RIOT Wireshark Sniffer - unidentified frame format

Many thanks for answers :slight_smile: Sorry for the attachments, @Oleg - thanks for CloudShark.

I made two tests, first using CC1101 set and second using CC1125 set. Test was very simple CC1101 node and CC1101 sniffer, then CC1125 node and CC1125 sniffer (I wrote the driver basing on CC1101 driver). In both cases results was the same. As a base I use custom board incorporating EFM32WH990F256 processor.

<i><i>Kaspar Schleiser
</i>The cc110x doesn't support 802.15.4 natively, so I wrote the driver to
"pretend" to be 802.15.4 to the upper layers, so we can re-use 6lowpan
and the rest of the network stack.

On L2, this is a hack. Only one byte (as supported by cc110x) is used as
MAC address and any higher level packets are just sent as plain payload.

It's possible to emulate the 802.15.4 frame format, and can probably
done in a way that the code could be re-used with other transceivers as

But as the cc110x cannot be programmed to use 802.15.4's modulation, it
will never be able to communicate with other 802.15.4 transceivers.

Using the same transceivers for sending and sniffing this shouldn’t happen because emitting transceiver does custom encapsulation and receiver makes inverse operation on the given data. Therefore I assumed that in upper layer the frame should be compatible with 802.15.4. From higher layers we got “gnrc_pktsnip_t packet”, then in “gnrc_netdev2_cc110x.c” frame for transceiver is formed (cc110x_pkt_t). In receive function received frame (cc110x_pkt_t) is altered to “gnrc_pktsnip_t”. Sniffer application registers reading thread as GNRC_NETTYPE_UNDEF and waits for “gnrc_pktsnip_t” packets. After packed arrival it is printed through UART - these data we see in Wireshark (data which are stored in “gnrc_pktsnip_t”.

<i>Martine Lenders
Hi Mateusz,
as Kaspar already pointed out: the cc110x device is not a 802.15.4 device,
but has both different physical and link-layer from 802.15.4. However, our
sniffer script assumes the connected device is 802.15.4 device, so the PCAP
data you are receiving in wireshark are marked as 802.15.4 frames, but they
are not. As such the output is broken.

Packets from/to 6LoWpan layers are sent to “_gnrc_netdev2_thread” through “gnrc_netapi.c” functions. “_gnrc_netdev2_thread” runs “gnrc_netdev2_cc110x.c” functions which make aforementioned modification form “gnrc_pktnip_t” to “cc110x_pkt_t” for CC110x. In Wireshark we see “gnrc_pktsnip_t” content so I still do not see the modification related with CC110x usage.

Why the link layer differs from IEEE 802.15.2? Why this wasn’t implemented just on physical layer?