Analyzing Bluetooth Low Energy Traffic

Question

While trying to study BLE I am wondering if it is possible to analyse it through tools like Wireshark and snort? I came across one by the name \"ubertooth\" but that\'s a US

Answer 1

is it possible to capture and analyse BLE frames on wire shark ?

If you've somehow managed to capture Bluetooth LE traffic into a pcap or pcapng file with a link-layer header type of LINKTYPE_BLUETOOTH_LE_LL or LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR, you can analyze them.

However, the Wireshark Wiki page on capturing Bluetooth traffic speaks only of

1. capturing traffic to and from your machine on Linux;
2. passively capturing third-party traffic with Ubertooth;

so, whilst you may be able to analyze the traffic with Wireshark, you might not be able to capture it with Wireshark. As Josh Baker noted, you can capture from a named pipe and pipe the output of the ubertooth-btle tool to Wireshark. (It would be nice if there were a libpcap module for Ubertooth, so that you could capture more directly with Wireshark.)

But if you don't want to buy an Ubertooth device, you may not be able to capture the Bluetooth LE traffic.