Wireshark
Wireshark is a free and open-source packet analyzer. It is generally used for network troubleshooting, analysis, software and communications protocol development, and education.
Here we restrict our discussion on Wireshark to the point of view of the project, i.e., analysing the CoAP packets.
The aim of our project is to introduce the functionality of ECN into CoAP. We will be modifying some of the headers in the CoAP packets (both in the application layer and in the transport layer). We must be able to test our implementation so that it functions as expected. Hence we must be able to identify and monitor the changes in the header files of each packet under observation.
Some of the features of Wireshark which assists us in the packet analysis are:
- Wireshark supports hundreds of protocols, including CoAP. Hence the headers in the CoAP packets are already segregated.
- It supports live capture and offline analysis.
- It has one of the most powerful display filters. Hence it is easier to filter out CoAP packets, and also filter packets going in and out of a particular IP address.
Wireshark can capture and read live data from many media like Wireless LAN (wlp2s0), different Virtual Networks (vmnet1 and vmnet8), Loopback (lo), Ethernet (enp3s0), Bluetooth (bluetooth0) and many more. We can choose to analyse packets from any of the media or all of them (all).
Once the media is chosen, Wireshark captures all the packets flowing in and out of the device (on which the software is running) through the media. A screenshot of the captured packets is displayed below:
We need to analyse only the CoAP packets. Hence we need to filter only the CoAP packets. This is the screenshot of the packets after applying the filter:
Let us now try to explore the CoAP headers and their locations in the Wireshark display (the format of the analysed data will be the same even in the pcap file if we decide to store the details of the captured packets).
The analysed packet is a GET message with 2 option fields. Only one of the 2 option fields is broken down here. The other option field is of the similar format.
CoAP packet content
CoAP Version, Type and Token Length
Version and Type both are 2-bit fields each and Token Length is a 4-bit field. But Wireshark analyses the packet data in groups of 8 bits (tries to get the ASCII equivalent of the bits). So in the 8 bits highlighted in the following screenshot, the first 2 bits are Version bits, the next 2 bits are Type bits and the last 4 bits are Token Length.
CoAP Code field
CoAP Message ID field
CoAP Token field
CoAP Option 1 Delta and Length fields
Option Delta and Length fields are of 4-bits each. But as mentioned before, Wireshark analyses the packet data in groups of 8 bits (tries to get the ASCII equivalent of the bits). So in the 8 bits highlighted in the following screenshot, the first 4 bits are Option Delta field and the last 4 bits are Option Length field.
CoAP Option 1 Value field
Summary
The headers of the CoAP packet analysed can be summarised as follows:
Ver T TKL Code Message ID
/ \/ \/ \/ \/ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 0 | 3 | 1 | 1482 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \
| 72 16 33 Token
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
| 2 | 11 | 2e 77 65 6c 6c 2d 6b 6e 6f 77 6e \
| 0 | 4 | 63 6f 72 65 Options
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
\ /\ /\ /
Opt Del Opt Len Opt Value ...