetime 4294967295;
};
};
(save file, exit)
$sudo /etc/init.d/radvd restart
If you try to restart radvd and get a message like "IPv6 forwarding seems to be disabled.", try
$sudo sysctl -w net.ipv6.conf.all.forwarding=1
See /cpu/native/net/README-WPCAP for a summary.
1. Install Wireshark which includes the needed winpcap driver. Bleeding-edge http://www.wireshark.org/download/automated versions are recommended, for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. Add the XP loopback interface. These directions are from http://support.microsoft.com/kb/839013:
1. Click Start, and then click Control Panel.
2. If you are in Classic view, click Switch to Category View under Control Panel in
the left pane.
3. Double-click Printers and Other Hardware, and then click Next.
4. Under See Also in the left pane, click Add Hardware,and then click Next.
5. Click Yes, I have already connected the hardware, and then click Next.
6. At the bottom of the list, click Add a new hardware device, and then click Next.
7. Click Install the hardware that I manually select from a list, and then click Next.
8. Click Network adapters, and then click Next.
9. In the Manufacturer box, click Microsoft.
10. In the Network Adapter box, click Microsoft Loopback Adapter, and then click Next.
11. Click Finish.
3. Go to My Network Places -> View network connections and "Local Area Connection n" should be listed which mousing over will show is the "Microsoft Loopback Adapter". Right-click Properties, uncheck all protocols except TCP/IP (and TCP/IP version 6 if you have activated ipv6 for XP), select TCP/IP properties and enter a manual IP address and mask for the loopback interface. I suggest 10.10.10.10 and 255.0.0.0 which will direct any ip address starting with 10 to the interface. 10/8 is a good choice because it can not be accidentally routed to the entire internet! If you already have 10/8 addresses in a local intranet then you will need to use a more restricted mask, for example 255.255.255.0 will route only 10.10.10.x to the loopback interface. Click OK and close. You can't add an ipv6 address here because XP doesn't have a GUI for those properties.
4. Open a command shell (cygwin or run->cmd) and type $ipconfig/all. You should see an entry like:
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%4
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Confusingly, the interface number is 4 (obtained from the %4 on the IP address), not 5. You can add an ipv6 address with $netsh interface add address aaaa::1 interface=4 [There] The loopback should now respond to pings to the ip4 and ip6 addresses.
5. Start wireshark on the interface. If winpcap was just installed you will have to reboot for it to see the new interface.
6. Build webserver with the minimal-net platform:
cd /examples/webserver make TARGET=minimal-net
7. Start the program, passing it the address of the loopback adapter. Now you see why 10.10.10.10 is used, it is easy to type.
./webserver-example.minimal-net 10.10.10.10
It will search through the interfaces until the loopback is found, then configure the ip addresses:
wpcap_init: cmdline address: 10.10.10.10 init_pcap: found interface: Adapter for generic dialup and VPN capture init_pcap: found interface: 3Com Gigabit NIC (3C2000 Family) (Microsoft's Packet Scheduler) init_pcap: with address: 192.168.1.2 init_pcap: found interface: MS LoopBack Driver init_pcap: with address: 10.10.10.10 set_ethaddr: found adapter: Microsoft Loopback Adapter set_ethaddr: with address: 10.10.10.10 set_ethaddr: ethernetaddr: 02-00-4C-4F-4F-50 IP Address: 10.1.1.1 Subnet Mask: 255.0.0.0 Def. Router: 10.1.1.100
8. If you used a more restrictive mask in step 3 you will need to change the source in /platform/minimal-net/contiki-main.c and recompile:
uip_ipaddr(&addr, 255,0,0,0);
printf("Subnet Mask: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setnetmask(&addr);
uip_ipaddr(&addr, 10,1,1,100);
printf("Def. Router: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setdraddr(&addr);
The masked address has to be within the loopback subnet, e.g. you could set the address to 10.10.7.42 and the mask to 255.255.0.0. The default router is not used in the webserver application. (Q:Where is it used?)
9. Launch a browser and direct it to your address (default http://10.1.1.1) If all goes well index.html will load and wireshark will show the traffic.
10. Any number of webserver.minimal-net processes can be running as long as they have different ip addresses within the loopback subnet.
Same as Vista/W7 except for the lack of a GUI to set the ip6 prefix. Obtain the interface number, 4 in this example, and from a DOS or cygwin shell type
ipv6 adu 4/aaaa::1 ipv6 rtu aaaa::/64 4 publish
Direct a browser to http://[fe80::0206:98ff:fe00:0232%4] or http://[aaaa::0206:98ff:fe00:0232]
See /cpu/native/net/README-WPCAP for a summary.
Installing the loopback interface is described with pictures here. To summarize:
1. Click Start – Search for cmd, right-click cmd.exe and select “Run as Administrator”
2. From the command prompt, run “hdwwiz.exe“. This should launch the “Add Hardware Wizard“. Click Next.
3. Select “Install the hardware that I manually select from a list (Advanced)” and click Next.
4. Now from the list select Network Adapters and click Next
5. Under Manufacturers, select Microsoft and select “Microsoft Loopback Adapter” under Network Adapter and click Next. This should start the installation. Click Finish when the installation completes.
6. Go to Network and Sharing Center, the loopback should be present with a name like "Local Area Connection 5". Click on it, click on the properties button, uncheck all protocols other than ip4. Hilight this protocol, click properties, and set a manual address of 10.10.10.10 and mask 255.0.0.0.
7. In a command window, ipconfig /all will show the interface properties. Winpcap will not see the new interface until a reboot.
8. Continue as for ip4 XP step 5.
1. Follow the ip4 installation to install the loopback interface.
2. Enable the ip6 protocol on the loopback interface, select its properties in the GUI, and give it a manual address of aaaa::1 and prefix length 64. It should now respond to pings to aaaa::1.
3. Find the interface number with ipconfig /all in a command window. Below it is 21:
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : aaaa::1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1999:2c61:4dea:408a%21(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 453115980
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-93-97-E2-00-1B-38-1B-B1-9A
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
4. Compile and run webserver6, passing it the ip4 address of the interface:
cd /examples/webserver6 make TARGET=minimal-net ./webserver.minimal-net 10.10.10.10
5. Direct a browser to http://[aaaa::206:98ff:fe00:232] or http://[fe80::0206:98ff:fe00:0232%nn] where nn is the interface number. Firefox has an irritating habit of converting %nn to some other character (e.g. %21 becomes !) which will work on embedded links but not on a page reload. Internet explorer converts %21 to %2521 which somehow works with both embedded links and page reloads.
Any number of instances can be running. At present autoconfigure does not seem to resolve address conflicts, so each must be given a different uip_lladdr in /core/net/uip6.c or prefix in /platform/minimal-net/contiki-main.c
6. Adding the aaaa::1/64 address in the GUI will have created aaaa::1/128 and aaaa::/64 routes for local use. This can also be done in an elavated DOS or cygwin window, and you will have to delete the old route first if you want to publish it. Using the example interface #21:
netsh interface ipv6 delete route aaaa::/64 21
netsh interface ipv6 add route aaaa::/64 21 publish=yes