questions about using Wireshark to monitor the Mesh

John Watlington wad at laptop.org
Sun Mar 2 10:52:06 EST 2008


Those RPMs are already patched.   What the patches allow are:
support for mesh link layer messages (RREQ,PREQ, RREPLY, etc.)
and decoding our new non-standard mesh multicast packets.

That version doesn't dig into the telepathy packets.   I have a
patch from collabora that should do that, but haven't applied
and tested it yet.   I'll get it out ASAP (the patch is attached).

IPv6 is turned off on recent school server builds.    It breaks
installations with more than a single school server --- see the
trac ticket for details (sorry no number, I'm offline).  mDNS is
shown fine by the patched version, but should be turned off in
a school server environment.

In order to see all frames (and not just those containing IP packets),
you have to bring up a special interface on the mesh driver (bringing
down the regular one.)

On servers with one wired ethernet interface, type:
ifconfig eth1 down
ifconfig msh0 down

On servers with two wired ethernet interfaces, type:
ifconfig eth2 down
ifconfig msh0 down

Then, on all types of servers, type:
echo 7 > /sys/class/net/eth2/lbs_rtap
ifconfig rtap0 up

Now point wireshark at rtap0 instead of msh0 to see more packets.
The number echoed into lbs_rtap is a bit field indicating which frame
types you want to see.
I believe this is documented at http://wiki.laptop.org/go/Wireless

Cheers,
wad

On Mar 2, 2008, at 8:30 AM, Bryan Berry wrote:

> I have installed Wad's patched version Wireshark on my School  
> Server and
> captured a whole ton of packets on msh0.
>
> I have assumed that the wireshark-0.99.7.mesh.i386.rpm and
> wireshark-gnome-0.99.7.mesh.i386.rpm are already patched and I don't
> have to apply the .patch file. Please correct me if I am wrong.
>
> When I looked at the captured packets in Wireshark the Info column  
> reads
> [Malformed Packet] . I was hoping to see something much more  
> informative
> about the mesh protocols, IPv6, mdns, and other cool stuff I don't  
> quite
> understand.
>
> Is there something wrong w/ my install of Wireshark or does this  
> version
> not yet display the juicy bits?
>
>
>> On Mon, Feb 25, 2008 at 4:37 AM, John Watlington <wad at laptop.org>
> wrote:
>>>
>>> A version of wireshark which is patched to monitor the new mesh
>>> protocol is available at:
>>>
>>> (older, F7 version)
>>> http://dev.laptop.org/~wad/wireshark-0.99.5.mesh.patch
>>> http://dev.laptop.org/~wad/wireshark-0.99.5-1.i386.rpm
>>>
>> http://dev.laptop.org/~wad/wireshark-gnome-0.99.5-1.i386.rpm
>>>
>>> (current, F8 version)
>>> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.patch
>>> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.i386.rpm
>>>
>> http://dev.laptop.org/~wad/wireshark-gnome-0.99.7.mesh.i386.rpm
>>>
>>> I'm still not seeing RREQ traffic, but I haven't played
>>> around with the new version much.
>>>
>>> Enjoy,
>>> wad
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel




More information about the Devel mailing list