Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Wireshark suggested filters

IW7DMH, Enzo
IW7DMH, Enzo Member ✭✭
edited August 2018 in SmartSDR API
Hello,

I am trying to sniff the TPC/IP packet from/to Flex and PC and I am using Wireshark.
Can you suggest some kind of filters I should use to display only data packets used in the command protocol? I would like to get something like this:

from PC to Radio: request ****
from radio to PC: answer yyy

Reading data packets in wireshark is like filling a glass of water in Niagara Falls :) HI

73' Enzo
iw7dmh

Answers

  • N7CXI
    N7CXI Member ✭✭
    edited August 2018
    Hi Enzo,
    I don't know what ports SmartSDR uses, but you can build a WireShark filter to only show traffic to or from a specific IP address:

    host 192.168.0.99

    Replace the IP address in that example with the specific address of your radio, and that should help filter the traffic.

    Best 73,
    Jim N7CXI


  • IW7DMH, Enzo
    IW7DMH, Enzo Member ✭✭
    edited January 2017
    Hello Jim,

    filtering using only IP address is not enought as traffic between PC and Flex is really very high.
    For "Discovering protocol" you have to filter UDP packets on port 4992 and for "Command Protocol" you have to filter TCP/IP packets on port 4991.
    Also with these additional filters I still get a lot of packets so a more specific filter would help me in following traffic.
    I'm not very used to study protocols. This should be a children's game for some Ciscoman friends.

    Thank you very much.
    73' Enzo
    iw7dmh
     
  • N7CXI
    N7CXI Member ✭✭
    edited August 2018
    If you're filtering everything except the Flex protocol packets, I'm not sure what else you can filter?
    The 6000-series radios move a lot of data over the ethernet connection, so there will be a lot of packets.

    73,
    Jim N7CXI

  • IW7DMH, Enzo
    IW7DMH, Enzo Member ✭✭
    edited January 2017
    Yes, there will be again a lot of data.
    What I am looking for is ignoring all PING packets and filtering packets by "data" content: for example only packets that contain a string like " |cw " and so on.
    It seems Whireshark has a very complex filtering syntax. I have to search better.

    73',
    Enzo
  • IW7DMH, Enzo
    IW7DMH, Enzo Member ✭✭
    edited January 2017
    Here we are.
    After some attempts I setted up two kind of filters: one for discovering protocol and one for command protocol. You have to type the following strings in Wireshark filter textbox

    Discovering Protocol
    ====================
    udp.port==4992 and ip.src==169.254.8.146

    image


    Command Protocol
    ================
    tcp.port==4992 and ip.dst==169.254.8.146 and tcp.len>0 and data.data contains "cw".

    I made an attempt to change the keyer speed from 18 wpm to 17 wpm.
    here is the packet sent from PC to Flex

    image
    And here the answer from Flex to PC. It seems answer is send twice.

    imageimageimage

    For other commands you can change your filter from "cw" to which one you want.

    Hope this can help.

    73' Enzo
    iw7dmh


Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.