Setting up wireshark on a loopback interface
This tutorial describes how to monitor traffic to the minimal-net platform, with Wireshark and a loopback interface, using the webserver as an example.
Using this platform makes for easier debugging since you can add printf()s without worrying about fitting everything into flash. Also, the turnaround time is just a few seconds.
You don't need to install the loopback on Windows if you pass an address to an active interface, at webserver startup; but, that will mix webserver packets with all the other traffic on that interface. Also, WinPcap can be installed independently of Wireshark.
Here is a screen dump of ip4 and ip6 webservers running side-by-side on the minimal-net platform:
.
1. Install Wireshark. Development versions above 1.3.3 have the dissector for 802.15.4 radio packets. Bleeding-edge (https://www.wireshark.org/download) versions are recommended for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. If your local network already has 10/8 assignments, you need to look at the addresses in platform/minimal-net/contiki-main.c:
uip_ipaddr(&addr, 10,1,1,1);
printf("IP Address: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_sethostaddr(&addr);
uip_ipaddr(&addr, 255,0,0,0);
printf("Subnet Mask: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setnetmask(&addr);
uip_ipaddr(&addr, 10,1,1,100);
printf("Def. Router: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setdraddr(&addr);
If necessary, change to an unused or more restricted subnet, e.g. address=10.10.10.1, mask=255.255.255.0, router=10.10.10.100.
3. Build the webserver with the minimal-net platform:
cd examples/webserver make TARGET=minimal-net
And, run it with administrator privileges. If you modified the addresses in step 2, start it in the background by appending & to the command:
sudo ./webserver.minimal-net &
It will output:
ifconfig tap0 inet 10.1.1.100 route add -net 172.16.0.0/16 gw 10.1.1.100 IP Address: 10.1.1.1 Subnet Mask: 255.0.0.0 Def. Router: 10.1.1.100
4. If the tap0 address is wrong, or you changed the addresses in step 2, you now have to reconfigure the tap0 address to correspond
[Q: A route is not needed for the webserver; but, will it break anything to change gw to 10.1.1.100 in cpu/native/net/tapdev.c?]:
sudo ifconfig tap0 inet 10.10.10.100 sudo route add -net 172.16.0.0/16 gw 10.10.10.100
5. Launch Wireshark as root (in Ubuntu, it is in "Applications->Internet->Wireshark (as root)"); and, start it on the tap0 interface. Direct a browser to https://10.1.1.1/; and, you should see the traffic and the index.html page.
6. To stop the background webserver process, type fg 1 (assuming it is job 1) to bring it to the foreground; and then, control-C out. You can change cpu/native/net/tapdev.c to the 10.10.10.100 address to avoid having to type it each time you run the webserver application.
7. If additional webservers are run with different IP addresses, each will create a different tapN which needs configuring similar to the above.
The steps for IPv4 above apply; but, the address autoconfigures. Build webserver6 with the minimal-net platform:
cd examples/webserver-ipv6 make TARGET=minimal-net
And, run it with administrator privileges:
sudo ./webserver6.minimal-net &
It will create a tap0 with an IPv6 address that you can see with ifconfig. Launch Wireshark as root, capture from that interface, and direct a browser to
https://[fe80::0206:98ff:fe00:0232%tap0]. That probably will not work, as many browsers don't support the interface designator %tap0; but, you might get lucky with curl/wget; and, it hopefully will be resolved in the future.
Additional webserver6 instances can be reached by using %tap1, %tap2, etc. Use brctl to combine them onto a single bridge interface %br0. The start-up autoconfigure currently does not seem to handle address conflicts; so at present, each needs a unique uip_lladdr in core/net/uip6.c.
Webserver6 configures itself with an aaaa::/64 prefix; but, it doesn't tell the tap0 interface about it. Autoconfiguration isn't THAT smart. So, if you want to get the page using https://[aaaa::206:98ff:fe00:232], you have to add the prefix to the tap0 interface.
$sudo ip -6 address add aaaa::1/64 dev tap0
That's enough for getting to the interface with a browser. Thankfully, most browsers can use that address without the %tap0 issue. However, you probably want more routing; and so, set up radvd.
