229 lines
8.0 KiB
ReStructuredText
229 lines
8.0 KiB
ReStructuredText
.. _net-capture-sample:
|
|
|
|
Network Packet Capture
|
|
######################
|
|
|
|
Overview
|
|
********
|
|
|
|
This application will setup the device so that net-shell can be used
|
|
to enable network packet capture. The captured packets are sent to
|
|
remote host via IPIP tunnel. The tunnel can be configured to be in the
|
|
same connection as what we are capturing packets or it can be a separate
|
|
bearer. For example if you are capturing network traffic for interface 1,
|
|
then the remote host where the captured packets are sent can also be reached
|
|
via interface 1 or via some other network interface if the device has
|
|
multiple network interfaces connected.
|
|
|
|
Requirements
|
|
************
|
|
|
|
- :ref:`networking_with_host`
|
|
|
|
Building and Running
|
|
********************
|
|
|
|
Build the sample application like this:
|
|
|
|
.. zephyr-app-commands::
|
|
:zephyr-app: samples/net/capture
|
|
:board: <board to use>
|
|
:conf: <config file to use>
|
|
:goals: build
|
|
:compact:
|
|
|
|
|
|
Network Configuration
|
|
*********************
|
|
|
|
The ``net-tools`` project contains ``net-setup.sh`` script that can be used to setup
|
|
the tunneling.
|
|
|
|
In terminal #1, type:
|
|
|
|
.. code-block:: console
|
|
|
|
./net-setup.sh -c zeth-tunnel.conf
|
|
|
|
The script will create following network interfaces:
|
|
|
|
.. code-block:: console
|
|
|
|
zeth: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
|
|
inet 192.0.2.2 netmask 255.255.255.255 broadcast 0.0.0.0
|
|
inet6 2001:db8::2 prefixlen 128 scopeid 0x0<global>
|
|
ether 00:00:5e:00:53:ff txqueuelen 1000 (Ethernet)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 0 bytes 0 (0.0 B)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
zeth-ip6ip: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
|
|
inet6 2001:db8:200::2 prefixlen 64 scopeid 0x0<global>
|
|
inet6 fe80::c000:202 prefixlen 64 scopeid 0x20<link>
|
|
sit txqueuelen 1000 (IPv6-in-IPv4)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 0 bytes 0 (0.0 B)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
zeth-ip6ip6: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1452
|
|
inet6 fe80::486c:eeff:fead:5d11 prefixlen 64 scopeid 0x20<link>
|
|
inet6 2001:db8:100::2 prefixlen 64 scopeid 0x0<global>
|
|
unspec 20-01-0D-B8-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 0 bytes 0 (0.0 B)
|
|
TX errors 8 dropped 8 overruns 0 carrier 8 collisions 0
|
|
|
|
zeth-ipip: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
|
|
inet 198.51.100.2 netmask 255.255.255.0 destination 198.51.100.2
|
|
inet6 fe80::5efe:c000:202 prefixlen 64 scopeid 0x20<link>
|
|
tunnel txqueuelen 1000 (IPIP Tunnel)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 0 bytes 0 (0.0 B)
|
|
TX errors 7 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
zeth-ipip6: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1452
|
|
inet 203.0.113.2 netmask 255.255.255.0 destination 203.0.113.2
|
|
inet6 fe80::387b:a6ff:fe56:6cac prefixlen 64 scopeid 0x20<link>
|
|
unspec 20-01-0D-B8-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 0 bytes 0 (0.0 B)
|
|
TX errors 7 dropped 7 overruns 0 carrier 0 collisions 0
|
|
|
|
The ``zeth`` is the outer tunnel interface, all the packets go via it.
|
|
The other interfaces receive packets depending on the configuration you have
|
|
in the Zephyr side.
|
|
|
|
Network Capture Configuration
|
|
=============================
|
|
|
|
In Zephyr console, type:
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net iface
|
|
|
|
Interface 0x807df74 (Virtual) [1]
|
|
=================================
|
|
Interface is down.
|
|
|
|
Interface 0x807e040 (Ethernet) [2]
|
|
==================================
|
|
Link addr : 02:00:5E:00:53:3B
|
|
MTU : 1452
|
|
Flags : AUTO_START,IPv4,IPv6
|
|
Ethernet capabilities supported:
|
|
IPv6 unicast addresses (max 4):
|
|
fe80::5eff:fe00:533b autoconf preferred infinite
|
|
2001:db8::1 manual preferred infinite
|
|
IPv6 multicast addresses (max 4):
|
|
ff02::1
|
|
ff02::1:ff00:533b
|
|
ff02::1:ff00:1
|
|
IPv6 prefixes (max 2):
|
|
<none>
|
|
IPv6 hop limit : 64
|
|
IPv6 base reachable time : 30000
|
|
IPv6 reachable time : 43300
|
|
IPv6 retransmit timer : 0
|
|
IPv4 unicast addresses (max 2):
|
|
192.0.2.1 manual preferred infinite
|
|
IPv4 multicast addresses (max 1):
|
|
<none>
|
|
IPv4 gateway : 0.0.0.0
|
|
IPv4 netmask : 255.255.255.0
|
|
|
|
Next the monitoring is setup so that captured packets are sent as a payload
|
|
in IPv6/UDP packets.
