Skip to main content

Network Debugging

With embedded systems, it is frequently necessary to look at the packets flowing on the network in order to see whether a problem is isolated, or caused by something else.

The problem is that there can be an enormous amount of data on the net and only one or two packets that you want to look at.  Especially when you have video streams flowing on the net, it becomes a search for a needle in a haystack.

The standard interactive network test tool is tcpdump.  It is also available on Windows as windump (http://www.winpcap.org/windump/install/).  Wireshark is also a nice front end for packet capture, but it works in a capture first, analyze later fashion.  With tcpdump, you can see what is going on in real time.

Packet Capture Examples

Tcpdump has a good man page, but it can be a bit overwhelming.  Once you saw a few real examples, though, deciphering the man page will be much easier.  The windump man page is exactly the same - they didn't even bother to change the name of the man page.

Display all packets on the wired port em1:
# tcpdump -nlX -i em1

Display all packets to/from a specific device:
# tcpdump -nlX -i em1 host 192.168.111.3

Display all packets to/from a specific host on a specific Berkeley port:
# tcpdump -nlX -i em1 host 192.168.111.3 and port 2000

Advanced Packet Capture Examples

Display all packets that has a specific byte in a specific place:
# tcpdump -nlX -i em1 ether[58] == 0x05

Display all packets that don't have two bytes in two specific places and are coming from a specific device:
# tcpdump -nlX -i em1 src host 192.168.111.3 and port 2000 and ether[58] != 0x05 and ether[59] != 0x7b

The trick is that you got to add the 14 byte ethernet frame header to the byte position (start counting your data from 0). The first byte (45H) that the below packet starts with is ether[14].


The result of the first search will look something like this:
14:52:56.860160 IP 192.168.111.12.55338 > 192.168.111.4.sieve-filter: UDP, length 66
    0x0000:  4500 005e 1513 4000 8011 861a c0a8 6f0c  E..^..@.......o.
    0x0010:  c0a8 6f04 d82a 07d0 004a cd76 3130 0000  ..o..*...J.v10..
    0x0020:  0000 0000 0000 0000 00d4 0000 057b 0000  .............{..
    0x0030:  0020 ffff ffff ffff ffff 41d4 c6bd 9c40  ..........A....@
    0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
    0x0050:  0000 0000 0000 0000 0866 0000 0daf       .........f....

I bolded the 057bH that I was looking for.  The second search will show packets where the 057bH is missing.  

 This can settle an argument between two developers very quickly!

PCAP Files

You can also start a capture and let it save to a file, then analyze it later if you have to.  Tcpdump smart file handling can be configured to create multiple log files and rotate them, so that it will not overflow your available storage space.

It is easy to write data to a file:
# tcpdump -nlX -i em1 -w filename.pcap

Read from a file:
# tcpdump -nlX -r filename.pcap

It works exactly the same when analyzing a file offline as when you analyze data real-time.

La voila!

Labels:

Comments

Post a Comment

On topic comments are welcome. Junk will be deleted.

Popular posts from this blog

Parasitic Quadrifilar Helical Antenna

This article was reprinted in OSCAR News, March 2018:  http://www.amsat-uk.org If you want to receive Satellite Weather Pictures , then you need a decent antenna, otherwise you will receive more noise than picture. For polar orbit satellites, one needs an antenna with a mushroom shaped radiation pattern .  It needs to have strong gain towards the horizon where the satellites are distant, less gain upwards where they are close and as little as possible downwards, which would be wasted and a source of noise.  Most satellites are spin stabilized and therefore the antenna also needs circular polarization, otherwise the received signal will flutter as the antennas rotate through nulls. The helical antenna, first proposed by Kraus in 1948, is the natural solution to circular polarized satellite communications.  It is a simple twisted wire - there seems to be nothing to it.  Various papers have been published on helix antennas, so the operation is pretty well understood. Therefore,
2 comments
Read more

Weather Satellite Turnstile Antennas for the 2 meter Band

NEC2, 2 m band, 146 MHz, Yagi Turnstile Simulation and Build This article describes a Turnstile Antenna for the 2 meter band, 146 MHz amateur satcom, 137 MHz NOAA and Russian Meteor weather satellites.  Weather satellite reception is described here .  A quadrifilar helical antenna is described here .   Engineering, is the art of making what you need,  from what you can get. Radiation Pattern of the Three Element Yagi-Uda Antenna Once one combine and cross two Yagis, the pattern becomes distinctly twisted. The right hand polarization actually becomes visible in the radiation pattern plot, which I found really cool. Radiation Pattern of Six Element Turnstile Antenna Only a true RF Geek can appreciate the twisted invisible inner beauty of a herring bone antenna... Six Element Turnstile Antenna Essentially, it is three crosses on a stick.  The driven elements are broken in the middle at the drive points.  The other elements can go straight throug
Post a Comment
Read more

To C or not to C, That is the Question

As most would know, the Kernighan and Ritchie C Programming Language is an improved version of B, which is a simplified version of BCPL, which is derived from ALGOL, which is the Ur computer language that started the whole madness, when Adam needed an operating system for his Abacus, to count Eve's apples in the garden of Eden in Iraq.  The result is that C is my favourite, most hated computer language , which I use for everything. At university, I learned FORTRAN with punch cards on a Sperry-Univac, in order to run SPICE, to simulate an operational amplifier.  Computers rapidly lost their glamour after that era! Nobody taught me C.  I bought the book and figured it out myself. Over time, I wrote a couple of assemblers, a linker-locator, various low level debuggers and schedulers and I even fixed a bug in a C compiler - not because I wanted to, but because I had to, to get the job done!   Much of my software work was down in the weeds with DSP and radio modems ( Synchronization,
Post a Comment
Read more