Hi, I'm quite a beginner to Wireshark and got problem using it, I searched the wiki page but seems no promising results. Hopefully I can get some help here.
I am trying to analyze the network traffic between LG smart watch and Android phone, which all go through bluetooth channel. Now I have got the network traffic log file and I can view it by running
> wireshark "LogFileName"
Problem is how can I retrieve infomation by removing the bluetooth header and get the original network layer packet, because I can parse the IP layer packet but bluetooth packet is not what I want and what I understand.
asked 21 Sep '15, 13:02
it depends on the content you are interested in. If I look at the payload of large RFCOMM frames, I can see payload that's seems to be related to smart watch communication.
So, first you probably need to develop a better understanding of what your are actually looking for, then you can either extract that information manually via the Wireshark GUI (RFCOMM frames), or by using tshark. If you are looking for TCP/IP commuincation between the devices, I don't think there is any in that capture file.
answered 22 Sep '15, 10:59
Kurt Knochner ♦
edited 22 Sep '15, 11:00
The RFCOMM service has UUID128: 5e8945b0-9525-11e3-a5e2-0800200c9a66 and name: WearableBt, so I hope it is Android Wear (I hear you can use androiddump in latest Wireshark to live-capturing). As I remember Wear require closed-sources application from Google on Android to make it works (this one: https://play.google.com/store/apps/details?id=com.google.android.wearable.app&hl=en ), so there is no any documentation about protocol used by Google to communicate with Wear (implies no easy support for that in Wireshark). If anyone found some documentation about it, please share with me.
For now... Only Google know how to read Wear payload (over RFCOMM). I think I can see some structures, but it is (not!) reverse engineering.
answered 24 Sep '15, 14:00