Wireshark-users: [Wireshark-users] Understanding IEEE 802.15.4 Packets [wireshark]
Hello all,
I am running the following setup:
http://www.sics.se/contiki/tutorials/tutorial-running-contiki-with-uipv6-and-sicslowpan-support-on-the-atmel-raven.html
I am trying to understand the following packet:
16 35.577489 02:12:13:ff:fe:14:15:16 Broadcast IEEE 802.15.4 Data,
Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS
Frame 16 (111 bytes on wire, 111 bytes captured)
Ethernet II, Src: MS-NLB-PhysServer-18_13:14:15:16
(02:12:13:14:15:16), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
IEEE 802.15.4 Data, Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS
Data (78 bytes)
Now, as I understand the setup, the RZ Raven USB bridges 802.15.4
packets to the ethernet. Now when I analyze the frame it tells me that
there are three protocols in it (eth:wpan:data).
Comparing the above frame with frame 15:
15 35.561236 fe80::12:13ff:fe14:1516 ff02::1 ICMPv6 Router advertisement
Comparing IPv6 local link and MAC address I see that the frames are
from the RZ Raven USB. The Ethernet II frame is same for the both,
while the IPv6 frame in 15 is replaced by a 802.15.4 frame in 16 (Is
this the result of 6lowpan? and if I get it right 6lowpan takes place
on RZ Raven...) and then there is a frame called data (varying bytes
in each 802.15.4 frame) which could be said to correspond to the
ICMPv6 frame. What is this data?
So, if I get it right the router daemon running on the usb0 interface
sends out daemon advertisements which are then encapsulated into
802.15.4 through 6lowpan on the RZ Raven USB - but how come wireshark
still sees this packets - for they are no longer generated on the host
pc?
Also, what is this date protocol in the 802.15.4 packet?
Please inform me
Rahul Jain