Note: The 'LoWPAN' plugin should be used when analyzing of 6LoWPAN and ZigBeeIP traffic.
When analyzing 6LoWPAN / ZigBee IP, the Perytons™ Protocol Analyzer makes an effort to show the application layer data to the user in the most convenient way.
Sophisticated features related specifically to IP content (like browser-like HTTP presentation, etc.) can save a lot of precious development and debugging time:
Figure 422 – Perytons™ Protocol Analyzer main-screen showing IP over 6LoWPAN network
Figure 423 – Perytons™ Protocol Analyzer – Supported IP protocols
•Defragmentation of 6LoWPAN packets
Each IP packet may spread over multiple 802.15.4 packets and in order to analyze the IP traffic, the fragmented packets must be rearranged.
The following example shows a single IP packet divided into two fragments. The first one (message 23) holds the 6LoPAN header with some payload data, and the second (message 25) holds the remaining IP data. When set to analyze 6LoWPAN protocols, the Perytons™ Protocol Analyzer combines the fragments and associates the full 6LoWPAN payload (IP packet) to last message in the series (in this case message 25):
Figure 424 – 6LoWPAN Fragments
•Handling 6LoWPAN compression
For each IP protocol the 6LoWPAN defines a dedicated compression scheme. Before analyzing the IP layers, the Perytons™ Protocol Analyzer decompresses the IP packets into their original format:
Figure 425 – 6LoWPAN decompression
•Analyzing the IP packets
With the Perytons™ Protocol Analyzer the user can chose the way he prefers to display the IP packets:
Figure 426 – IP/TCP Packets
•Network Topology
Devices are shown in a graphical network topology view including relevant information for each device (e.g. IP address), allowing using sophisticated tools for advanced analysis (show all messages from/to a specific device, show all messages that passed over a specific communication path, etc.):
Figure 427 – Find related IP messages from Network View
•Devices
Alternatively the devices with all relevant information can be explored in a table view and exported to file for further analysis:
Figure 428 – Find related IP messages from Devices View
•Handing TCP segmentation and acknowledgments
Long payload packets are split by the TCP layer to segments (i.e. fragments). 'Sliding window' acknowledgments are used for efficient retransmission:
Figure 429 – TCP acknowledgments in Time View
Note: Due to memory limitations of typical 802.15.4 devices, the segments are limited in length
The Perytons™ Protocol Analyzer performs a 'de-segmentation' process before upper layers analysis of the TCP layer takes place (this process is done per each source and destination address/ports combination)
Right clicking on a message allows to easily finding other messages of the TCP or HTTP session:
Figure 430 – Follow IP/HTTP session
•Handling HTML pages
Displaying an HTML page involves decoding of HTML text, images and links. It may involve compression (e.g. GZIP) and enhanced content such as Java scripts and flash movies.
The Perytons™ Protocol Analyzer extracts the HTML traffic from the TCP (or sometimes UDP) packets. It decompresses pages that are compressed with GZIP or EXI compression methods (both schema or non-schema based). Then it identifies request – replies and build the sub content such as image files, Java files and flash files, into temporary files under the Perytons folder.
Each of these can be seen by clicking on the ‘extended watch’ icon of the relevant message:
Figure 431 – Showing images
When clicking on the message that contains the original HTML page, the Perytons™ Protocol Analyzer manipulates the internal references to fit the temporary image files. The result is a full HTML page:
Figure 432 – Rebuilding the HTML page
Data can be searched within the plain and the uncompressed text.
•Handling XML pages
XML pages are displayed in an ‘XML’ view:
Figure 433 – XML view
This colorful view allows identifying content, seeing problems, and managing the XML hierarchy:
Figure 434 – XML hierarchy
If the XML file has a reference to an XSD file (holding the XML validity Scripts) and the Perytons™ Protocol Analyzer includes this XSD file (or the user places this file under the 'Schemas' folder) then the Perytons™ Protocol Analyzer will check the XML validity against the XSD information and notify the user on potential problems:
Figure 435 – XSD Validation
Note: In case the messages content include non-standard HTML text for non-standard TCP requests-replies, etc., the HTML page in the Perytons™ Protocol Analyzer might not be displayed or might be displayed only partially as HTML.
•Handling other upper layers protocols
The common IP headers and upper layers that are in used by ZigBeeIP are decoded by the Perytons™ Protocol Analyzer. This includes ICMP, DHCP, NR, DNS, Hop-To-Hop, Fragmentation header and Destination options
Figure 436 – Upper IP layers
All analyzed layers gain the Perytons™ Protocol Analyzer intuitive GUI and enhanced toolbox including search tool, message compare, Scripts, statistics charts and more.
In addition to the built in Perytons™ Protocol Analyzer features, the IP data can be exported to other tools for further analysis (see chapter IV.17 for details).
Perytons provides an on-line file converter service that allows converting files captured with other tools (such as WireShark) to the Perytons™ format (http://www.perytons.com/zigbee/support/file-converter) for enhanced yet friendly analysis with the Perytons™ Protocol Analyzer.
•6LoWPAN/ZigBee IP Context …
Table for viewing/updating
PAN dependant Context Identifiers for 6LoWPAN and ZigBee IP networks.
Active
only when choosing analysis based on 6LoWPAN or ZigBeeIP.
Figure 437 – 6LoWPAN/ZigBee IP Context table