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net capture setup 192.0.2.2 2001:db8:200::1 2001:db8:200::2
|
|
Capture setup done, next enable it by "net capture enable <idx>"
|
|
|
|
The ``net capture`` command will show current configuration. As we have not
|
|
yet enabled capturing, the interface is not yet set.
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net capture
|
|
Network packet capture disabled
|
|
Capture Tunnel
|
|
Device iface iface Local Peer
|
|
NET_CAPTURE0 - 1 [2001:db8:200::1]:4242 [2001:db8:200::2]:4242
|
|
|
|
Next enable network packet capturing for interface 2.
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net capture enable 2
|
|
|
|
The tunneling interface will be UP and the captured packets will be sent to
|
|
peer host.
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net iface 1
|
|
|
|
Interface 0x807df74 (Virtual) [1]
|
|
=================================
|
|
Name : IPv4 tunnel
|
|
Attached : 2 (Ethernet / 0x807e040)
|
|
Link addr : 8E:F9:94:6D:B9:E6
|
|
MTU : 1452
|
|
Flags : POINTOPOINT,NO_AUTO_START,IPv6
|
|
IPv6 unicast addresses (max 4):
|
|
fe80::aee6:fbff:fe50:28c0 autoconf preferred infinite
|
|
2001:db8:200::1 manual preferred infinite
|
|
IPv6 multicast addresses (max 4):
|
|
<none>
|
|
IPv6 prefixes (max 2):
|
|
<none>
|
|
IPv6 hop limit : 64
|
|
IPv6 base reachable time : 30000
|
|
IPv6 reachable time : 22624
|
|
IPv6 retransmit timer : 0
|
|
IPv4 not enabled for this interface.
|
|
|
|
If you now do this:
|
|
|
|
.. code-block:: console
|
|
|
|
uart:~$ net ping -c 1 192.0.2.2
|
|
|
|
You should see a ICMPv4 message sent to ``192.0.2.2`` and also the captured
|
|
packet will be sent to ``192.0.2.2`` in tunnel to ``2001:db8:200::2``
|
|
address. The UDP port is by default ``4242`` but that can be changed when
|
|
setting the tunnel endpoint address.
|
|
|
|
The actual captured network packets received at the end of the tunnel will look
|
|
like this:
|
|
|
|
.. code-block:: console
|
|
|
|
No. Time Source Destination Protocol Length Info
|
|
34 106.078538049 192.0.2.1 192.0.2.2 ICMP 94 Echo (ping) request id=0xdc36, seq=0/0, ttl=64 (reply in 35)
|
|
|
|
Frame 34: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface zeth-ip6ip, id 0
|
|
Raw packet data
|
|
Internet Protocol Version 6, Src: 2001:db8:200::1, Dst: 2001:db8:200::2
|
|
User Datagram Protocol, Src Port: 4242, Dst Port: 4242
|
|
Ethernet II, Src: 02:00:5e:00:53:3b (02:00:5e:00:53:3b), Dst: ICANNIAN_00:53:ff (00:00:5e:00:53:ff)
|
|
Internet Protocol Version 4, Src: 192.0.2.1, Dst: 192.0.2.2
|
|
Internet Control Message Protocol
|
|
|
|
No. Time Source Destination Protocol Length Info
|
|
35 106.098850599 192.0.2.2 192.0.2.1 ICMP 94 Echo (ping) reply id=0xdc36, seq=0/0, ttl=64 (request in 34)
|
|
|
|
Frame 35: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) on interface zeth-ip6ip, id 0
|
|
Raw packet data
|
|
Internet Protocol Version 6, Src: 2001:db8:200::1, Dst: 2001:db8:200::2
|
|
User Datagram Protocol, Src Port: 4242, Dst Port: 4242
|
|
Ethernet II, Src: ICANNIAN_00:53:ff (00:00:5e:00:53:ff), Dst: 02:00:5e:00:53:3b (02:00:5e:00:53:3b)
|
|
Internet Protocol Version 4, Src: 192.0.2.2, Dst: 192.0.2.1
|
|
Internet Control Message Protocol
|