STK500 + Mega16L + RZ600 Radio Board = Sniffer

Recently on AVR-Freaks there was a discussion how to sniff frames with a RZ600 radio board, that is eventually available. After a look in the data sheets, I figured out that the stone old µracoli-target stkm16 can be easily modified to do this job.

STK500 with RZ600 Radio Board - the JTAG-ICE in the background was used for debugging and is normally not needed, a simple 6pin ISP cable would be sufficient to flash the ATmega16L

Here is the recipe:

• take a STK500 
• an ATmega16L (because of 3.3V) in DIP (or better a Mega64)
• 3 x double wires
• a RZ600 board (I used the one with AT86RF230)
• a power supply
• a RS232 cable

Assemble the above components:

• double check if only the mega16L plugs in the STK500
• wire PD0/1 to RXD/TXD of RS232 spare
• wire PA4 ... PA7 with LED0...3 (if you like blinking LEDs)
• plug RZ600 on PORTB
• set he STK500 jumpers :  
• VTARGET, AREF, RESET, XTAL1, BSEL2 connected,
• OSCSEL connected 1-2 (SW clock from STK500)

Next compile the target stkm16 (will come with version 0.4.0 soon, meanwhile
pull the repository and use rel_0.4.0 branch)  and configure the STK500.

• connect the serial interface to RS232-CTRL
• avrdude -P /dev/ttyS0 -p m16 -c stk500v2 -tF
• type  fosc 3.6864
• type  vtarg 3.4

This ensures that RZ600 radio board operates at a valid voltage level
and the SW clock with a baudrate friendly frequency is used

Now flash the firmware sniffer_stkm16.hex and set the fuses to lf = 0xfe, hf = 0x91.

Next run the script sniffer.py from uracoli-sniffer-.zip
 python sniffer.py -p /dev/ttyS0:115200 -c 17 | wireshark -ki -
and voila - we can sniff.

Wireshark and Sniffer Frontend - for those who look at details they will see it is an older screenshot :-)

However there are some limitations. Because there is just 1K of RAM in the Mega16, you can't  buffer much data and so you will loose some frames if a large traffic peak occurs in your network.