CaptureSetup/Bluetooth

Bluetooth capture setup

You can capture Bluetooth traffic to or from your machine on Linux in Wireshark with libpcap 0.9.6 and later, if the kernel includes the BlueZ Bluetooth stack; starting with the 2.4.6 kernel, the BlueZ stack was incorporated into the mainline kernel.

Note that Debian and Debian-derived derivatives call the libpcap package "libpcap-0.8"; this does ***NOT*** mean that all such systems use libpcap 0.8. Debian and its derivatives continue to use the name "libpcap-0.8", even though newer versions' libpcap packages use newer versions of libpcap; for example, Wheezy's libpcap-0.8 package uses libpcap 1.3.0.

If it's supported, and if you have sufficient privileges to capture, there will be interfaces named bluetoothN for various values of N starting with 0.

To passively capture Bluetooth traffic between other machines, you can use the Ubertooth USB device. To capture BLE with Ubertooth please check its wiki. Also there is a plugin for Kismet - look for "Kismet" on the "Getting Started" Ubertooth page - and it produces capture files that can be dissected with a Wireshark plugin (not needed for latest Wireshark).

See Also



Imported from https://wiki.wireshark.org/CaptureSetup/Bluetooth on 2020-08-11 23:11:49 UTC