Wireshark-users: [Wireshark-users] Wireshark
Hi,
My name is Guilherme and I have been developing a project for University of Limerick, Ireland.
The project is divided in two parts. The first one is already done. Its objective is to study the functionalities and the data exchange of the PROFINET protocol.
The second part of project is almost the same but now using the Bluetooth protocol. However, I came across with some problems when I had to capture the packets of data exchange. The PROFINET network has Bluetooth wireless communication on the network. So it is necessary to capture the frames from the Bluetooth wireless device. Reading on the developing a Bluetooth telegram analyser was undertaken and several alternatives to analyse the data exchange of Bluetooth communication were researched but the costs of both of these solutions are infeasible.
Fortunately, the free software Wireshark has already been used to monitor data packets exchanged on an Ethernet network and can be used to capture the data exchange from Bluetooth protocol. Wireshark can only be used to capture the Bluetooth telegrams using Linux operational system.
I installed the last version of Linux Ubuntu (10.04LTS), I also installed the free software (Wireshark, version 1.2.7) and, only after the software was already installed I discovered that this software needs one kind of complement to work as I need. All this can be seen as the software shows in the following words:
Bluetooth capture setup
Bluetooth support in Wireshark is currently limited.
Currently, there's no support for capturing Bluetooth traffic in Wireshark. However Wireshark can read capture files containing Bluetooth frames from the hcidump utility. The hcidump utility is available for both the Linux Bluetooth stack as well as for FreeBSD.
Wireshark doesn't include code that directly captures packets; it relies on libpcap/WinPcap to do so, so, to capture Bluetooth traffic, you'd first have to change libpcap/WinPcap.
This means you'd first need to ask tcpdump-workers@xxxxxxxxxxx for a link-layer type value for Bluetooth. You should indicate what the link-layer header will be - would it be some standard header (such as the one-byte H4 HCI type, with the payload being an HCI packet), or would it include platform-dependent information?
You would then have to add to libpcap support for capturing Bluetooth packets on whatever OS you're trying to do this - are you doing this on Linux, one of the BSDs, Windows, or some other OS?
Once that's done, the code in Wireshark's Wiretap library would need to add support for the new link-layer type value - and a new Wiretap encapsulation type would have to be added.
Somebody is looking at adding support to NetBSD for capturing H4 HCI packets; that could result in a new link-layer type value for Bluetooth HCI H4, and support for it in libpcap. It might also be useful to add to libpcap support for capturing with the BlueZ and FreeBSD stacks, and perhaps with the Affix stack as well.
I would like to ask your opinion on this matter, how can I proceed?
All the best,
Guilherme
--
Attention:
This e-mail is privileged and confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author.
- Follow-Ups:
- Re: [Wireshark-users] Wireshark
- From: Guy Harris
- Re: [Wireshark-users] Wireshark
- Prev by Date: [Wireshark-users] Wireshark
- Next by Date: [Wireshark-users] Need filters
- Previous by thread: [Wireshark-users] Wireshark
- Next by thread: Re: [Wireshark-users] Wireshark
- Index(es):