Wireshark protocol dissector for host to wcn36xx communication protocols
- Copy *.lua to ~/.wireshark/plugins/ folder
-
Enable hexdumps in smd.c in wcn36xx driver (for wcn36xx_hal.lua)
-
Enable hexdumps in txrx.c in wcn36xx driver (for wcn36xx_rxbd.lua)
-
Enable hexdumps in dxe.c in wcn36xx driver (for wcn36xx_txbd.lua)
-
Run the following from a shell:
mkfifo /tmp/wireshark
- Start wireshark:
wireshark -k -i /tmp/wireshark &
- To capture HAL commands run:
adb shell cat /proc/kmsg | grep -E "SMD <<<|HAL >>>" | text2pcap -q -o hex -e 0x3660 - /tmp/wireshark
- To capture skb rxbd run:
adb shell cat /proc/kmsg | grep "BD <<<" | text2pcap -q -o hex -e 0x3661 - /tmp/wireshark
- To capture skb txbd run:
adb shell cat /proc/kmsg | grep "BD >>> " | text2pcap -q -o hex -e 0x3662 - /tmp/wireshark
The wcn36xx driver patch dumps commands and buffer descriptors with an 802.11 header. This makes it possible to dump everything together in one file, including actual frame data, complete with timestamps.
- Patch prima driver with
0001-Trace-communication-between-host-and-wcn.patch
- Capture kernel log
adb shell cat /proc/kmsg | tee dump.txt
- Convert to pcap:
cat dump.txt | grep wcnxxd | perl -pe 's/.{4}(.{12}).{20}(.+)/$1 $2/' | text2pcap -q -t "%s." -l 105 - dump.pcap
The prima driver patch dumps commands and buffer descriptors with an 802.11 header. This makes it possible to dump everything together in one file, including actual frame data, complete with timestamps.
- Patch prima driver with
0001-Trace-communication-between-host-and-wcn.patch
- Capture kernel log
adb shell cat /proc/kmsg | tee dump.txt
- Convert to pcap:
cat dump.txt | grep primad | perl -pe 's/.{4}(.{12}).{20}(.+)/$1 $2/' | text2pcap -q -t "%s." -l 105 - dump.pcap
The examples folder contains some dumps takes from a patched prima driver