Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 98, Issue 5

From: "Paul Raine" <praine@xxxxxxxxxxxxxxxxx>
Date: Mon, 14 Jul 2014 09:27:26 -0500
>>We haven't dropped support for it.  If something doesn't work, it's
probably best to ask "I tried XXX, and it didn't work?", giving details,
rather than "is XXX still supported?", as the former makes fewer assumptions
as to the underlying problem.
>>(It's also best not to assume that somebody who answers an e-mail is the
only person with whom you should be discussing the problem; replying only to
them leaves out other people who ?might be able to help.)

  OK, sorry, let me re-phase that... I tried Bluetooth Packet Capture in
Wireshark. But it didn't work. Can anyone help?

>> OK, so that version of libpcap (Libpcap-1.1.1-3.fc14.i686.rpm) supports
Bluetooth capturing with the BlueZ Bluetooth stack *if* it was configured to
include that support.

  What is meant by "if it was configured to include that support."? Is there
something that I need to configure within Libpcap??

>>Is that the "Capture Interfaces" dialog that pops up if you click
"Interface List" on the Wireshark welcome screen or select "Interfaces" from
the "Capture" menu?  If so, it's successfully capturing packets (the packet
counts it shows for the interfaces it shows, whether Bluetooth or not, are
counts of packets it captures and discards, as it's capturing them only to
count them).
>>What is the name of the Bluetooth interface on which you're capturing?

  Yes I was referring to the "Capture Interfaces" dialog. The Bluetooth
Interface is called "bluetooth0 Bluetooth adapter number 0".

>>Or is it the main Wireshark window with the packet list, packet details,
and hex dump, and does "I get nothing in the capture window" mean that there
are no packets in the packet list?

  There are no packets in the main Wireshark window. This is the one (on my
computer) that is labelled "Capturing from Bluetooth adapter number 0 -
Wireshark". (It has fields such as "No.", "Time", "Source", "Destination",
"Protocol" and has the Hex dump at the bottom. No packets are displayed and
this main Wireshark window remains black even though when Bluetooth data is
exchanged with my computer it increases the "bluetooth0 Bluetooth adapter
number 0" count in the "Capture Interfaces" dialog.


------------------------------

Message: 5
Date: Fri, 11 Jul 2014 15:23:08 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Paul Raine <praine@xxxxxxxxxxxxxxxxx>
Cc: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Wireshark Bluetooth
Message-ID: <5E2667EA-D773-407D-A857-3DA0E55C8F93@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii


On Jul 9, 2014, at 6:35 AM, Paul Raine <praine@xxxxxxxxxxxxxxxxx> wrote:

> In answer to your question I just meant "capturing traffic sent by and 
> received by the machine running Wireshark"
> 
> I have a version of Wireshark running on Linux Fedora 14, which I had 
> been using in the past to analyze Bluetooth protocol packets sent to 
> and from the computer.
> However, it has been a long time since I used it and I can't seem to 
> capture any Bluetooth packets any more. (It works fine for other
interfaces).
> Because I've had it working before, I feel like I am either missing 
> something simple that I have just forgotten to do, or that Bluetooth 
> capture is no longer supported by Wireshark.

We haven't dropped support for it.  If something doesn't work, it's probably
best to ask "I tried XXX, and it didn't work?", giving details, rather than
"is XXX still supported?", as the former makes fewer assumptions as to the
underlying problem.

(It's also best not to assume that somebody who answers an e-mail is the
only person with whom you should be discussing the problem; replying only to
them leaves out other people who might be able to help.)

> I have installed the following:
> 
> Libpcap-1.1.1-3.fc14.i686.rpm

OK, so that version of libpcap supports Bluetooth capturing with the BlueZ
Bluetooth stack *if* it was configured to include that support.

> Wireshark-1.4.10-1.fc14.i686.rpm

And that version supports dissecting Bluetooth packets.

> Wireshark-gnome-1.4.10-1.fc14.i686.rpm

...which just adds the GUI.

> And I am running Linux Kernel 2.6.35.6-45.fc14.i686 with Gnome 2.32.0

...and that kernel should include the BlueZ stack.

> If I bring up the Wireshark dialog box that lists the number of 
> Bluetooth packets per interface I can see the Bluetooth packets 
> increase when I send and receive Bluetooth information.

Is that the "Capture Interfaces" dialog that pops up if you click "Interface
List" on the Wireshark welcome screen or select "Interfaces" from the
"Capture" menu?  If so, it's successfully capturing packets (the packet
counts it shows for the interfaces it shows, whether Bluetooth or not, are
counts of packets it captures and discards, as it's capturing them only to
count them).

What is the name of the Bluetooth interface on which you're capturing?

> But I get nothing in the capture window.

Is the capture window the small "packet count" window that can be popped up
during a capture, showing "Captured Packets", with a "Total" row and rows
for things such as SCTP, TCP, UDP, etc., and "Other"?  If so, does "I get
nothing in the capture window" mean that all the counts are stuck at zero?

Or is it the main Wireshark window with the packet list, packet details, and
hex dump, and does "I get nothing in the capture window" mean that there are
no packets in the packet list?



------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 98, Issue 5
**********************************************