1*e018180dSDominic SpillBTLE Wireshark plugin 2*e018180dSDominic Spill===================== 3*e018180dSDominic Spill 4*e018180dSDominic SpillThis plugin is no longer in use, it has been merged in to the Wireshark source 5*e018180dSDominic Spilltree as of release 1.12. 6*e018180dSDominic Spill 7*e018180dSDominic Spill 8*e018180dSDominic SpillThis is the Bluetooth Low Energy plugin for Wireshark. 9*e018180dSDominic Spill 10*e018180dSDominic SpillTo build this on Debian/Ubuntu/BackTrack linux distributions: 11*e018180dSDominic Spill sudo apt-get install wireshark-dev wireshark 12*e018180dSDominic Spill cd libbtbb/wireshark/plugins/btle/ 13*e018180dSDominic Spill cmake . 14*e018180dSDominic Spill make 15*e018180dSDominic Spill make install 16*e018180dSDominic Spill 17*e018180dSDominic SpillThis will install to the .wireshark/ in your home directory. To override 18*e018180dSDominic Spillthis set the DESTDIR environment variable when running cmake. 19*e018180dSDominic Spill 20*e018180dSDominic SpillPPI Support (Patch) 21*e018180dSDominic Spill------------------- 22*e018180dSDominic Spill 23*e018180dSDominic SpillUbertooth records capture frequency, internal clock state, and certain 24*e018180dSDominic Spillother metadata about packets in a PPI header. It is not possible to add 25*e018180dSDominic SpillPPI support in an external plugin, so if you wish to access these fields 26*e018180dSDominic Spillyou must patch Wireshark. 27*e018180dSDominic Spill 28*e018180dSDominic SpillThe patch wireshark-1.8-btle-ppi.patch was built against the Ubuntu 29*e018180dSDominic Spill12.10 Quantal Wireshark package. It can be added to the Ubuntu package 30*e018180dSDominic Spillsource or applied directly to vanilla Wireshark. 31*e018180dSDominic Spill 32*e018180dSDominic SpillTo build a .deb on Ubuntu, follow these instructions: 33*e018180dSDominic Spill 34*e018180dSDominic Spill mkdir wireshark && cd wireshark 35*e018180dSDominic Spill apt-get source wireshark 36*e018180dSDominic Spill cp wireshark-1.8-btle-ppi.patch wireshark-1.8.2/debian/patches 37*e018180dSDominic Spill echo wireshark-1.8-btle-ppi.patch >> wireshark-1.8.2/debian/patches/series 38*e018180dSDominic Spill cd wireshark-1.8.2 39*e018180dSDominic Spill dpkg-buildpackage -rfakeroot 40*e018180dSDominic Spill 41*e018180dSDominic SpillThe .deb will be created in the wireshark directory, and it can be 42*e018180dSDominic Spillinstalled with dpkg -i. 43*e018180dSDominic Spill 44*e018180dSDominic SpillAttribute Protocol Support 45*e018180dSDominic Spill-------------------------- 46*e018180dSDominic Spill 47*e018180dSDominic SpillWireshark trunk has native support for the Bluetooth Attribute protocol. 48*e018180dSDominic SpillIf you are using a distro package that does not support it, install the 49*e018180dSDominic Spillplugin found in the btatt directory (above this directory). 50*e018180dSDominic Spill 51*e018180dSDominic SpillIf the protocol column of non-empty data packets says L2CAP, you should 52*e018180dSDominic Spillinstall the plugin. If it says ATT, you do not need the plugin. If it 53*e018180dSDominic Spillsays something else, please email me! 54*e018180dSDominic Spill 55*e018180dSDominic SpillBluetooth Security Manager Protocol 56*e018180dSDominic Spill----------------------------------- 57*e018180dSDominic Spill 58*e018180dSDominic SpillAll security-related exchanges (pairing and identity resolution) take 59*e018180dSDominic Spillplace over the Bluetooth Security Manager (SM) protocol, which runs on 60*e018180dSDominic SpillL2CAP. If you would like to dissect these packets, build and install the 61*e018180dSDominic Spillplugin found in the btsm directory above this directory. 62