Bluetooth capture setup

You can capture Bluetooth traffic to or from your machine on Linux in Wireshark with libpcap 0.9.6 and later, if the kernel includes the BlueZ Bluetooth stack; starting with the 2.4.6 kernel, the BlueZ stack was incorporated into the mainline kernel.

Note that Debian and Debian-derived derivatives call the libpcap package "libpcap-0.8"; this does ***NOT*** mean that all such systems use libpcap 0.8. Debian and its derivatives continue to use the name "libpcap-0.8", even though newer versions' libpcap packages use newer versions of libpcap; for example, Wheezy's libpcap-0.8 package uses libpcap 1.3.0.

If it's supported, and if you have sufficient privileges to capture, there will be interfaces named bluetoothN for various values of N starting with 0.

To passively capture Bluetooth traffic between other machines, you can use the Ubertooth USB device. To capture BLE with Ubertooth please check its wiki. Also there is a plugin for Kismet - look for "Kismet" on the "Getting Started" Ubertooth page - and it produces capture files that can be dissected with a Wireshark plugin (not needed for latest Wireshark).

See Also

Imported from on 2020-08-11 23:11:49 UTC