Wireshark-users: Re: [Wireshark-users] Wireshark Bluetooth
From: "Paul Raine" <praine@xxxxxxxxxxxxxxxxx>
Date: Thu, 17 Jul 2014 08:48:37 -0500
>>See whether there's a "bluez-hcidump" package available for your system
and, if so, install it (and give me the full name of the package you
installed).
I found and installed "/usr/share/doc/bluez-hcidump-1.42"
Running this when there is some bluetooth activity gives me packet info....
as shown below....
[root@FoxForce5 rainey]# hcidump
HCI sniffer - Bluetooth packet analyzer ver 1.42
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Periodic Inquiry Mode (0x01|0x0003) plen 9
> HCI Event: Command Complete (0x0e) plen 4
> HCI Event: Inquiry Result (0x02) plen 15
< HCI Command: Exit Periodic Inquiry Mode (0x01|0x0004) plen 0
> HCI Event: Command Complete (0x0e) plen 4
< HCI Command: Create Connection (0x01|0x0005) plen 13
> HCI Event: Command Status (0x0f) plen 4
> HCI Event: Role Change (0x12) plen 8
> HCI Event: Connect Complete (0x03) plen 11
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
> HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
> HCI Event: Command Status (0x0f) plen 4
> HCI Event: Max Slots Change (0x1b) plen 3
> HCI Event: Command Status (0x0f) plen 4
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
> HCI Event: Command Status (0x0f) plen 4
> HCI Event: Read Remote Supported Features (0x0b) plen 11
< ACL data: handle 41 flags 0x02 dlen 10
L2CAP(s): Info req: type 2
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x01a8
< ACL data: handle 41 flags 0x02 dlen 10
L2CAP(s): Info req: type 3
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Unknown (len 8)
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Connect req: psm 1 scid 0x0040
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0180 scid 0x0040 result 1 status 2
Connection pending - Authorization pending
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0180 scid 0x0040 result 0 status 0
Connection successful
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Config req: dcid 0x0180 flags 0x00 clen 0
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 4
MTU 672
< ACL data: handle 41 flags 0x02 dlen 18
L2CAP(s): Config rsp: scid 0x0180 flags 0x00 result 0 clen 4
MTU 672
> ACL data: handle 41 flags 0x02 dlen 14
L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
Success
< ACL data: handle 41 flags 0x02 dlen 24
L2CAP(d): cid 0x0180 len 20 [psm 1]
SDP SSA Req: tid 0x0 len 0xf
pat uuid-16 0x1105 (OBEXObjPush)
max 65535
aid(s) 0x0000 - 0xffff
cont 00
> ACL data: handle 41 flags 0x02 dlen 110
L2CAP(d): cid 0x0040 len 106 [psm 1]
SDP SSA Rsp: tid 0x0 len 0x65
count 98
record #0
aid 0x0000 (SrvRecHndl)
uint 0x10004
aid 0x0001 (SrvClassIDList)
< uuid-16 0x1105 (OBEXObjPush) >
aid 0x0004 (ProtocolDescList)
< < uuid-16 0x0100 (L2CAP) > <
uuid-16 0x0003 (RFCOMM) uint 0x11 > <
uuid-16 0x0008 (OBEX) > >
aid 0x0005 (BrwGrpList)
< uuid-16 0x1002 (PubBrwsGrp) >
aid 0x0009 (BTProfileDescList)
< < uuid-16 0x1105 (OBEXObjPush) uint 0x102 > >
aid 0x0100 (SrvName)
str "OPP"
aid 0x0200 (VersionNumList)
uint 0xfef7
aid 0x0303 (SuppFormatsList)
< uint 0x1 uint 0x2 uint 0x3 uint 0x4 uint 0x5 uint 0x6
uint 0xff >
cont 00
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Connect req: psm 3 scid 0x0041
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn req: dcid 0x0180 scid 0x0040
> HCI Event: Remote Name Req Complete (0x07) plen 255
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x01c1 scid 0x0041 result 1 status 2
Connection pending - Authorization pending
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x01c1 scid 0x0041 result 0 status 0
Connection successful
< ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Config req: dcid 0x01c1 flags 0x00 clen 4
MTU 1013
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(s): Config req: dcid 0x0041 flags 0x00 clen 4
MTU 65520
< ACL data: handle 41 flags 0x02 dlen 18
L2CAP(s): Config rsp: scid 0x01c1 flags 0x00 result 0 clen 4
MTU 65520
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn rsp: dcid 0x0180 scid 0x0040
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 18
L2CAP(s): Config rsp: scid 0x0041 flags 0x00 result 0 clen 4
MTU 1013
< ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x01c1 len 4 [psm 3]
RFCOMM(s): SABM: cr 1 dlci 0 pf 1 ilen 0 fcs 0x1c
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x0041 len 4 [psm 3]
RFCOMM(s): UA: cr 1 dlci 0 pf 1 ilen 0 fcs 0xd7
< ACL data: handle 41 flags 0x02 dlen 18
L2CAP(d): cid 0x01c1 len 14 [psm 3]
RFCOMM(s): PN CMD: cr 1 dlci 0 pf 0 ilen 10 fcs 0x70 mcc_len 8
dlci 34 frame_type 0 credit_flow 15 pri 7 ack_timer 0
frame_size 1008 max_retrans 0 credits 7
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 18
L2CAP(d): cid 0x0041 len 14 [psm 3]
RFCOMM(s): PN RSP: cr 0 dlci 0 pf 0 ilen 10 fcs 0xaa mcc_len 8
dlci 34 frame_type 0 credit_flow 14 pri 7 ack_timer 0
frame_size 662 max_retrans 0 credits 7
< ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x01c1 len 4 [psm 3]
RFCOMM(s): SABM: cr 1 dlci 34 pf 1 ilen 0 fcs 0x8f
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x0041 len 4 [psm 3]
RFCOMM(s): UA: cr 1 dlci 34 pf 1 ilen 0 fcs 0x44
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x01c1 len 8 [psm 3]
