Bluetooth capture setup

You can capture Bluetooth traffic to or from your machine on Linux in Wireshark with libpcap 0.9.6 and later, if the kernel includes the BlueZ Bluetooth stack; starting with the 2.4.6 kernel, the BlueZ stack was incorporated into the mainline kernel.

Note that Debian and Debian-derived derivatives call the libpcap package "libpcap-0.8"; this does ***NOT*** mean that all such systems use libpcap 0.8. Debian and its derivatives continue to use the name "libpcap-0.8", even though newer versions' libpcap packages use newer versions of libpcap; for example, Wheezy's libpcap-0.8 package uses libpcap 1.3.0.

If it's supported, and if you have sufficient privileges to capture, there will be interfaces named bluetoothN for various values of N starting with 0.

To passively capture Bluetooth traffic between other machines, you can use the Ubertooth USB device. There is currently no libpcap support for Ubertooth, so you can't capture with Wireshark. However, there is a plugin for Kismet - look for "Kismet" on the "Getting Started" Ubertooth page - and it produces capture files that can be dissected with a Wireshark plugin.

See Also


CategoryHowTo

CaptureSetup/Bluetooth (last edited 2014-10-27 21:52:05 by GuyHarris)