cetic / foren6 Goto Github PK

/platform information**_/
ubuntu 14.04 LTS
tshark 1.10.6
foren6 1.0
sniffer Telosb
/_**************************/

Here is main problem:
foren6 seems can't use tshark to analysis the packets form sniffer
(sniffer's packets can be seen by ubuntu's serial-tool minicom)

Here is the description of problem:
I followed the example on ARNG's example and used a pair of Telosb to send,receive packets,one Telosb as sniffer.
I can see the sniffer's packets sent out to PC by USB through a ubuntu serial-tool 'minicom', however ,foren6 can't show any packet in UI (as the following picture).
I got some error messages in Terminal.

Here is the true error message printed by Terminal ( and there is a screenshot ):
/***************************************************/
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

(process:5327): GLib-CRITICAL **: g_hash_table_lookup_extended: assertion 'hash_table != NULL' failed

(process:5327): GLib-CRITICAL : g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
/*************************************************/

I really appreciate everyone's help . thanks !

Reported on foren6-dev by Robert Gratwick. Will be looking into this...

Thanks Laurent & Sébastien,

Using a fifo makes sense.
However I think something is still not quite right, this what I needed
to do get things partial running.

1. ~/libmc1322x-new/tools$ mkfifo econotag.pcap
2. Open Foren6 and select that fifo as input source (with interface
   pcap). Foren6 will freeze at that point as it waits for the pcap header.
3. Launch rftestrx2pcap.py with ~/libmc1322x-new/tools$
   ./rftestrx2pcap.py /dev/ttyUSB1 26 econag.pcap
   Sometimes I needed to then kill it again (^C) before control comes
   back to foren6 gui and I can close the Manage sniffer dialog.
   If I restart rftestrx2pcap.py then start capture I might get not more
   than 5 packets and a bubble diagram, whilst an incrementing number of
   packets can be seen on the output of rftestrx2pcap.py. Sometimes I
   don't get any packets in foren6.

If I restart foren6 with rftestrx2pcap.py running, I need to kiil
rftest.. before the gui comes up.

If I restart foren6 without rftest.. running, I need to start and kill
rftest.. before the gui comes up.

In both cases above, I sometimes get packets in foren6, but only <5
I hope this is useful.
Cheers
Robert

I have two sources that refuse to leave my 'manage sources' directory. This is after running locate foren6 | xargs sudo rm -rf.
The configuration of "toggle node movement" which was off by default is still on as well.

Is this info stored in a config somewhere that doesn't have the name foren6 tied to it? Where is it and can I remove it?

Strangely, it is only these two sources, I can add and remove others without issue.

This is a platform-specific issue, tested on Mint 18 and Ubuntu 16. Workaround is to change the include directory in capture/interface_cc2531.c to the libusb install directory (found using locate libusb.h).

Error comes up in make run, with libusb.h: No such file or directory

After running 'make run' I get this error:

foren6/capture/interface_cc2531.c:34:20: fatal error: libusb.h: File not found

I fixed it installing this package:

$ sudo apt-get install libusb-1.0-0-dev

Hope this helps!

Hello,

thanks a lot for developing this awesome piece of software! I wanted to try it out but it turned out to be a bit hard to find the firmware for sniffer device. The documentation is not longer up to date I believe and I wanted to ask, is there a tutorial/guide on how to prepare sniffer device, ideally based on CC2531 or CC2650 devices.

Best regards,
Piotr

hi
i got this answer:
<You can go in Preferences, tshark and select the other Tshark API. If that does not work please send <us the output of tshark --help.

But i am a new user of ubuntu and i can't find the preference of Tshark !!
I need a step by step explananion :(
Thank's for any help

The existing documentation lacks explanations on how to hook-up some hardware sniffers to Foren6 via FIFOs.

The Contiki sniffer application we provide doesn't cover all platforms. For Econotag, for example, we use libmc1322x's rftestrx2pcap.py to write to a FIFO, which is read by Foren6.

Changes needed:

• Categorize the instructions by platform (more user-friendly)
• Add specific instructions for Econotag (rftestex2pcap --> FIFO --> Foren6)
• Add specific instructions for rzusbstick (dumpcap --> FIFO --> Foren6)

Reported by Daniel Moreira

When a PCAP is loaded, the timeline keeps on ticking and it becomes very squashed after a while unless we force the stop.

This was already a known issue at the release, setting to 1.1.

I built the examples/ipv6/rpl-udp example with the TI CC2538 and was able to see the nodes/connections, and events on the UI. Same results when running with Sky nodes. However, I was unable to see anything in the packet dissector window of the UI. I verified that I am in the wireshark group. I also tried setting the "Old Tshark" field in the UI's preferences, but that didn't work either. I also tried running the UI with sudo foren6 but got a warning from TShark about running as root. Still no packets were displayed.

Are there any other steps that I need to try?

Thanks in advance for any suggestions.

Suggested by Daniel Moreira:

• More detailed statistics?
  • Total packets
  • data packets
  • control messages (just sum the ones you have already).
• If ACKs enabled we could have PRR, retransmissions?

