Understanding the concepts behind a Wireshark capture

Posts: 3
Joined: Tue Nov 09, 2021 11:21 am

Understanding the concepts behind a Wireshark capture

Postby LuigiMacedonia » Sat Dec 04, 2021 12:40 am


I am trying to replicate the handshake of a remote control.
I am sniffing the traffic with a nRF 52840 dongle, but there are things that I really can't understand.

Here I am pasting the relevant traffic captured with Wireshark. I am simplifying the UUIDs for an easier reading.
I'm omitting the Rcvd Write Request from the slave, that there are always error-free.

Code: Select all

Opcode: Write Request (0x12)
Handle 0x0001
   [Service UUID: 11111111111111111111111111111111]
   [UUID: Client Characteristic Configuration (0x2902)]
Characteristic Configuration Client: 0x0001, Notification

Opcode: Write Request (0x12)
Handle 0x0002
   [Service UUID: 11111111111111111111111111111111]
   [Characteristic UUID: 22222222222222222222222222222222]
   [UUID: Client Characteristic Configuration (0x2902)]
Characteristic Configuration Client: 0x0002, Indication

Opcode: Write Request (0x12)
Handle 0x0003
   [Service UUID: 11111111111111111111111111111111]
   [Characteristic UUID: 22222222222222222222222222222222]
   [UUID: Client Characteristic Configuration (0x2902)]
Characteristic Configuration Client: 0x0002, Indication

Opcode: Write Request (0x12)
Handle 0x0004
   [Service UUID: 11111111111111111111111111111111]
   [Characteristic UUID: 22222222222222222222222222222222]
   [UUID: 33333333333333333333333333333333]
Value: 44444444444444444444444444444444

Opcode: Handle Value Indication (0x1d)
Handle 0x0004
   [Service UUID: 11111111111111111111111111111111]
   [Characteristic UUID: 22222222222222222222222222222222]
   [UUID: 33333333333333333333333333333333]
Value: 55555555555555555555555555555555
Here are the questions:

a) In (1) it is subscribing to the notification of which characteristic?? It is not even mentioned! I am replicating it doing:

Code: Select all

esp_ble_gattc_register_for_notify (gattc_if, gl_profile_tab[PROFILE_A_APP_ID].remote_bda, char_handle)
but when I see the traffic with wireshark it looks like:

Code: Select all

Opcode: Write Request (0x12)
Handle 0x0002
   [Service UUID: 11111111111111111111111111111111]
   [Characteristic UUID: 66666666666666666666666666666666]
   [UUID: Client Characteristic Configuration (0x2902)]
Characteristic Configuration Client: 0x0002, Indication
(note that a Characteristic UUID appears)

b) Between (2) and (3) the only difference is the Handle. What does it means? I double checked this one paying attention to the hex output in the bottom, and at BT level, that the only difference: the handle

c) The characteristic "22222222222222222222222222222222" is read only
Why is it mentioned as Characteristic UUID in each write?? The only Characteristics writable are the ones that are showed
as [UUID: xxx] (when it is showed, because in (3) it is not even present!)

The API for writing a char doesn't need "another" char:

Code: Select all

esp_err_t esp_ble_gattc_write_char(gattc_if, conn_id, handle, value_len, *value, write_type, auth_req);
When I write that way, the Characteristic UUID showed is the writable, not that "22222222222..."

d) Some day I will be able to write to the writable characteristics "referencing" to the read only one. That day I will
notice that in (4) the slave decided to return a value. For the purpose of my replication I don't need that value.
Should I ack in some way to the slave for that unwanted info? And if I need that number how do I read it?

Thanks for reading; I spent tens of hours playing with this. It is just a hobby, but after so many fails it is getting frustrating :)


Who is online

Users browsing this forum: No registered users and 72 guests