| View previous topic :: View next topic |
| Author |
Message |
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3342
Location: Rasi, Finland
|
 Posted: Tue Feb 07, 2023 12:48 pm Post subject: tcpdump output "decrypting" help? | BT PAN |
 |
|
I recently bought a new (used) car. It's a Mercedes-Benz 250e Electric Drive (2015).
- Its only connection method to other devices is bluetooth.
- There's a "internet" menu too.
- From there I can select "IP radio" and "MB Apps".
I'd like to have at least the IP radio working. And maybe update the system if there is ota updates (I doubt).
Sharing bluetooth from (Android) phone times out when the car tries to establish an internet connection. The bluetooth icon on the phone, however, changes to indicate that bluetooth tethering is enabled until the car's system gives up connecting.
I suspect it gives up as it cannot reach some host on the internet that no longer exists, so I'd need to fake it if that's the case.
It fails via my laptop too. I compiled tcpdump and tried the "IP radio" and then "MB Apps". Car's system tries to establish connection when I select either one.
| IP radio: | # tcpdump -i pan1
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pan1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:04:08.405276 IP6 fe80::30f4:1fff:fe2b:e275 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
14:04:08.744516 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
14:04:08.744713 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:08.808587 IP6 fe80::30f4:1fff:fe2b:e275 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
14:04:09.765282 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:10.778589 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:11.748976 IP 10.50.50.1 > 10.50.50.63: ICMP echo request, id 37674, seq 0, length 28
14:04:11.749044 IP 10.50.50.1.bootps > 10.50.50.63.bootpc: BOOTP/DHCP, Reply, length 300
14:04:11.775659 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
14:04:11.783383 IP 10.50.50.1.bootps > 10.50.50.63.bootpc: BOOTP/DHCP, Reply, length 300
14:04:11.803034 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:13.784359 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:14.824239 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:16.835244 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:16.845404 ARP, Request who-has 10.50.50.63 tell 10.50.50.63, length 28
14:04:17.587830 ARP, Request who-has 10.50.50.1 tell 10.50.50.63, length 28
14:04:17.587859 ARP, Reply 10.50.50.1 is-at d8:12:65:e4:24:36 (oui Unknown), length 28
14:04:17.602948 IP 10.50.50.63.bootpc > 10.50.50.1.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
14:04:17.845227 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:17.852773 ARP, Reply 10.50.50.63 is-at c4:be:84:1b:37:14 (oui Unknown), length 28
^C
20 packets captured
20 packets received by filter
0 packets dropped by kernel |
| MB Apps: | # tcpdump -i pan1
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pan1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:04:37.281937 IP6 fe80::30f4:1fff:fe2b:e275 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
14:04:37.576679 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
14:04:37.576944 IP 10.50.50.1.bootps > 10.50.50.63.bootpc: BOOTP/DHCP, Reply, length 300
14:04:37.610696 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
14:04:37.618634 IP 10.50.50.1.bootps > 10.50.50.63.bootpc: BOOTP/DHCP, Reply, length 300
14:04:37.657741 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:37.738582 IP6 fe80::30f4:1fff:fe2b:e275 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
14:04:39.617657 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:40.940160 ARP, Request who-has 10.50.50.63 tell 0.0.0.0, length 28
14:04:42.645727 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:43.032687 ARP, Request who-has 10.50.50.63 tell 10.50.50.63, length 28
14:04:43.659087 ARP, Request who-has 10.50.50.63 tell 10.50.50.1, length 28
14:04:43.671386 ARP, Reply 10.50.50.63 is-at c4:be:84:1b:37:14 (oui Unknown), length 28
14:04:43.851594 IP 10.50.50.63.bootpc > 10.50.50.1.bootps: BOOTP/DHCP, Request from c4:be:84:1b:37:14 (oui Unknown), length 300
^C
14 packets captured
14 packets received by filter
0 packets dropped by kernel |
I hit ctrl+c after there was no communication anymore or when the car's system gave up.
I can go back and take another samples if needed.
So can anyone here spot where's the problem?
- 10.50.50.1 is my Gentoo laptop
- 10.50.50.63 looks like was given to the car's system
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
 |
pingtoo
l33t
Joined: 10 Sep 2021
Posts: 926
Location: Richmond Hill, Canada
|
| Posted: Tue Feb 07, 2023 2:16 pm Post subject: |
|
|
Zucca,
To me your car seems to looking for something to load. the bootps/bootpc is either BOOTP or PXE protocol sequence.
Is the "internet" menu is used for setup network parameters? i.e IP address, gateway etc...
What is default behaviour when there is no device for tethering? does it have build in way to connect to internet? |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3342
Location: Rasi, Finland
|
| Posted: Tue Feb 07, 2023 2:50 pm Post subject: |
|
|
There's no manual configuration. I can only choose the bluetooth device.
The car's system connects via bluetooth, but I'm not certain how. At least my laptop leases an ip for it.
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
pingtoo
l33t
Joined: 10 Sep 2021
Posts: 926
Location: Richmond Hill, Canada
|
| Posted: Tue Feb 07, 2023 3:40 pm Post subject: |
|
|
I found on internet a manual for your car model. It seems to indicate you need "mbrace". mbrace seems something need to purchased/subscribe separately. I guess with mbrace you can use "Mercedes me app". I think the "Mercedes me app" is the one get download/connect to your car at that initial sequence. (The BOOTP/PXE protocol sequence.)
All of this is just my guess.  |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3342
Location: Rasi, Finland
|
| Posted: Tue Feb 07, 2023 4:55 pm Post subject: |
|
|
Hm.
I have Mercedes me on my phone. I've been using it since I bought the car.
I wouldn't be surprised to discover that to get networking to work with the car it would require some paid program. *sigh*
Almost all car brands suck this way.
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
