Now available: LoRa captures in Wireshark

Hi all,

I have requested (and received) a link layer type identifier for libpcap. This is a magic number that can be used as a link layer type in pcap traces to identify the pcap as containing LoRa captures from the air. This link layer type is to be used with an encapsulation which I’ve drafted myself: LoRaTap (, recently the dissector for LoRaTap has been merged into the Wireshark master branch. This means you’ll be able to open LoRaTap pcap files with the nightly builds.

At the moment I’m working on the LoRaWAN dissector that will be able to dissect the actual data in a LoRa frame with the LoRaWAN syncword. Please stay tuned while I’m working on this, I’m expecting to submit an early version to gerrit this week.

Meanwhile it’s time to get TTN as well as manufacturers started on logging their radio data to pcap using the LoRaTap encapsulation so we can use it in Wireshark :smile:



And LoRaWAN dissector has been merged as well, should be in the daily Wireshark build tomorrow.

I’ll see about getting a gateway at home to use with TTN software so I can get started on getting pcap logging working. I do have a Kerlink gateway at work, but that’s not connected to TTN :frowning:

1 Like

@ErikdeJong, Do you have any tutorial about how to use it? Like do I need an extra hardware? is connecting LoRa module via USB Serial Interface enough to start using the plugin on wireshark?

I am trying to analyze my LoRa packet (not LoRaWAN).

I don’t know if there are any compatible USB/serial enabled modules that will do this for you.
You might want to take a look at gr-lora which is a set of gnuradio blocks that will allow you to read LoRa frames through SDR devices like the popular RTL-SDR dongles.
There is a tutorial over at the wiki.
I have been experimenting with extcap in Wireshark to enable capturing directly from Wireshark with the appropriate linklayer type, but due to lack of time it’s not finished yet :frowning:


It would be useful to the community if this effort could be applied to decode of LoRaWAN messaging transported over the BasicStation LNS interface. Has anyone tried Wireshark for decode of the LNS protocol and contained LoRaWAN messaging?

My question is in context with the Alliance certification test bed and end-device developer test bench. BasicStation LNS encryption would need to be disabled (I believe that option exists) and the network session key would be needed by Wireshark for the device under test. Fine to leave security enabled for the application payload.

When I read the LNS protocol specs on it looks like the “LoRaWAN Data Frames” packets already contain all the information you’re looking for.
Encryption is done on the HTTP(S) level, so you could decrypt that in Wireshark if you had the appropriate data or you could use a proxy like Fiddler to get the contents.
If you wanted to decrypt the LoRaWAN payload in the LNS packets then we’d have a bigger challenge on our hands, but if there is really a need for this and somebody can supply me a pcap I’ll be happy to take a look.