Ask Your Question

Revision history [back]

Are there any chance for wireshark to determine 802.15.4 protocols incorrectly?

I recently got a device that claimed it's using Zigbee technology to transmit data and I was to do some testing on it. Problem is, when I tried sniffing the data transmitted, wireshark showed its protocol as LwMesh (LightWeight Mesh).

I did some research and apparently LwMesh also follow IEEE 802.15.4 for its PHY/MAC layer. Only that LwMesh lack some higher level features of Zigbee. Now we are having a debate about if this thing really should be treated as a Zigbee device. (Because the test items may differ.)

LwMesh and Zigbee are so similar to each other that we are afraid that it may be wireshark determining the protocol incorrectly.

Apart from the fact that this device does not get certified by Zigbee alliance, we need more evidence or proof to know if it really is using Zigbee or LwMesh as its network layer protocol.

I tried to look for a way to understand how wireshark tell apart protocols but to no avail. It seems like it's not by looking for some specific bytes or bits in a 802.15.4 frame. It will be really great if I can get more insight into how to determine packet protocol correctly.

This is the link to the pcap file we captured.