xref: /libbtbb/wireshark/plugins-legacy/btle/README (revision c256d3273fd9d12e1c6e52402af29877bb738fdb) 
1BTLE Wireshark plugin
2=====================
3
4This plugin is no longer in use, it has been merged in to the Wireshark source
5tree as of release 1.12.
6
7
8This is the Bluetooth Low Energy plugin for Wireshark.
9
10To build this on Debian/Ubuntu/BackTrack linux distributions:
11  sudo apt-get install wireshark-dev wireshark
12  cd libbtbb/wireshark/plugins/btle/
13  cmake .
14  make
15  make install
16
17This will install to the .wireshark/ in your home directory. To override
18this set the DESTDIR environment variable when running cmake.
19
20PPI Support (Patch)
21-------------------
22
23Ubertooth records capture frequency, internal clock state, and certain
24other metadata about packets in a PPI header. It is not possible to add
25PPI support in an external plugin, so if you wish to access these fields
26you must patch Wireshark.
27
28The patch wireshark-1.8-btle-ppi.patch was built against the Ubuntu
2912.10 Quantal Wireshark package. It can be added to the Ubuntu package
30source or applied directly to vanilla Wireshark.
31
32To build a .deb on Ubuntu, follow these instructions:
33
34	mkdir wireshark && cd wireshark
35	apt-get source wireshark
36	cp wireshark-1.8-btle-ppi.patch wireshark-1.8.2/debian/patches
37	echo wireshark-1.8-btle-ppi.patch >> wireshark-1.8.2/debian/patches/series
38	cd wireshark-1.8.2
39	dpkg-buildpackage -rfakeroot
40
41The .deb will be created in the wireshark directory, and it can be
42installed with dpkg -i.
43
44Attribute Protocol Support
45--------------------------
46
47Wireshark trunk has native support for the Bluetooth Attribute protocol.
48If you are using a distro package that does not support it, install the
49plugin found in the btatt directory (above this directory).
50
51If the protocol column of non-empty data packets says L2CAP, you should
52install the plugin. If it says ATT, you do not need the plugin. If it
53says something else, please email me!
54
55Bluetooth Security Manager Protocol
56-----------------------------------
57
58All security-related exchanges (pairing and identity resolution) take
59place over the Bluetooth Security Manager (SM) protocol, which runs on
60L2CAP. If you would like to dissect these packets, build and install the
61plugin found in the btsm directory above this directory.
62