RFCOMM(s): MSC CMD: cr 1 dlci 0 pf 0 ilen 4 fcs 0x70 mcc_len 2
dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 1 b1 1 b2 1 b3 0 len 0
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x0041 len 8 [psm 3]
RFCOMM(s): MSC CMD: cr 0 dlci 0 pf 0 ilen 4 fcs 0xaa mcc_len 2
dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 0 b1 1 b2 1 b3 0 len 0
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x01c1 len 8 [psm 3]
RFCOMM(s): MSC RSP: cr 1 dlci 0 pf 0 ilen 4 fcs 0x70 mcc_len 2
dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 0 b1 1 b2 1 b3 0 len 0
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x0041 len 8 [psm 3]
RFCOMM(s): MSC RSP: cr 0 dlci 0 pf 0 ilen 4 fcs 0xaa mcc_len 2
dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 1 b1 1 b2 1 b3 0 len 0
< ACL data: handle 41 flags 0x02 dlen 9
L2CAP(d): cid 0x01c1 len 5 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 1 ilen 0 fcs 0x2e credits 33
< ACL data: handle 41 flags 0x02 dlen 15
L2CAP(d): cid 0x01c1 len 11 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 7 fcs 0x32
OBEX: Connect cmd(f): len 7 version 1.0 flags 0 mtu 4096
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 9
L2CAP(d): cid 0x0041 len 5 [psm 3]
RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 0 fcs 0xf4 credits 18
> ACL data: handle 41 flags 0x02 dlen 16
L2CAP(d): cid 0x0041 len 12 [psm 3]
RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 7 fcs 0xf4 credits 1
OBEX: Connect rsp(f): status 200 len 7 version 1.0 flags 0 mtu 65280
< ACL data: handle 41 flags 0x02 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 95
L2CAP(d): cid 0x01c1 len 667 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32
< ACL data: handle 41 flags 0x02 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 95
L2CAP(d): cid 0x01c1 len 667 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x02 dlen 192
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 95
L2CAP(d): cid 0x01c1 len 667 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x02 dlen 192
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
> HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 8
L2CAP(d): cid 0x01c1 len 580 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 575 fcs 0x32
OBEX: Put cmd(c): len 2561
Name (0x01) = Unicode length 18
Length (0xc3) = 2529
Body (0x48) = Sequence length 2529
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x0041 len 8 [psm 3]
RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 4
OBEX: Put rsp(f): status 100 len 3
< ACL data: handle 41 flags 0x02 dlen 14
L2CAP(d): cid 0x01c1 len 10 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 6 fcs 0x32
OBEX: Put cmd(f): len 6 (continue)
End of Body (0x49) = Sequence length 0
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x0041 len 8 [psm 3]
RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 1
OBEX: Put rsp(f): status 200 len 3
< ACL data: handle 41 flags 0x02 dlen 11
L2CAP(d): cid 0x01c1 len 7 [psm 3]
RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 3 fcs 0x32
OBEX: Disconnect cmd(f): len 3
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(d): cid 0x0041 len 8 [psm 3]
RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 1
OBEX: Disconnect rsp(f): status 200 len 3
< ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x01c1 len 4 [psm 3]
RFCOMM(s): DISC: cr 1 dlci 34 pf 1 ilen 0 fcs 0x6e
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x0041 len 4 [psm 3]
RFCOMM(s): UA: cr 1 dlci 34 pf 1 ilen 0 fcs 0x44
< ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x01c1 len 4 [psm 3]
RFCOMM(s): DISC: cr 1 dlci 0 pf 1 ilen 0 fcs 0xfd
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 8
L2CAP(d): cid 0x0041 len 4 [psm 3]
RFCOMM(s): UA: cr 1 dlci 0 pf 1 ilen 0 fcs 0xd7
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn req: dcid 0x01c1 scid 0x0041
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn req: dcid 0x0041 scid 0x01c1
< ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn rsp: dcid 0x0041 scid 0x01c1
> HCI Event: Number of Completed Packets (0x13) plen 5
> HCI Event: Number of Completed Packets (0x13) plen 5
> ACL data: handle 41 flags 0x02 dlen 12
L2CAP(s): Disconn rsp: dcid 0x01c1 scid 0x0041
< HCI Command: Disconnect (0x01|0x0006) plen 3
> HCI Event: Command Status (0x0f) plen 4
> HCI Event: Disconn Complete (0x05) plen 4
^C
[root@FoxForce5 rainey]#
- Follow-Ups:
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark Bluetooth
- References:
- Re: [Wireshark-users] Wireshark-users Digest, Vol 98, Issue 5
- From: Paul Raine
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Paul Raine
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Paul Raine
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Paul Raine
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Paul Raine
- Re: [Wireshark-users] Wireshark Bluetooth
- From: Guy Harris
- Re: [Wireshark-users] Wireshark-users Digest, Vol 98, Issue 5
- Prev by Date: [Wireshark-users] [HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August
- Next by Date: Re: [Wireshark-users] What is "Export PDUs to File..." intended to do?
- Previous by thread: Re: [Wireshark-users] Wireshark Bluetooth
- Next by thread: Re: [Wireshark-users] Wireshark Bluetooth
- Index(es):