http://wiki.wireshark.org/CaptureSetup/Bluetooth This page mentioned that I can use wireshark capture Bluetooth package,can I use a Bluetooth adapter to capture? asked 12 Nov '12, 17:22 kanon2000 |
One Answer:
As that page says, "Bluetooth capture support is supported on Linux in Wireshark with libpcap 0.9.6 and later, if the kernel includes the BlueZ Bluetooth stack; starting with the 2.4.6 kernel, the BlueZ stack was incorporated into the mainline kernel." So, if you have a Linux machine running either an older kernel with the BlueZ stack added to it or a 2.4.6 kernel or later, and with libpcap 0.9.6 or later, and it has a Bluetooth adapter, you should be able to capture on it. Note, however, that this captures traffic between the CPU and the Bluetooth controller, so it only captures traffic your machine sends or receives. If you want to do passive "promiscuous" Bluetooth capture, to see traffic between two machines neither of which is your machine, you may need your own special hardware and software; BlueSniff: Eve meets Alice and Bluetooth from a 2007 conference, or look at Ubertooth/Project Ubertooth and the Project Ubertooth blog. There is currently no libpcap support for Ubertooth, so Wireshark can't capture on it. However, there's apparently a plugin for Kismet that lets you capture and a Wireshark plugin to handle those capture files - try Googling for
to find pages on how to build and install it - for example, there are several pages of using Ubertooth on OS X, and there are probably similar pages to help on Linux (I don't know about Windows or about other UN*Xes). answered 12 Nov '12, 18:34 Guy Harris ♦♦ edited 12 Nov '12, 20:15 |
Thank you!I give it a try.
I've updated the answer to note that what you can capture is traffic to or from the machine on which you're running Wireshark; if you want to do passive promiscuous Bluetooth capture, that'd be harder.
I've also added some links to pages discussing promiscuous Bluetooth sniffing and using Wireshark with the captures. I haven't tried any of that software (or hardware!), so I can't give advice or answer questions.