Creating a dissector for other Wireshark versions

Matheus-Garbelini / esp32_bluetooth_classic_sniffer

Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get. Works with Scapy ;-)

GNU General Public License v2.0

497 stars 56 forks source link

Creating a dissector for other Wireshark versions #6

Open cpoore1 opened 2 years ago

cpoore1 commented 2 years ago

I really like this tool but I'm struggling to get the dissector to work for other versions of Wireshark beyond 3.4. I've tried adjusting different values in files within the dissector folder but I haven't had any luck. Do you have any suggestions to get h4bcm.so working for some of the newer versions?

Matheus-Garbelini commented 2 years ago

Hi @cpoore1, what version of Wireshark and Ubuntu are you using? I'll try to compile with your environment and let you know. You can try deleting the file dissectors/config.h

This config file was copied from a previous wireshark version and forces the dissector to be compiled for version 3.4.0

cpoore1 commented 2 years ago

Thanks, I think deleting config.h may have fixed my problems. Anyways, I was looking at Wireshark version 3.6.5 across Ubuntu 18.04/20.04/22.04.

cpoore1 commented 2 years ago

Never mind, I think h4bcm.so still gets put in a 3.4 folder after deleting config.h. If I move it to a 3.6 folder (.local/lib/wireshark/plugins/3.6/epan/ or ./usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/) or change the location in build.sh I get Duplicate protocol name errors when starting Wireshark.

Matheus-Garbelini commented 2 years ago

Hi @cpoore1 to fix this duplicated error, you can rename "btlmp" in this lines: https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer/blob/master/dissectors/packet-btbrlmp.c#L4961-L4965

to "esp32_btlmp"

Version 3.6 of wireshark introduced a LMP dissector which shares the same name as the one on this repo.

Also, to fix the plugin installation path from 3.4 to 3.6, change this line: https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer/blob/master/dissectors/build.sh#L5 to WIRESHARK_PLUGINS_FOLDER="/home/$USER/.local/lib/wireshark/plugins/3.6/epan/"

cpoore1 commented 2 years ago

I needed to replace the full name too. I ended up doing this:

cd esp32_bluetooth_classic_sniffer
rm ./dissectors/config.h
sed -i 's/Bluetooth Link Manager Protocol/ESP32 Bluetooth Link Manager Protocol/g' ./dissectors/packet-btbrlmp.c
sed -i 's/btlmp/esp32_btlmp/g' ./dissectors/packet-btbrlmp.c
sed -i 's/3.4/3.6/g' ./dissectors/build.sh
sudo ./requirements.sh
./build.sh
sudo cp dissectors/h4bcm.so /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/  # Placing it where "sudo Wireshark" dissectors are located
rm ~/.local/lib/wireshark/plugins/3.6/epan/h4bcm.so  # To avoid "plugin 'h4bcm.so' was found in multiple directories" warning

Thank you for the quick help.

Matheus-Garbelini commented 2 years ago

Thanks @cpoore1 Will update the repo with some changes later