$sudo gedit /etc/radvd.conf
Add the following:
interface tap0
{
AdvSendAdvert on;
IgnoreIfMissing on; # because tap0 isn't always turned on
AdvLinkMTU 1280;
AdvCurHopLimit 128;
AdvReachableTime 360000;
MinRtrAdvInterval 100;
MaxRtrAdvInterval 150;
AdvDefaultLifetime 200;
prefix aaaa::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvPreferredLifetime 4294967295;
AdvValidLifetime 4294967295;
};
};
Save the file; and, exit.
$sudo /etc/init.d/radvd restart
If you try to restart radvd, and get a message like "IPv6 forwarding seems to be disabled.", try
$sudo sysctl -w net.ipv6.conf.all.forwarding=1
See https://github.com/contiki-os/contiki/blob/master/cpu/native/net/README-WPCAP.md for a summary.
1. Install Wireshark which includes the needed WinPCap driver. Bleeding-edge (https://www.wireshark.org/download/automated) versions are recommended, for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. Add the XP loopback interface. These directions are from https://support.microsoft.com/kb/839013:
1. Click Start; and then, click Control Panel.
2. If you are in Classic view, click "Switch to Category View" under Control Panel in
the left pane.
3. Double-click "Printers and Other Hardware"; and then, click Next.
4. Under "See Also" in the left pane, click "Add Hardware"; and then, click Next.
5. Click "Yes, I have already connected the hardware"; and then, click Next.
6. At the bottom of the list, click "Add a new hardware device"; and then, click Next.
7. Click "Install the hardware that I manually select from a list"; and then, click Next.
8. Click "Network adapters"; and then, click Next.
9. In the Manufacturer box, click Microsoft.
10. In the "Network Adapter" box, click "Microsoft Loopback Adapter"; and then, click Next.
11. Click Finish.
3. Go to "My Network Places -> View network connections"; and, "Local Area Connection n" should be listed, which mousing over will show is the "Microsoft Loopback Adapter". Right-click Properties; uncheck all protocols except TCP/IP (and TCP/IP version 6 if you have activated IPv6 for XP); select TCP/IP properties; and, enter a manual IP address and mask for the loopback interface. I suggest 10.10.10.10 and 255.0.0.0 which will direct any IP address starting with 10 to the interface. 10/8 is a good choice because it can not be routed accidentally to the entire internet! If you already have 10/8 addresses in a local intranet, then you will need to use a more restricted mask; for example, 255.255.255.0 will route only 10.10.10.x to the loopback interface. Click OK; and, close. You can't add an IPv6 address here because XP doesn't have a GUI for those properties.
4. Open a command shell (Cygwin or run->cmd); and, type ipconfig /all. You should see an entry like:
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.10
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%4
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Confusingly, the interface number is 4 (obtained from the %4 on the IP address), not 5. You can add an IPv6 address with
$netsh interface add address aaaa::1 interface=4
[There appear to be no IPv6 addresses reserved for local use. The IPv6 gurus decided that such addresses could leak to the internet anyway; so, better to allow a diversity of erroneous addresses, to make it easier to track down the offenders. If you forget to add a matching local IPv6 address, your requests will be routed to the internet. You have been warned!] The loopback should now respond to pings to the ip4 and ip6 addresses.
5. Start Wireshark on the interface. If Winpcap was just installed, you will have to reboot for it to see the new interface.
6. Build the webserver with the minimal-net platform:
cd examples/webserver make TARGET=minimal-net
7. Start the program, passing it the address of the loopback adapter. Now you see why 10.10.10.10 is used; it is easy to type.
