From be579171d13c134a412e819ea7ea7806c93f56a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cenk=20G=C3=BCndo=C4=9Fan?= Date: Thu, 17 Sep 2015 12:18:42 +0200 Subject: [PATCH 1/2] sniffer/sniffer.py: enable sniffing for sockets --- dist/tools/sniffer/sniffer.py | 54 ++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 13 deletions(-) diff --git a/dist/tools/sniffer/sniffer.py b/dist/tools/sniffer/sniffer.py index e7bc842c5..612be817e 100755 --- a/dist/tools/sniffer/sniffer.py +++ b/dist/tools/sniffer/sniffer.py @@ -1,9 +1,11 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- ''' (C) 2012, Mariano Alvira (C) 2014, Oliver Hahm (C) 2015, Hauke Petersen (C) 2015, Martine Lenders +(C) 2015, Cenk Gündoğan Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -33,6 +35,7 @@ SUCH DAMAGE. from __future__ import print_function import sys import re +import socket from time import sleep, time from struct import pack from serial import Serial @@ -103,29 +106,53 @@ def generate_pcap(port, out): out.flush() +def connect(argv): + connType = argv[1] + + conn = None + if connType == "serial": + # open serial port + try: + conn = Serial(argv[2], argv[3], dsrdtr=0, rtscts=0, + timeout=1) + except IOError: + print("error opening serial port", file=sys.stderr) + sys.exit(2) + elif connType == "socket": + host = argv[2] + port = int(argv[3]) + + try: + sock = socket.socket() + sock.connect((host, port)) + conn = sock.makefile("r+b", bufsize=0) + except IOError: + print("error connecting to %s:%s" % (host, port), file=sys.stderr) + sys.exit(2) + else: + print("error: unsupported connection type. Use \"serial\" or \"socket\"") + sys.exit(2) + + return conn + def main(argv): - if len(argv) < 4: - print("Usage: %s tty baudrate channel [outfile]" % (argv[0]), + if len(argv) < 5: + print("Usage: %s serial tty baudrate channel [outfile]\n" + " %s socket host port channel [outfile]" % (argv[0], argv[0]), file=sys.stderr) print(" channel = 11-26", file=sys.stderr) sys.exit(2) - # open serial port - try: - serport = Serial(argv[1], argv[2], dsrdtr=0, rtscts=0, - timeout=1) - except IOError: - print("error opening port", file=sys.stderr) - sys.exit(2) + conn = connect(argv) sleep(1) - configure_interface(serport, int(argv[3])) + configure_interface(conn, int(argv[4])) sleep(1) # figure out where to write try: - sys.stderr.write('trying to open file %s\n' % argv[4]) - outfile = open(argv[4], 'w+b') + sys.stderr.write('trying to open file %s\n' % argv[5]) + outfile = open(argv[5], 'w+b') except IndexError: if sys.version_info > (3,): outfile = sys.stdout.buffer @@ -133,8 +160,9 @@ def main(argv): outfile = sys.stdout try: - generate_pcap(serport, outfile) + generate_pcap(conn, outfile) except KeyboardInterrupt: + conn.close() print() sys.exit(2) From 46d7571710ffc1a4c60fa3dc81370df87e7417e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cenk=20G=C3=BCndo=C4=9Fan?= Date: Thu, 17 Sep 2015 12:45:58 +0200 Subject: [PATCH 2/2] sniffer/README: describe usage of the socket connection type --- dist/tools/sniffer/README.md | 48 ++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/dist/tools/sniffer/README.md b/dist/tools/sniffer/README.md index cc99e25bc..87d3b9b0e 100644 --- a/dist/tools/sniffer/README.md +++ b/dist/tools/sniffer/README.md @@ -9,7 +9,7 @@ well be used for wired network traffic, as long as the used network devices support promiscuous mode and output of raw data. The sniffer is based on a RIOT node running the [sniffer application](https://github.com/RIOT-OS/applications/tree/master/sniffer) application located in [RIOTs application repository](https://github.com/RIOT-OS/applications). -This node outputs received network traffic via a serial port in the Wireshark +This node outputs received network traffic via a serial port or a network socket in the Wireshark pcap format. This output is then parsed by the `sniffer.py` script included in this folder run on a host computer. @@ -38,19 +38,30 @@ General usage: (https://github.com/RIOT-OS/applications/tree/master/sniffer) 2. Run the `sniffer.py` script +For serial port: ``` -$ ./sniffer.py [outfile] +$ ./sniffer.py serial [outfile] +``` +For network socket: +``` +$ ./sniffer.py socket [outfile] ``` The script has the following parameters: +- **connType:** The type of connection to use. Either `serial` for serial ports or + `socket` for network sockets. +- **host:** The host if the `socket` connection type is in use. +- **port:** The port of the host if the `socket` connection type is in use. - **tty:** The serial port the RIOT board is connected to. Under Linux, this is typically something like /dev/ttyUSB0 or /dev/ttyACM0. Under Windows, - this is typically something like COM0 or COM1 + this is typically something like COM0 or COM1. This option is used + for the `serial` connection type. - **baudrate:** The baudrate the serial port is configured to. The default in RIOT is 115200, though this is defined per board and some boards have some other value defined per default. NOTE: when sniffing networks where the on-air bitrate is > baudrate, it makes sense to increase the baudrate so no data is skipped when sniffing. + This option is used for the `serial` connection type. - **channel:** The radio channel to use when sniffing. Possible values vary and depend on the link-layer that is sniffed. This parameter is ignored when sniffing wired networks. @@ -62,28 +73,45 @@ The script has the following parameters: ### Examples The following examples are made when using the sniffer application together with -an `iotlab-m3` node that is connected to /dev/ttyUSB1 (or COM1) and runs per -default with a baudrate of 500000. +an `iotlab-m3` node that is connected to /dev/ttyUSB1 (or COM1) (`serial` connection type) +and runs per default with a baudrate of 500000. For the `socket` connection type port 20000 +is used. -#### Linux +#### Linux (serial) Dump packets to a file: ``` -$ ./sniffer.py /dev/ttyUSB1 500000 17 > foo.pcap +$ ./sniffer.py serial /dev/ttyUSB1 500000 17 > foo.pcap ``` This .pcap can then be opened in wireshark. Alternatively for live captures, you can pipe directly into wireshark with: ``` -$ ./sniffer.py /dev/ttyUSB1 500000 17 | wireshark -k -i - +$ ./sniffer.py serial /dev/ttyUSB1 500000 17 | wireshark -k -i - ``` -#### Windows +#### Windows (serial) For windows you can use the optional third argument to output to a .pcap: ``` -$ ./sniffer.py COM1 500000 17 foo.pcap +$ ./sniffer.py serial COM1 500000 17 foo.pcap +``` + +#### IoT-Lab Testbed (socket) + +Start an experiment either via the website provided by the IoT-Lab testbed or +by using the RIOT specific iotlab Makefile with 3 neighboring `iotlab-m3` nodes, +where one of them runs the sniffer application and the others run the `gnrc_networking` application. + +Now you can bind the sniffer node to localhost: +ssh -L 20000:_node-id_:20000 _user_@_site_.iot-lab.info + +Then you can dump or observe the traffic generated by the other nodes running the `gnrc_networking` +application via one of the following commands: +``` +$ ./sniffer.py socket localhost 20000 26 > foo.pcap +$ ./sniffer.py socket localhost 20000 26 | wireshark -k -i - ```