Hi,
This is a Wireshark question, but I wonder if anyone knows the answer here.
I can decrypt TI15.4 messages with Wireshark no problem, but unless I enter each radio device's mac address and short address in 'Static Addresses' in Wireshark, I lose the ability to decrypt if I close down Wireshark and reopen. I want the ability to turn up on-site and decrypt using Wireshark for a network never seen before. The keys are static and common to all devices so all that's needed is the mac address and short address for Wireshark to decrypt.
Is there a way in Wireshark of importing the static address information needed for Wireshark to decrypt messages from devices it has not seen before and so does not have the mac address of each devcie? I have written my own Lua dissector which runs after the TI dissector for my custom protocol. I could use this to do it if I knew how, or I can get my application to output all network mac addresses and import them somehow into Wireshark.
Many thanks,
Andy
This is how my security is set up:
STATIC CONST ApiMac_secLevel_t secLevel = ApiMac_secLevel_encMic32; STATIC CONST ApiMac_keyIdMode_t secKeyIdMode = ApiMac_keyIdMode_1; /* cant be zero for implicit key identifier */ STATIC CONST uint8_t secKeyIndex = 3; STATIC bool macSecurity = CONFIG_SECURE;