Hello,

When I am trying to open foren6 in Ubuntu 20.04, it shows me the following error:

vishal@lenovo-z51-70:~$ foren6
foren6: error while loading shared libraries: libQtGui.so.4: cannot open shared object file: No such file or directory

Day before yesterday, it is perfectly working.

When I tried to install a particular framework. It said the following things

vishal@lenovo-z51-70:~$ sudo apt-get install libqtgui4:amd64
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libqtgui4 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'libqtgui4' has no installation candidate

Need a solution.

While loading a PCAP file it crashes.
To reproduce the problem I have just to follow the Example 1 and when I start the capture the program crashes. The problem is that tshark is using a deprecated option (or so it says the log) and it just exits, creating an error on Foren6 and causing a crash.

It happens using Foren6 from Git or *.deb package on Ubuntu 12.04 LTS (I'm using Instant Contiki), "tshark -v" shows: "TShark 1.11.3 (SVN Rev 53420 from /trunk)"; and the console output of Foren6 after causing the crash is in the end of the issue (LOG1).

By using #DEFINE USE_NEW_TSHARK in the sniffer_packet_parser.c file, it does solve the problem but I get another one instead, marked as LOG2 in the end of the issue.

LOG1

Loading /usr/lib/foren6/interfaces/libinterface_pcap.so
Registered interface pcap from file /usr/lib/foren6/interfaces/libinterface_pcap.so
pcap interface initialized
Loading /usr/lib/foren6/interfaces/libinterface_sensnif.so
Registered interface sensnif from file /usr/lib/foren6/interfaces/libinterface_sensnif.so
snif interface initialized
Loading /usr/lib/foren6/interfaces/libinterface_snif.so
Registered interface snif from file /usr/lib/foren6/interfaces/libinterface_snif.so
snif interface initialized
PktSync: New iface: /usr/share/doc/foren6/pcaps/example1-rpl-collect.pcap, nb root = 1
PCAP reader started
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
tshark exited
Could not start tshark

LOG2

Loading /usr/lib/foren6/interfaces/libinterface_pcap.so
Registered interface pcap from file /usr/lib/foren6/interfaces/libinterface_pcap.so
pcap interface initialized
Loading /usr/lib/foren6/interfaces/libinterface_sensnif.so
Registered interface sensnif from file /usr/lib/foren6/interfaces/libinterface_sensnif.so
snif interface initialized
Loading /usr/lib/foren6/interfaces/libinterface_snif.so
Registered interface snif from file /usr/lib/foren6/interfaces/libinterface_snif.so
snif interface initialized
PktSync: New iface: /usr/share/doc/foren6/pcaps/example1-rpl-collect.pcap, nb root = 1
PCAP reader started

(process:32359): GLib-CRITICAL *: g_hash_table_lookup_extended: assertion `hash_table != NULL' failed
*
ERROR:wmem_core.c:50:wmem_alloc: assertion failed: (allocator->in_scope)

tshark exited
Could not start tshark
make: *** [run] Error 1

I pulled a recent version of Contiki from the master branch and built the examples/ipv6/rpl-tsch example for my TI CC2538 nodes after making some mods to keep the nodes on a single channel, channel 26.

I don't see any node on the UI nor any events in the event window. I closed the UI and connected Cutecom to the serial port that the sniffer is connected to and I saw traffic from my modes, so the sniffer is picking up something. Any chance that the data is being serialized in such a way that the UI can't read/display it? Is there something I need to do to for TSCH? Have others tried using TSCH with forens6?

Note that I previously built the examples/ipv6/rpl-udp example with the TI CC2538 and was able to see the nodes/connections, and events on the UI.

Thanks in advance for any suggestions.

OSX 10.11.6

ld: warning: ignoring file /Users/vvzvlad/Documents/Unwired/foren6/analyzer/dist/Debug/GNU-Linux-x86/librplanalyzer.dylib, file was built for i386 which is not the architecture being linked (x86_64): /Users/vvzvlad/Documents/Unwired/foren6/analyzer/dist/Debug/GNU-Linux-x86/librplanalyzer.dylib
Undefined symbols for architecture x86_64:
  "_dodag_get_key", referenced from:
      EventLog::getEventString(int, rpl::Event*, bool) const in EventLog.o
  "_dodag_get_rpl_instance", referenced from:
      rpl::NetworkInfoManager::updateSelectedNodeInfo() in rplNetworkInfoManager.o
      RplInstanceOverlay::nodeCirclePen(rpl::Node*, QPen*, QBrush*) in RplInstanceOverlay.o
....
      Timeline::paintEvent(QPaintEvent*) in Timeline.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [release/foren6.app/Contents/MacOS/foren6] Error 1

Full log can be seen here: foren6.log.zip

Reported by Daniel Moreira.

When you rename a node and come back to a time that he did not exist, then push the time forward and he appears again, the name will be the default one.

Can update the documentation at #3 Analyzing a simulated network.