Exporting Data Center Software Captures to Wireshark

The Data Center Software is Total Phase’s bus monitoring software that allows users to interface with Total Phase protocol analyzers to capture, monitor, and debug various communication protocols including USB, I2C, SPI, and CAN. The captured data can be utilized with other third-party applications for further processing. For instance, many users have successfully used data collected by Data Center Software in the Wireshark environment. 

Wireshark is a popular open-source network analyzer tool that allows users to collect network traffic and translates the data into a human-readable format. Wireshark supports PCAP files that are used to view TCP/IP and UDP network packets.

Depending on the protocol of interest, there are a few ways to collect and export data from Data Center Software to a Wireshark supported file.

 

USB

Sometimes users are looking to further monitor their USB data capture, such as viewing and parsing Ethernet frames over USB. There are several ways for a Beagle USB Protocol Analyzer to export data to Wireshark.

Here are a couple suggestions for our users:

1. Export the data capture from the Data Center Software to a CSV file. Then create a script to translate the data in the CSV file to the PCAP file format. This works best if the CSV file contains every single bit of the packet to be created or if it can be deduced from the input.

 

2. Use the Beagle Software API, instead of the Data Center Software, to customize an application that generates PCAP output files.

The Beagle Software API is used to control the Beagle analyzer and write a custom program to achieve the user goals. The API comes with support for multiple OS (Windows, Linux, and Mac) and multiple languages (C, Python, Visual Basic, and C#), and includes examples.

Note: For both solutions you will need to exclude the "out of band" data that is captured on the USB bus to the Ethernet hardware.This data represents control and configuration from the host driver for the USB adapter, which are not part of Ethernet. You can easily filter out this data before completing the USB capture. We provide examples of how to setup and use filters in the Data Center Software.

 

IPMI (I2C protocol)

Users also looking to further inspect IPMI messages and commands in Wireshark can do so by using the Beagle I2C/SPI Protocol Analyzer, the Data Center Software, and a Wiki utility. The Wiki utility will let users capture IPMB bus data with the Beagle I2C/SPI Protocol Analyzer and then load the resulting file into Wireshark.

The overarching IPMB Wireshark wiki page is on the following web link. This page provides a link to Bugzilla that discusses the implementation of the Beagle analyzer for IPMB sniffing and includes the beagle_i2c_analyzer.tar.gz utility file needed to do so. Within the file is a ReadMe.txt file that provides the following instructions on how to execute this program:

1. To compile the program, do:

> make;

 

2. To remove all the executable files, do:

 > make clean

 

 3. After doing "make", you can execute the program with the following command:

> ./i2c_analyzer  -[option]  [option argument]  max_packet_len  num_even  0  1...

Where:

i2c_analyzer: is the name of the program

-[option]: indicates the option that you want to use. For example, quiet mode, debug mode.

[option argument]: indicates the argument that will follow after the -[option] is made. Examples:

./i2c_analyzer -v 3 0 1 2

./i2c_analyzer -q 0

./i2c_analyzer -h

max_packet_len: maximum size of the packet that you want to capture in bytes. Ex: 32, 64.

num_even: indicates the number of the packets that you want to capture.

0 indicates an infinite number of packets.

0: Beagle device on port 0. If you have only 1 Beagle device, your command may stop here

1…: The next Beagle port number. The number increase sequentially according to the Beagle device that connected to the program.

Note: A separate terminal must also be open to generate the data provided by the Beagle I2C/SPI Protocol Analyzer. If not, the program will capture the data that was sent on the bus and print to file.

 

 4. To stop capturing, simply press "Ctrl + C".

 

5. After a lap time, the sniffing devices will stop and create a file named "hexdump_bg" that will be stored in your current working directory. This file is used with Wireshark to generate a PCAP file with the following command:

> text2pcap     -t          "%D %H%M%S."      -l 199   hexdump_bg   ipmbfile.pcap

 

6. This command will build a file that contains IPMB matching packets captured from the Beagle analyzer. The name of this file is "ipmbfile.pcap" and will be stored in your current working directory. Now you can open this file with Wireshark to see the detailed information of your packets.

 

7. To learn more about "text2pcap" do:

> text2pcap -h

 

8. To know more about the sniffing device "aasniff" do:

 > ./i2c_analyzer -h

 This command will populate a list of user manuals on the screen where you will see detailed information on how to use each option.