homewsn / whsniff Goto Github PK

Hello,

I followed the build guide for linux (I am using Ubuntu).

When I try to start the sniff with "sudo wireshark -k -i <( /usr/local/bin/whsniff -c 11 )" an error shows up:
The capture session could not be initiated on interface '/dev/fd/63' (No such device exists). Please check that you have the proper interface or pipe specified.

In the /dev/fd folder isnt a file or folder named 63.
I connected the CC2531 Dongle before I start wireshark with the command above. Also I reinstalled/-builded this while the dongle was connected.

I really hope you can help me.
Thanks in advance.

Hi,
Great project.
I do capturing for hours to catch an issue with your tool
When I read the pcap in wireshark the timestamp are going back and forth and seems not correct as it shows 4 hours of recording after 24h of actual recordings.


I can send you a sample privately if it helps
Thx

I have followed the instructions to install Whsniff in a raspberry pi, and after connecting the CC2531 with sniffer firmware to one of the usb ports of the raspberry pi I get the error ERROR: No working device found. when I execute the command sudo whsniff -c 11

The firmware I flashed into the CC2531 is zboss_sniffer.hex and I am assuming this firmware is correct as I am able to sniff on a windows machine using the same CC2531.

Been struggling with segfaults on line 160: https://github.com/homewsn/whsniff/blob/master/src/whsniff.c#L160

fwrite(&buf[sizeof(usb_data_header_type)], 1, usb_data_header->wpan_len - 2, stdout);

Occasionally a packet will be received where usb_data_header->wpan_len is equal to 1. This results in attempting to write -1 in length to fwrite. Have had this issue on multiple linux distros with multiple dongles. Took awhile to find this because oddly enough when I GDB debug + attach, this never happens so I had to figure it out from a core dump.

Presumably you have the -2 because there are suppose to be 2 bytes appended? Kinda tricky to debug this since TI doesn't provide the sniffer firmware? Also if its just a continuous data stream, how does one recover from this? There aren't really any sync bytes?

Hi,
I have the following issue. I installed whsniff tool on linux, but every time i try to execute the command "sudo whsniff -c ZIGBEE_CHANNEL_NUMBER | wireshark -k -i -" i get an error in wireshark.

OS: ubuntu 19.10
Zigbee Stick/Sniffer --> CC2531

I hope your able to help me :), Thank you

Houston, we have a problem )

Unable to make make on MacOs 10.14.6 (18G1012)

When I just try to make, I receive error

Book:whsniff-1.1 istitch07$ make
mkdir -p obj
cc  -c src/whsniff.c -o obj/whsniff.o -I.
src/whsniff.c:19:10: fatal error: 'endian.h' file not found
#include <endian.h>                     /* htole16, htole32, le32toh */
         ^~~~~~~~~~
1 error generated.
make: *** [obj/whsniff.o] Error 1

When I change include path to #include <machine/endian.h>, I receive other error

Book:whsniff-1.1 istitch07$ make
cc  -c src/whsniff.c -o obj/whsniff.o -I.
src/whsniff.c:103:12: warning: implicit declaration of function 'le16toh' is invalid in C99 [-Wimplicit-function-declaration]
        usb_len = le16toh(usb_header->le_usb_len);
                  ^
src/whsniff.c:124:36: warning: implicit declaration of function 'le32toh' is invalid in C99 [-Wimplicit-function-declaration]
                timestamp_us = (timestamp_tick + le32toh(usb_data_header->le_timestamp)) / 32;
                                                 ^
src/whsniff.c:149:12: warning: implicit declaration of function 'htole16' is invalid in C99 [-Wimplicit-function-declaration]
                le_fcs = htole16(fcs);
                         ^
src/whsniff.c:235:2: warning: 'libusb_set_debug' is deprecated [-Wdeprecated-declarations]
        libusb_set_debug(NULL, 3);
        ^
/usr/local/include/libusb-1.0/libusb.h:1324:1: note: 'libusb_set_debug' has been explicitly marked deprecated here
LIBUSB_DEPRECATED_FOR(libusb_set_option)
^
/usr/local/include/libusb-1.0/libusb.h:89:49: note: expanded from macro 'LIBUSB_DEPRECATED_FOR'
#define LIBUSB_DEPRECATED_FOR(f) __attribute__((deprecated))
                                                ^
4 warnings generated.
cc  -o whsniff obj/whsniff.o  -lusb-1.0 -lrt
ld: library not found for -lrt
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [whsniff] Error 1

libusb installed:
libusb 1.0.23 is already installed and up-to-date

Can you help?

Attempting to use whsniff, it is stuck in the for loop looking for libusb_control_handle to return data. To preface, the hard-coded idProduct had to be changed to 0x16a8 for the CC2531 device. That enables it to find the hardware in the usb list.
However, I put in some debugging statements and the "get identity check" above returns a "-9" which is an error but the code doesn't error-check that result and continues down. Any way I can fix this?

Hello.
Is CC2530 supported or just CC2531 ?
I have no CC2531 so I tried to flash my CC2530 with sniffer_fw_cc2530.hex firmware extracted from "SmartRF_Packet_Sniffer_2.18.0" using a SmartRF04EB...

$ sudo ./cc-tool -e -w sniffer_fw_cc2530.hex 
  Programmer: SmartRF04EB
  Target: CC2530
  Erasing flash...
  Completed       
  Writing flash (2 KB)...
  Completed (0.16 s.)

But when I start whsniff it says me no device found...

$whsniff -c 25
ERROR: No working device found.

Feature Request: Save host machine's epoch time upon first packet capture and use this as an offset for future timestamps.

I noticed in wireshark my packets were dated in the 1970s. After looking through the code it looks like the packet timestamps are a pure counter upon start of capture. This makes merging data from multiple sources tricky if you don't have absolute timestamps. Granted, I know the timestamp's accuracy would be limited to the host machine but i'd certainly be a nice starting point. Perhaps an optional command line argument?

I'm still figuring out the switch from Intel macOS to arm64, but I can't figure out how to install this package. Homebrew installs now in /opt/homebrew and I've verified that libusb is installed. Whenever I run make it says ld: library not found for -lusb-1.0. I've tried changing the LIBPATH and INCLPATH but neither seem to work. Does anyone else know what I need to get this to work? Thanks for your time and help.

Hello,

Thank you for this tool!

I purchased a SonOff CC2531, lsusb lists it as 0x16a8, but your code is apparently expecting 0x16ae. At line 257, there is:

if(t_desc.idVendor == 0x0451 && t_desc.idProduct == 0x16ae)

I tried my luck by changing it to:

if(t_desc.idVendor == 0x0451 && (t_desc.idProduct == 0x16ae || t_desc.idProduct == 0x16a8))

This compiles and runs, but I am not catching any packets.

I guess I will have to find a 0x16ae adapter tu use whsniff. The problem is you only know what you get after the purchase.

Is there anything that could be done to let whsniff support the 0x16a8 adapter?

Thank you!