This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Sniffing IPMI packets using a Beagle i2c USB adapter under Ubuntu

0

Hello everybody,

I'm trying to read IPMI packets transmitted by two devices under Ubuntu Environment. I have physical access to the i2c bus to which I connect using a Beagle i2c usb adapter by TotalPhase. The i2c monitor application is correctly configured (usb udev). What I want to do now is to make Wireshark communicating with the Beagle to read IPMI commands on the bus. Running a 'lsusb' command on the terminal I get the USB number which is the 5. When I start a capture on this port, no packet is detected.

Can you help me finding a solution?

Thank you very much in advance for any hint and/or idea on what else I could try in order to understand where the problem comes from.

This question is marked "community wiki".

asked 16 Nov '12, 05:05

matte87's gravatar image

matte87
16225
accept rate: 0%

edited 16 Nov '12, 08:48

Jaap's gravatar image

Jaap ♦
11.7k16101


2 Answers:

0

If I understand correctly you have a Beagle, a monitor application from TotalPhase and Wireshark to look at the link between the Beagle and this monitor application.

Now you'll have to use the monitor application to instruct the Beagle to capture the I2C comms and send them back over the USB interface. It's this communication you can capture using Wireshark.

Unless the Beagle has an RPCAP interface it won't take instructions from Wireshark directly.

answered 16 Nov '12, 08:52

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thank you very much for your reply.

Actually I can't figure out how to instruct the beagle to capture and send back i2c comms to the usb interface. It seems to react only to its monitor. If there is a way to do this, it would be real-time monitoring, what I would like to do.

However, I found the link http://wiki.wireshark.org/IPMB_protocol which explains how to campure IPMI commands. Unfortunatly, it seems that the only way is to use the 'i2c_analyzer' (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1970) to capture i2c comms and then import then into wireshark after the creation of the pcap file using 'text2pcap'. When I try to open the associated pcap file with wireshark the Protocol is 'unknown' and no packets are read...I have the same problem with the examples capture file as well. (the IPMI is correctly checked on Analyze/Enabled Protocols).

Thank you very much for any your advice.

(16 Nov '12, 09:26) matte87

0

Hello,

I tried to make some progress for my goal. I took a look to all the files reported into the Bug repository and it seems that the installation of the IPMB plugin is necessary.

Therefore, my first question is why do I need to add this plugin if wireshark already comes out with a ipmb dissector?

Anyway, I tried to add this plugin and I faced a more common problem..

In order to install the plugin I followed the README.plugin procedure. Since the plugin souce files are given, I just make the suggested modifications to the Makefile.am, Cmaketlist.txt etc...

and then I execute:

./autogen.sh ./configure make

The compiling process correctly starts but after a while I get this error concerning the the plugin directory:

make[3]: Leaving directory /home/userme/wireshark-1.8.3/plugins/gryphon' Making all in ipmb make[3]: Entering directory/home/userme/wireshark-1.8.3/plugins/ipmb' make[3]: No rule to make target all'. Stop. make[3]: Leaving directory/home/userme/wireshark-1.8.3/plugins/ipmb' make[2]: [all-recursive] Error 1 make[2]: Leaving directory /home/userme/wireshark-1.8.3/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory/home/userme/wireshark-1.8.3' make: *** [all] Error 2

I'm using Ubuntu 10.04 LTS (2.6.32-45-generic) wireshark 1.8.3 Python 2.6.5 Perl, v5.10.1 GNU sed version 4.2.1 flex 2.5.35 bison (GNU Bison) 2.4.1 autoconf 2.13 automake 1.9.6

I hope that someone will help me to found a solution..

Thank you very much.

answered 18 Nov '12, 03:34

matte87's gravatar image

matte87
16225
accept rate: 0%