./webserver-example.minimal-net 10.10.10.10
It will search through the interfaces until the loopback is found; then, configure the IP addresses:
wpcap_init: cmdline address: 10.10.10.10 init_pcap: found interface: Adapter for generic dialup and VPN capture init_pcap: found interface: 3Com Gigabit NIC (3C2000 Family) (Microsoft's Packet Scheduler) init_pcap: with address: 192.168.1.2 init_pcap: found interface: MS LoopBack Driver init_pcap: with address: 10.10.10.10 set_ethaddr: found adapter: Microsoft Loopback Adapter set_ethaddr: with address: 10.10.10.10 set_ethaddr: ethernetaddr: 02-00-4C-4F-4F-50 IP Address: 10.1.1.1 Subnet Mask: 255.0.0.0 Def. Router: 10.1.1.100
8. If you used a more restrictive mask in step 3, you will need to change the source in platform/minimal-net/contiki-main.c; and, recompile:
uip_ipaddr(&addr, 10,1,1,1);
printf("IP Address: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_sethostaddr(&addr);
uip_ipaddr(&addr, 255,0,0,0);
printf("Subnet Mask: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setnetmask(&addr);
uip_ipaddr(&addr, 10,1,1,100);
printf("Def. Router: %d.%d.%d.%d\n", uip_ipaddr_to_quad(&addr));
uip_setdraddr(&addr);
The masked address has to be within the loopback's subnet; e.g., you could set the address to 10.10.7.42 and the mask to 255.255.0.0. The default router is not used in the webserver application. (Q: Where is it used?)
9. Launch a browser; and, direct it to your address (default https://10.1.1.1/). If all goes well, index.html will load; and, Wireshark will show the traffic.
10. Any number of webserver.minimal-net processes can be running, as long as they have different IP addresses within the loopback subnet.
Same as Vista/W7, except for the lack of a GUI to set the ip6 prefix. Obtain the interface number, 4 in this example; and, from a DOS or Cygwin shell, type
ipv6 adu 4/aaaa::1 ipv6 rtu aaaa::/64 4 publish
Direct a browser to https://[fe80::0206:98ff:fe00:0232%4] or https://[aaaa::0206:98ff:fe00:0232].
See https://github.com/contiki-os/contiki/blob/master/cpu/native/net/README-WPCAP.md for a summary.
Installing the loopback interface is described with pictures here. To summarize:
1. Click Start – Search for cmd; right-click cmd.exe; and, select “Run as Administrator”.
2. From the command prompt, run “hdwwiz.exe“. That should launch the “Add Hardware Wizard“. Click Next.
3. Select “Install the hardware that I manually select from a list (Advanced)”; and, click Next.
4. Now, from the list, select "Network Adapters"; and, click Next.
5. Under Manufacturers, select Microsoft; and, select “Microsoft Loopback Adapter” under "Network Adapter"; and, click Next. That should start the installation. Click Finish when the installation completes.
6. Go to "Network and Sharing Center"; the loopback should be present with a name like "Local Area Connection 5". Click on it; click on the properties button; uncheck all protocols other than ip4. Highlight that protocol; click properties; and, set a manual address of 10.10.10.10 and mask 255.0.0.0.
7. In a command window, ipconfig /all will show the interface properties. Winpcap will not see the new interface until a reboot.
8. Continue as for ip4 XP, step 5.
1. Follow the ip4 installation to install the loopback interface.
2. Enable the ip6 protocol on the loopback interface; select its properties in the GUI; and, give it a manual address of aaaa::1 and prefix length 64. It should respond now to pings to aaaa::1.
3. Find the interface number with ipconfig /all in a command window. Below, it is 21:
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : aaaa::1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1999:2c61:4dea:408a%21(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 453115980
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-93-97-E2-00-1B-38-1B-B1-9A
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
4. Compile and run webserver6, passing it the ip4 address of the interface:
cd examples/webserver6 make TARGET=minimal-net ./webserver.minimal-net 10.10.10.10
5. Direct a browser to https://[aaaa::206:98ff:fe00:232] or https://[fe80::0206:98ff:fe00:0232%nn] where nn is the interface number. Firefox has an irritating habit of converting %nn to some other character (e.g., %21 becomes !) which will work on embedded links, but not on a page reload. Internet Explorer converts %21 to %2521 which somehow works with both embedded links and page reloads.
Any number of instances can be running. At present, autoconfigure does not seem to resolve address conflicts; so, each one must be given a different uip_lladdr in core/net/uip6.c or prefix in platform/minimal-net/contiki-main.c.
6. Adding the aaaa::1/64 address in the GUI will have created aaaa::1/128 and aaaa::/64 routes for local use. That also can be done in an elavated DOS or Cygwin window; and, you will have to delete the old route first if you want to publish it. Using the example interface #21:
netsh interface ipv6 delete route aaaa::/64 21 netsh interface ipv6 add route aaaa::/64 21 publish=yes