Unable to understand the packet header format of BR/EDR packets in Wireshark

Question

I am trying to create a BR/EDR header and verifying with the Wireshark using the Link-Header type (255) of PCAP dump.

As per the Bluetooth core specification: Bit ordering for BR/EDR packets is LSB first format. Refer: Bluetooth core specification v5.1 Vol 2, PART B, Section 6.2.

I tried to send following bits as BT packet header and generated a PCAP file:

ltAddr = [1; 1; 0];
packetType = [1; 1; 0; 0];
flow = 1;
arq = 0;
seq = 1;

btManualHeaderSpec = [ltAddr;packetType;flow;arq;seq;zeros(8,1)]; % As per the spec
btManualHeaderWireShark = [zeros(8,1);seq;arq;flow;packetType;ltAddr]; % Working in Wireshark

Note: Passed zeros as HEC

When i pass the btManualHeaderSpec pattern, Wireshark is unable to decode: But when i passed the btManualHeaderWireShark, Wireshark successfully decoded: I am confused. can somebody help me to understand this behavior? Is it the problem with Wireshark or my understanding of the spec?

A couple questions/comments: 1) What is the difference between actual and expected in words *not images*? Which PDU or field is not being decoded properly? 2) If you generated a pcap file that is relevant to the question, you should post a link to it. 3) What language is your code written in? Please add the language name to the code fences like \`\`\`java ... \`\`\` to your question. 4) In your question, can you link directly to the relevant spec for the benefit of future readers? You may want to look at Stack Overflow's [markdown guide](https://stackoverflow.com/editing-help). — Ross Jacobs, Oct 31 '19 at 20:21
I am using MATLAB for creating a PCAP file. Here, i am trying to generate DM1 packet type and only focusing on BT packet header. In the first case, Wireshark shows it is a NULL type, in the second case it is successfully decoded as DM1. But, as of my understanding 1st case is as per the Bluetooth core specification V5.1. — Prasanth Kumar Arisetti, Nov 01 '19 at 04:40

score 0 · Answer 1 · answered Nov 04 '19 at 13:21

0

In the first packet, you are not specifying the packet Type like DM1, DM3 etc. Possibly that why WS is not able to decode it.

answered Nov 04 '19 at 13:21

Manivannan Radhakannan

175
6

Both the cases (btManualHeaderSpec and btManualHeaderWireShark) i added packet type. – Prasanth Kumar Arisetti Nov 07 '19 at 05:18
packet header is malformed, else wireshark would have read it clear. what if you provide the btmanualheader as 0x00019d00? – Manivannan Radhakannan Nov 07 '19 at 06:54

Unable to understand the packet header format of BR/EDR packets in Wireshark

1 Answers1