Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Wireshark Bluetooth
From: "Paul Raine" <praine () solutions-eng com>
Date: Thu, 17 Jul 2014 08:48:37 -0500

See whether there's a "bluez-hcidump" package available for your system
and, if so, install it (and give me the full name of the package you
installed).

I found and installed "/usr/share/doc/bluez-hcidump-1.42"
Running this when there is some bluetooth activity gives me packet info....
as shown below....


[root () FoxForce5 rainey]# hcidump
HCI sniffer - Bluetooth packet analyzer ver 1.42
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Periodic Inquiry Mode (0x01|0x0003) plen 9
HCI Event: Command Complete (0x0e) plen 4
HCI Event: Inquiry Result (0x02) plen 15
< HCI Command: Exit Periodic Inquiry Mode (0x01|0x0004) plen 0
HCI Event: Command Complete (0x0e) plen 4
< HCI Command: Create Connection (0x01|0x0005) plen 13
HCI Event: Command Status (0x0f) plen 4
HCI Event: Role Change (0x12) plen 8
HCI Event: Connect Complete (0x03) plen 11
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
HCI Event: Command Status (0x0f) plen 4
HCI Event: Max Slots Change (0x1b) plen 3
HCI Event: Command Status (0x0f) plen 4
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
HCI Event: Command Status (0x0f) plen 4
HCI Event: Read Remote Supported Features (0x0b) plen 11
< ACL data: handle 41 flags 0x02 dlen 10
    L2CAP(s): Info req: type 2
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Info rsp: type 2 result 0
      Extended feature mask 0x01a8
< ACL data: handle 41 flags 0x02 dlen 10
    L2CAP(s): Info req: type 3
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 20
    L2CAP(s): Info rsp: type 3 result 0
      Unknown (len 8)
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Connect req: psm 1 scid 0x0040
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0180 scid 0x0040 result 1 status 2
      Connection pending - Authorization pending
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0180 scid 0x0040 result 0 status 0
      Connection successful
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Config req: dcid 0x0180 flags 0x00 clen 0
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 4
      MTU 672 
< ACL data: handle 41 flags 0x02 dlen 18
    L2CAP(s): Config rsp: scid 0x0180 flags 0x00 result 0 clen 4
      MTU 672 
ACL data: handle 41 flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
      Success
< ACL data: handle 41 flags 0x02 dlen 24
    L2CAP(d): cid 0x0180 len 20 [psm 1]
        SDP SSA Req: tid 0x0 len 0xf
          pat uuid-16 0x1105 (OBEXObjPush)
          max 65535
          aid(s) 0x0000 - 0xffff
          cont 00
ACL data: handle 41 flags 0x02 dlen 110
    L2CAP(d): cid 0x0040 len 106 [psm 1]
        SDP SSA Rsp: tid 0x0 len 0x65
          count 98
          record #0
              aid 0x0000 (SrvRecHndl)
                 uint 0x10004
              aid 0x0001 (SrvClassIDList)
                 < uuid-16 0x1105 (OBEXObjPush) >
              aid 0x0004 (ProtocolDescList)
                 < < uuid-16 0x0100 (L2CAP) > <
                 uuid-16 0x0003 (RFCOMM) uint 0x11 > <
                 uuid-16 0x0008 (OBEX) > >
              aid 0x0005 (BrwGrpList)
                 < uuid-16 0x1002 (PubBrwsGrp) >
              aid 0x0009 (BTProfileDescList)
                 < < uuid-16 0x1105 (OBEXObjPush) uint 0x102 > >
              aid 0x0100 (SrvName)
                 str "OPP"
              aid 0x0200 (VersionNumList)
                 uint 0xfef7
              aid 0x0303 (SuppFormatsList)
                 < uint 0x1 uint 0x2 uint 0x3 uint 0x4 uint 0x5 uint 0x6
uint 0xff >
          cont 00
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Connect req: psm 3 scid 0x0041
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn req: dcid 0x0180 scid 0x0040
HCI Event: Remote Name Req Complete (0x07) plen 255
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x01c1 scid 0x0041 result 1 status 2
      Connection pending - Authorization pending
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x01c1 scid 0x0041 result 0 status 0
      Connection successful
< ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Config req: dcid 0x01c1 flags 0x00 clen 4
      MTU 1013 
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(s): Config req: dcid 0x0041 flags 0x00 clen 4
      MTU 65520 
< ACL data: handle 41 flags 0x02 dlen 18
    L2CAP(s): Config rsp: scid 0x01c1 flags 0x00 result 0 clen 4
      MTU 65520 
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x0180 scid 0x0040
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 18
    L2CAP(s): Config rsp: scid 0x0041 flags 0x00 result 0 clen 4
      MTU 1013 
< ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x01c1 len 4 [psm 3]
      RFCOMM(s): SABM: cr 1 dlci 0 pf 1 ilen 0 fcs 0x1c 
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x0041 len 4 [psm 3]
      RFCOMM(s): UA: cr 1 dlci 0 pf 1 ilen 0 fcs 0xd7 
< ACL data: handle 41 flags 0x02 dlen 18
    L2CAP(d): cid 0x01c1 len 14 [psm 3]
      RFCOMM(s): PN CMD: cr 1 dlci 0 pf 0 ilen 10 fcs 0x70 mcc_len 8
      dlci 34 frame_type 0 credit_flow 15 pri 7 ack_timer 0
      frame_size 1008 max_retrans 0 credits 7
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 18
    L2CAP(d): cid 0x0041 len 14 [psm 3]
