Trying to capture Bluetooth Low enerygy HCI Data packets - bluetooth

I have set up a Network where two devices are exchanging Bluetooth LE data.
The problem is when I use Wireshark I cannot see any HCI data packets. All I can see is HCI command packets and HCI event packets. When I use hcidump in Kali linux I get the same outcome.
I have seen examples online where HCI data packets appear when using hcidump. Can anyone suggest why I am not seeing any HCI data packets even though I am definitely sending data between the devices?

In order to see all HCI packets, including ACL data packets, you must run hcidump or btmon as root.
Try sudo hcidump

Related

Tshark will not capture BTLE packets with nRF sniffer

I am having issues using tshark to capture BTLE advertising packets.
The system works very well with Wireshark. However, when I try to run tshark from the command line, it immediately quits and says "0 packets captured."
Any ideas why it may be working in Wireshark but not in Tshark?
Setup:
I am using the nRF51 DK for the sniffer. This works well in Wireshark (version 2.6.1) as I mentioned. I have a peripheral device that is sending advertising packets that Wireshark easily detects (i.e. I know the hardware works and there are advertising packets being sent).
Command used:
After navigating to my Wireshark folder on the command line, I type:
tshark -i 6 -a duration:10
My nRF sniffer is interface 6. Everything is run on a Windows 10 machine.
Further Info:
Tshark works correctly if I try to capture wifi
tshark -i 1 -a duration:10
where interface 1 is the wifi interface.
Thanks!
Just had confirmation from Nordic that the nRF-sniffer is not currently supported by TShark.

How to analyze live Bluetooth packet in wireshark?

If i use bluez hcitool, like hcitool scan then I could see packets in wireshark properly under interface bluetooth0. And I am sure that bluez in using on-board Bluetooth chip.
I have written my own application with my own Bluetooth stack ( i am not using bluez ) for USB Bluetooth dongle (using libusb ), but when I start wireshark with bluetooth1 interface, then wireshark not show any packet.
Should my application send packets to wireshark? if so, can some one please direct me how to see my Bluetooth packets in wireshark?

Decoding ble hci snoop logs in Android

I am debugging an android disconnection issue and have gathered bluetooth hci snoop logs and have browsed it via wireshark tool but i am not able to understand the datapackets being shown in the logs. Is there any official /non official documentation for understanding these hci snoop logs?
It's the Bluetooth HCI protocol. You can download the manual at https://www.bluetooth.com/specifications/adopted-specifications. Press "Core Version 5.0" to download the current version (5). If you check out Vol 2 Part E chapter 7, you will see all kind of packets. The ACL data packets depend on what kind of data it is (higher layer specification). For example GATT, you will find the documentation in Vol 3 Part G.

How to retrieve advertising payload from iBeacon / BLE

How do you retrieve the advertising payload for a Bluetooth LE emitter in Linux?
Specifically, I've configured Arduinos and Raspberry Pis using hcitool to act as iBeacons.
What I'm looking for is a command to print out what the current advertising payload is for the device.
At Radius Networks, we put together a set of scripts that parse the iBeacon identifiers out of BLE advertisement detected on Linux. You can find a description of this here.
If you simply want to see the raw advertisement bytes, you can start scanning on Linux with:
sudo hcitool lescan --duplicates &
And then see the results with:
sudo hcidump --raw
More details are in the answer linked above.
Since libpcap-1.0+ now supports Bluetooth capture you can use Wireshark/tshark/tcpdump to capture and display Bluetooth packets - both BTLE and other packet types.
To capture the LE packets with Wireshark you will still need to tell the Bluetooth interface to query for LE packets, as mentioned in the previous answer:
sudo hcitool lescan --duplicates &
In addition if you want the adapter to do a periodic query for Bluetooth devices, which are in discoverable mode, you can run (though these queries won't pick up BTLE emissions):
sudo hcitool spinq
sudo hcitool lescan --duplicates &
sudo hcitool spinq
Both commands runs an infinite loop
how to run a finite loop and get the data

A2DP/SCO -PCM/HCI

Wanted to know what exactly is the difference between routing the A2DP/SCO packets through PCM and HCI.
Do both PCM and HCI use ALSA framework for decoding the packets and then send it to speakers ?
Does PCM require some special hardware and HCI does not ?
A paper, titled "Audio Streaming over Bluetooth" (PDF) from the Ottowa Linux Summit 2008 may shed some more light on this.
In particular (quoting from page 194):
The audio data transferred over the SCO channel can be
provided via the normal Host Controller Interface (HCI)
hardware driver or via a PCM back-channel. In case
of a desktop computer, the HCI will be used. In case
of an embedded device (for example a mobile phone),
the SCO channel will be directly connected via a PCM
interface to the main audio codec.
A2DP uses ACL packets, voice calls (handsfree) uses SCO packets over the air.
HCI can transport both ACL and SCO, this is the case fx. when a BT dongle is plug'ed into a PC through USB. BT chips often have PCM interface to which SCO data can be routed but usually its not accessible unless you can access the PINs of the chip. The PCM interface can be connected to an analouge input/output.

Resources