Menu
While trying to study BLE I am wondering if it is possible to analyse it through tools like Wireshark and snort? I came across one by the name "ubertooth" but that's a USB device which needs to be purchased in order for us to do DPI on BLE frames, right? Is it possible to capture and analyse BLE frames on Wireshark?
914
A BLE connection may use between 1-3% of a phone's battery over a 24 hour span, whereas Bluetooth may use between 5-8% of a phone's battery over the same period (depending on what sort of data was being passed between the two devices).
BLE scanning. An Android device can target and scan for specific Bluetooth devices more efficiently when using BLE. BLE APIs let app developers create filters for finding devices with less involvement from the host controller.
All Bluetooth® Low Energy packets detected by the Sniffer for Bluetooth LE are passed to Wireshark , where they are wrapped in a header containing useful meta-information not present in the Bluetooth Low Energy packet itself. Wireshark dissects the packets and separates the actual packet from the meta-information.
Yes it's possible to use wireshark to analyse BLE packets, but you will need additional hardware. Sniffing a connection requires support from the baseband layer which is implemented inside the Bluetooth chipset. The software of the chipset inside your computer doesn't support sniffing, so you'll need another chipset whose software you can control.
I use the nRF51 Dongle, which is a dev kit for the nRF51, a BLE + Cortex M0 SoC from Nordic Semi. Nordic provides firmware for this board that turns it into a sniffer. They also provide an application for Windows that communicates with that firmware over USB to get back the sniffing data, and that formats it in a way understandable for Wireshark.
If you're on Windows you can just use the tools provided by Nordic on this page, and follow the instructions in the User Guide.
Edit 2018-10: Nordic have released a Mac and Linux app in beta to support their sniffer, so the rest of this post shouldn't be necessary any more. You can download the new tool here.
Then once everything is working and you are piping packets to Wireshark you can use all the awesome Wireshark built-in filters for Bluetooth and BLE: btatt, btl2cap, btle,...
Original post
If, like me, you are on Mac, you'll need:
The nrf-ble-sniffer-osx Wiki explains how to set it up. Thanks to Roland King for making these tools.
Two important caveats for the Mac setup:
If you're on Linux, it looks like it's also possible to use this dongle, but I haven't tried it.
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