      RFCOMM(s): PN RSP: cr 0 dlci 0 pf 0 ilen 10 fcs 0xaa mcc_len 8
      dlci 34 frame_type 0 credit_flow 14 pri 7 ack_timer 0
      frame_size 662 max_retrans 0 credits 7
< ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x01c1 len 4 [psm 3]
      RFCOMM(s): SABM: cr 1 dlci 34 pf 1 ilen 0 fcs 0x8f 
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x0041 len 4 [psm 3]
      RFCOMM(s): UA: cr 1 dlci 34 pf 1 ilen 0 fcs 0x44 
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x01c1 len 8 [psm 3]
      RFCOMM(s): MSC CMD: cr 1 dlci 0 pf 0 ilen 4 fcs 0x70 mcc_len 2
      dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 1 b1 1 b2 1 b3 0 len 0
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x0041 len 8 [psm 3]
      RFCOMM(s): MSC CMD: cr 0 dlci 0 pf 0 ilen 4 fcs 0xaa mcc_len 2
      dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 0 b1 1 b2 1 b3 0 len 0
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x01c1 len 8 [psm 3]
      RFCOMM(s): MSC RSP: cr 1 dlci 0 pf 0 ilen 4 fcs 0x70 mcc_len 2
      dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 0 b1 1 b2 1 b3 0 len 0
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x0041 len 8 [psm 3]
      RFCOMM(s): MSC RSP: cr 0 dlci 0 pf 0 ilen 4 fcs 0xaa mcc_len 2
      dlci 34 fc 0 rtc 1 rtr 1 ic 0 dv 1 b1 1 b2 1 b3 0 len 0
< ACL data: handle 41 flags 0x02 dlen 9
    L2CAP(d): cid 0x01c1 len 5 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 1 ilen 0 fcs 0x2e credits 33
< ACL data: handle 41 flags 0x02 dlen 15
    L2CAP(d): cid 0x01c1 len 11 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 7 fcs 0x32 
        OBEX: Connect cmd(f): len 7 version 1.0 flags 0 mtu 4096
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 9
    L2CAP(d): cid 0x0041 len 5 [psm 3]
      RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 0 fcs 0xf4 credits 18
ACL data: handle 41 flags 0x02 dlen 16
    L2CAP(d): cid 0x0041 len 12 [psm 3]
      RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 7 fcs 0xf4 credits 1
        OBEX: Connect rsp(f): status 200 len 7 version 1.0 flags 0 mtu 65280
< ACL data: handle 41 flags 0x02 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 95
    L2CAP(d): cid 0x01c1 len 667 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32 
< ACL data: handle 41 flags 0x02 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 95
    L2CAP(d): cid 0x01c1 len 667 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32 
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x02 dlen 192
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 95
    L2CAP(d): cid 0x01c1 len 667 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 662 fcs 0x32 
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x02 dlen 192
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
HCI Event: Number of Completed Packets (0x13) plen 5
< ACL data: handle 41 flags 0x01 dlen 192
< ACL data: handle 41 flags 0x01 dlen 8
    L2CAP(d): cid 0x01c1 len 580 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 575 fcs 0x32 
        OBEX: Put cmd(c): len 2561
        Name (0x01) = Unicode length 18
        Length (0xc3) = 2529
        Body (0x48) = Sequence length 2529
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x0041 len 8 [psm 3]
      RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 4
        OBEX: Put rsp(f): status 100 len 3
< ACL data: handle 41 flags 0x02 dlen 14
    L2CAP(d): cid 0x01c1 len 10 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 6 fcs 0x32 
        OBEX: Put cmd(f): len 6 (continue)
        End of Body (0x49) = Sequence length 0
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x0041 len 8 [psm 3]
      RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 1
        OBEX: Put rsp(f): status 200 len 3
< ACL data: handle 41 flags 0x02 dlen 11
    L2CAP(d): cid 0x01c1 len 7 [psm 3]
      RFCOMM(d): UIH: cr 1 dlci 34 pf 0 ilen 3 fcs 0x32 
        OBEX: Disconnect cmd(f): len 3
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(d): cid 0x0041 len 8 [psm 3]
      RFCOMM(d): UIH: cr 0 dlci 34 pf 1 ilen 3 fcs 0xf4 credits 1
        OBEX: Disconnect rsp(f): status 200 len 3
< ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x01c1 len 4 [psm 3]
      RFCOMM(s): DISC: cr 1 dlci 34 pf 1 ilen 0 fcs 0x6e 
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x0041 len 4 [psm 3]
      RFCOMM(s): UA: cr 1 dlci 34 pf 1 ilen 0 fcs 0x44 
< ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x01c1 len 4 [psm 3]
      RFCOMM(s): DISC: cr 1 dlci 0 pf 1 ilen 0 fcs 0xfd 
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 8
    L2CAP(d): cid 0x0041 len 4 [psm 3]
      RFCOMM(s): UA: cr 1 dlci 0 pf 1 ilen 0 fcs 0xd7 
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn req: dcid 0x01c1 scid 0x0041
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn req: dcid 0x0041 scid 0x01c1
< ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x0041 scid 0x01c1
HCI Event: Number of Completed Packets (0x13) plen 5
HCI Event: Number of Completed Packets (0x13) plen 5
ACL data: handle 41 flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x01c1 scid 0x0041
< HCI Command: Disconnect (0x01|0x0006) plen 3
HCI Event: Command Status (0x0f) plen 4
HCI Event: Disconn Complete (0x05) plen 4
^C
[root () FoxForce5 rainey]#

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault