Wireshark mailing list archives

Re: [PATCH] Decode Bluetooth HS 4-way handshake over 802.11 media

From: Joerg Mayer <jmayer () loplof de>
Date: Mon, 6 Aug 2012 17:37:35 +0200

Hello,

can you please open a bug at bugs.wireshark.org and attach the patch there?
Does your patch distinguish between an 802.3/LLC/SNAP encapsulated frame
of length 3 and Ethertype 3?
This should be discussed in said new bug.

Thanks
    Jörg

On Mon, Aug 06, 2012 at 05:10:36PM +0300, Emeltchenko Andrei wrote:

From: Andrei Emeltchenko <andrei.emeltchenko () intel com>

Decode 4-way handshake over 802.11 media packets like one shown below:

...
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)
    Organization Code: Bluetooth (0x001958)
    Type: Bluetooth Security (0x0003)
802.1X Authentication
    Version: 802.1X-2001 (1)
    Type: Key (3)
    Length: 117
    Key Descriptor Type: EAPOL RSN Key (2)
    Key Information: 0x010a
        .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
        .... .... .... 1... = Key Type: Pairwise Key
        .... .... ..00 .... = Key Index: 0
        .... .... .0.. .... = Install: Not set
        .... .... 0... .... = Key ACK: Not set
        .... ...1 .... .... = Key MIC: Set
        .... ..0. .... .... = Secure: Not set
        .... .0.. .... .... = Error: Not set
        .... 0... .... .... = Request: Not set
        ...0 .... .... .... = Encrypted Key Data: Not set
    Key Length: 16
    Replay Counter: 1
    WPA Key Nonce: 768574f5be8f87e5564ef8eab556a26c2e1f0abc6ca256b5...
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: 0000000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 0553a180d3415401216c080bac23d381
    WPA Key Data Length: 22
    WPA Key Data: 30140100000fac040100000fac040100000fac020000
...
---
 epan/dissectors/packet-eapol.c     |    1 +
 epan/dissectors/packet-ethertype.c |    1 +
 epan/dissectors/packet-llc.c       |    3 +++
 epan/etypes.h                      |    4 ++++
 epan/oui.h                         |    1 +
 5 files changed, 10 insertions(+)

diff --git a/epan/dissectors/packet-eapol.c b/epan/dissectors/packet-eapol.c
index 304bba8..54081cd 100644
--- a/epan/dissectors/packet-eapol.c
+++ b/epan/dissectors/packet-eapol.c
@@ -517,4 +517,5 @@ proto_reg_handoff_eapol(void)
   eapol_handle = create_dissector_handle(dissect_eapol, proto_eapol);
   dissector_add_uint("ethertype", ETHERTYPE_EAPOL, eapol_handle);
   dissector_add_uint("ethertype", ETHERTYPE_RSN_PREAUTH, eapol_handle);
+  dissector_add_uint("ethertype", ETHERTYPE_BT_SECURITY, eapol_handle);
 }
diff --git a/epan/dissectors/packet-ethertype.c b/epan/dissectors/packet-ethertype.c
index 6a357cd..00ed2a4 100644
--- a/epan/dissectors/packet-ethertype.c
+++ b/epan/dissectors/packet-ethertype.c
@@ -49,6 +49,7 @@ static dissector_table_t ethertype_dissector_table;
 static dissector_handle_t data_handle;
 
 const value_string etype_vals[] = {
+     { ETHERTYPE_BT_SECURITY,          "Bluetooth Security" },
      { ETHERTYPE_IP,                   "IP" },
      { ETHERTYPE_IPv6,                 "IPv6" },
      { ETHERTYPE_VLAN,                 "802.1Q Virtual LAN" },
diff --git a/epan/dissectors/packet-llc.c b/epan/dissectors/packet-llc.c
index e5a5203..61b47cc 100644
--- a/epan/dissectors/packet-llc.c
+++ b/epan/dissectors/packet-llc.c
@@ -207,6 +207,7 @@ http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/ibm_r
      { OUI_SONY_ERICSSON_5,  "Sony Ericsson Mobile Communications AB" },
      { OUI_SONY_ERICSSON_6,  "Sony Ericsson Mobile Communications AB" },
      { OUI_SONY_ERICSSON_7,  "Sony Ericsson Mobile Communications AB" },
+     { OUI_BLUETOOTH,        "Bluetooth" },
      { OUI_SONY_ERICSSON_8,  "Sony Ericsson Mobile Communications AB" },
      { OUI_IEEE_802_1QBG,    "IEEE 802.1Qbg" },
      { OUI_TURBOCELL,                "Karlnet (Turbocell)" },
@@ -358,6 +359,7 @@ capture_snap(const guchar *pd, int offset, int len, packet_counts *ld)
 
      case OUI_ENCAP_ETHER:
      case OUI_CISCO_90:
+     case OUI_BLUETOOTH:
      case OUI_APPLE_ATALK:
              /* No, I have no idea why Apple used
                 one of their own OUIs, rather than
@@ -615,6 +617,7 @@ dissect_snap(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree,
              break;
 
      case OUI_ENCAP_ETHER:
+     case OUI_BLUETOOTH:
      case OUI_CISCO_90:
      case OUI_APPLE_ATALK:
              /* No, I have no idea why Apple used
diff --git a/epan/etypes.h b/epan/etypes.h
index c208265..33bb20f 100644
--- a/epan/etypes.h
+++ b/epan/etypes.h
@@ -41,6 +41,10 @@
 #define ETHERTYPE_UNK                        0x0000
 #endif
 
+#ifndef ETHERTYPE_BT_SECURITY
+#define ETHERTYPE_BT_SECURITY                0x0003
+#endif
+
 /* Sources:
  * http://www.iana.org/assignments/ethernet-numbers
  * TCP/IP Illustrated, Volume 1
diff --git a/epan/oui.h b/epan/oui.h
index f06b7fc..cdfe19b 100644
--- a/epan/oui.h
+++ b/epan/oui.h
@@ -59,6 +59,7 @@
 #define OUI_SONY_ERICSSON_5 0x001620    /* Sony Ericsson Mobile Communications AB */
 #define OUI_SONY_ERICSSON_6 0x0016B8    /* Sony Ericsson Mobile Communications AB */
 #define OUI_SONY_ERICSSON_7 0x001813    /* Sony Ericsson Mobile Communications AB */
+#define OUI_BLUETOOTH       0x001958    /* Bluetooth SIG */
 #define OUI_SONY_ERICSSON_8 0x001963    /* Sony Ericsson Mobile Communications AB */
 #define OUI_IEEE_802_1QBG   0x001B3F    /* IEEE 802.1 Qbg */
 #define OUI_TURBOCELL       0x0020F6    /* KarlNet, who brought you Turbocell */
-- 
1.7.9.5

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

[PATCH] Decode Bluetooth HS 4-way handshake over 802.11 media Emeltchenko Andrei (Aug 06)
- Re: [PATCH] Decode Bluetooth HS 4-way handshake over 802.11 media Joerg Mayer (Aug 06)
  - Re: [PATCH] Decode Bluetooth HS 4-way handshake over 802.11 media Andrei Emeltchenko (Aug 14)
    - Re: [PATCH] Decode Bluetooth HS 4-way handshake over 802.11 media Guy Harris (Aug 14)