Tshark will not capture BTLE packets with nRF sniffer - bluetooth

I am having issues using tshark to capture BTLE advertising packets.
The system works very well with Wireshark. However, when I try to run tshark from the command line, it immediately quits and says "0 packets captured."
Any ideas why it may be working in Wireshark but not in Tshark?
Setup:
I am using the nRF51 DK for the sniffer. This works well in Wireshark (version 2.6.1) as I mentioned. I have a peripheral device that is sending advertising packets that Wireshark easily detects (i.e. I know the hardware works and there are advertising packets being sent).
Command used:
After navigating to my Wireshark folder on the command line, I type:
tshark -i 6 -a duration:10
My nRF sniffer is interface 6. Everything is run on a Windows 10 machine.
Further Info:
Tshark works correctly if I try to capture wifi
tshark -i 1 -a duration:10
where interface 1 is the wifi interface.
Thanks!

Just had confirmation from Nordic that the nRF-sniffer is not currently supported by TShark.

Related

Analyzing Serial data over USB on Linux

I have a USB to RS232 adapter which I'm currently using to communicate with a legacy device. I want to analyze the data going to and from the legacy device from my Ubuntu machine over USB. The adapter is getting detected automatically without installing any driver as shown in lsusb output below:
Bus 006 Device 002: ID 0403:6001 Future Technology Devices International, Ltd FT232 USB-Serial (UART) IC
I tried using the USB packet capture in Wireshark, but it shows a bunch of URB_CONTROL, URB_BULK packets which is not showing anything meaningful. So if there are any better utilities available which can capture the USB2Serial data for a Linux system, please let me know. TIA!
After trying various methods, I finally got what I needed using strace. The following command helped me capture all the termios settings for the serial port and also all the IOCTL calls after doing some greps on the file handle of the serial port:
sudo strace -p <pid> -t -v -o dump.txt
This will dump all the system calls that your application makes on Linux into the file dump.txt.

How to retrieve advertising payload from iBeacon / BLE

How do you retrieve the advertising payload for a Bluetooth LE emitter in Linux?
Specifically, I've configured Arduinos and Raspberry Pis using hcitool to act as iBeacons.
What I'm looking for is a command to print out what the current advertising payload is for the device.
At Radius Networks, we put together a set of scripts that parse the iBeacon identifiers out of BLE advertisement detected on Linux. You can find a description of this here.
If you simply want to see the raw advertisement bytes, you can start scanning on Linux with:
sudo hcitool lescan --duplicates &
And then see the results with:
sudo hcidump --raw
More details are in the answer linked above.
Since libpcap-1.0+ now supports Bluetooth capture you can use Wireshark/tshark/tcpdump to capture and display Bluetooth packets - both BTLE and other packet types.
To capture the LE packets with Wireshark you will still need to tell the Bluetooth interface to query for LE packets, as mentioned in the previous answer:
sudo hcitool lescan --duplicates &
In addition if you want the adapter to do a periodic query for Bluetooth devices, which are in discoverable mode, you can run (though these queries won't pick up BTLE emissions):
sudo hcitool spinq
sudo hcitool lescan --duplicates &
sudo hcitool spinq
Both commands runs an infinite loop
how to run a finite loop and get the data

Using Bluetooth low energy in linux command line

I am working on using the Bluetooth low energy modem with Linux. I am using the command line option for that i.e. hcitool . I am able to the find the devices using the command: $ hcitool scan
It is working fine for me, also I am able to broadcast my device using :
sudo hciconfig hci0 leadv
It is also working fine. But I want to add the services and characteristic to the modem device which can be detected by other device. I have tried sdptool add but it is not working for me. Does anyone know how to add the services and characteristics to the peripheral using the command line tools in ubuntu?
Edit: My modem is broadcasting but not able to explore the services and characteristic to the other BLE device. Now I am able to set the name of device using hcio name command
Edit: Now I am able to render the services and characteristic, by simultaneously running sudo hcidump command. But I am not able to track from where I am getting those services and characteristics. One definite observation is those services are rendering from the machine.
SDP is absent in BLE. Broadcast/advertise frame and GATT client/server are used instead.
Several links:
BlueZ gatttool: command line tool to run common GATT procedures
BlueZ GATT's ready profiles
hint: DBUS
GATT and DBUS example
How can I connect to the FitBit Zip over Bluetooth 4.0 LE on Linux with bluez?
Bluetooth Low Energy: listening for notifications/indications in linux
http://comments.gmane.org/gmane.linux.bluez.kernel/29547
I used to broadcast BT services by following this article. This page not only shouws you how to advertise a profile, but also gives you an example on how to implement the HSP profile.
To know the bt class you need to announce, you can check this other page.

Unable to read packets captured from wifi network using wireshark

I am connected to my home wifi network using Ubuntu 10.10. The protection is WPA2-auto.
I want to capture packets from it.
$ sudo iwconfig wlan0 mode monitor
$ sudo wireshark
I try to capture from wlan0.
Am connected to the wifi network with an android phone and browsing websites.
However I am unable to see unencrypted http packets.
I select Edit|Preferences|Capture|Protocols
and select 802.11 and set the checkbox to yes for 'decrypt packets'.
Still nothing.
Solution: run airmon-ng from the aircrack-ng project to set the wireless card into monitor mode. (this was pointed out by a Wireshark developer on the mailing lists). Apparently iwconfig does not work properly as it has issues on Ubuntu.
airmon-ng start wlan0
This will set it into monitor mode and create interface mon0.
After this, I was able to capture off the mon0 interface using Wireshark.
You must capture the association sequence to be able to decrypt the traffic.
If you start your capture when the phone is already connected then Wireshark
cannot decrypt the packets.

Capturing network traffic on Linux

Question: I have one Windows laptop, one Linux laptop and a wireless router.
Now I want to "investigate" the hotmail/windows live protocol.
What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer.
How do I do that?
In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ?
Which program is best for capturing/analysing ?
Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...
Of course you can do this, take a look at wireshark
man tcpdump
On my Mac, I do it like this:
sudo tcpdump -ien1 -s0 -xX -vvv
I don't know how similar tcpdump options are across platforms...
Note, tcpdump also allows you to capture to a pcap file that could then be imported to Wireshark and maybe other gui tools.
As others have mentioned, you can use wireshark (find out how to use filters to remove unnecessary packets in your log). If your Windows and Linux box are on the same network, you do not need that setup to sniff packets. Unless you are using ndiswrapper, you would probably be able to set the wireless network device on the Linux box to "monitor mode" and it will sniff all packets on your LAN. If your device does not support that mode, you can try connecting both boxes to your router physically. That will help you avoid the routing you described in your question.

Resources