Bluetooth Smart Wireshark Plugin

plugin

This page documents a WIP plugin for dissecting BTLE (Bluetooth Low Energy / Bluetooth Smart) in Wireshark.

installing

Wireshark development build 1.12.0-rc2 includes this plugin thanks to Michal Labedzki!

For others, the BTBB Wireshark plugin is a part of libbtbb. Grab the latest release (2014-02-R2 as of this writing). You can also grab the source from git:

git clone https://github.com/greatscottgadgets/libbtbb.git

Once you have the source, cd into the plugin directory, and build/install:

cd libbtbb
cd wireshark/plugins/btle
mkdir build
cd build
cmake ..
make && make install

If you are running a very old Wireshark, you may also want the btatt plugin for dissecting the Bluetooth Attribute Protocol.

cd ../btatt/
mkdir build
cd build
make && make install

Finally, because this is a WIP plugin we do not have our own DLT. You have to configure Wireshark to use btle to dissect User DLT 0.

  1. Go to Edit -> Preferences
  2. Under Protocols in the left pane type in "DLT" and select DLT_USER
  3. Click Edit and a window should pop up
  4. Click New, enter btle in "Payload Protocol", and click ok
  5. Keep clicking OK until all your preference windows are closed

sample captures

Here are some sample captures I've made using my Ubertooth. See the included README files for more details.

screenshots

Request the CC2540 Sensor Board's name (UUID 0x2a00

CC2540 board's reply: "TI BLE Sensor Tag"

Email me: web ... lacklustre ... net
Last updated: 2014-06-17