Wireshark-bugs: [Wireshark-bugs] [Bug 2237] New: add support for "btsnoop" log format

Date: Fri, 1 Feb 2008 15:09:35 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2237

           Summary: add support for "btsnoop" log format
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: shane.kearns@xxxxxxxxxxx



shane kearns <shane.kearns@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1424|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=1424)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1424)
patch to add support for this file format

Build Information:
wireshark 0.99.8-btsnoop-dev (SVN Rev 24241)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.6, with GLib 2.14.5, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with

GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.


Built using Microsoft Visual C++ 6.0


Press any key to exit
--
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file.
The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.

The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)

"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.

In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.

To support H4 format, only the wiretap library needs to be patched, as
wireshark already has dissectors for the H4 packet format.
To support H1 format, there is a new dissector and the existing HCI dissectors
are modified to bind to this as well as the H4 dissector.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.