Bluetooth capture setup

You can capture Bluetooth traffic to or from your machine on Linux in Wireshark with libpcap 0.9.6 and later, if the kernel includes the BlueZ Bluetooth stack; starting with the 2.4.6 kernel, the BlueZ stack was incorporated into the mainline kernel.

Note that Debian and Debian-derived derivatives call the libpcap package "libpcap-0.8"; this does ***NOT*** mean that all such systems use libpcap 0.8. Debian and its derivatives continue to use the name "libpcap-0.8", even though newer versions' libpcap packages use newer versions of libpcap; for example, Wheezy's libpcap-0.8 package uses libpcap 1.3.0.

If it's supported, and if you have sufficient privileges to capture, there will be interfaces named bluetoothN for various values of N starting with 0.

To passively capture Bluetooth traffic between other machines, you can use the Ubertooth USB device. To capture BLE with Ubertooth please check its wiki. Also there is a plugin for Kismet - look for "Kismet" on the "Getting Started" Ubertooth page - and it produces capture files that can be dissected with a Wireshark plugin (not needed for latest Wireshark).

See Also

• Capturing on Ethernet Networks

• Capturing on 802.11 Wireless Networks

• Capturing on Token Ring Networks

• Capturing on VLAN Protected Networks

• Capturing on PPP Networks

• Capturing on the Loopback Device

• Capturing on Frame Relay Networks

• Capturing DOCSIS Traffic

• Capturing on ATM Networks

• Capturing USB Traffic

• Capturing IrDA Traffic

• Capturing on Cisco HDLC Networks

• Capturing SS7 Traffic

Imported from https://wiki.wireshark.org/CaptureSetup/Bluetooth on 2020-08-11 23:11:49 UTC