pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
scripts/libbtbb-2015-10-R1/wireshark/plugins/btle
History
Paul Walko 6330636b28 ubertooth script 2016-12-17 04:18:30 -05:00
..
cmake ubertooth script 2016-12-17 04:18:30 -05:00
tools ubertooth script 2016-12-17 04:18:30 -05:00
AUTHORS ubertooth script 2016-12-17 04:18:30 -05:00
CMakeLists.txt ubertooth script 2016-12-17 04:18:30 -05:00
COPYING ubertooth script 2016-12-17 04:18:30 -05:00
Makefile.am ubertooth script 2016-12-17 04:18:30 -05:00
Makefile.common ubertooth script 2016-12-17 04:18:30 -05:00
Makefile.nmake ubertooth script 2016-12-17 04:18:30 -05:00
README ubertooth script 2016-12-17 04:18:30 -05:00
moduleinfo.h ubertooth script 2016-12-17 04:18:30 -05:00
moduleinfo.nmake ubertooth script 2016-12-17 04:18:30 -05:00
packet-btle.c ubertooth script 2016-12-17 04:18:30 -05:00
plugin.rc.in ubertooth script 2016-12-17 04:18:30 -05:00
wireshark-1.8-btle-ppi.patch ubertooth script 2016-12-17 04:18:30 -05:00

README 

BTLE Wireshark plugin
=====================

This plugin is no longer in use, it has been merged in to the Wireshark source
tree as of release 1.12.


This is the Bluetooth Low Energy plugin for Wireshark.

To build this on Debian/Ubuntu/BackTrack linux distributions:
  sudo apt-get install wireshark-dev wireshark
  cd libbtbb/wireshark/plugins/btle/
  cmake .
  make
  make install

This will install to the .wireshark/ in your home directory. To override
this set the DESTDIR environment variable when running cmake.

PPI Support (Patch)
-------------------

Ubertooth records capture frequency, internal clock state, and certain
other metadata about packets in a PPI header. It is not possible to add
PPI support in an external plugin, so if you wish to access these fields
you must patch Wireshark.

The patch wireshark-1.8-btle-ppi.patch was built against the Ubuntu
12.10 Quantal Wireshark package. It can be added to the Ubuntu package
source or applied directly to vanilla Wireshark.

To build a .deb on Ubuntu, follow these instructions:

	mkdir wireshark && cd wireshark
	apt-get source wireshark
	cp wireshark-1.8-btle-ppi.patch wireshark-1.8.2/debian/patches
	echo wireshark-1.8-btle-ppi.patch >> wireshark-1.8.2/debian/patches/series
	cd wireshark-1.8.2
	dpkg-buildpackage -rfakeroot

The .deb will be created in the wireshark directory, and it can be
installed with dpkg -i.

Attribute Protocol Support
--------------------------

Wireshark trunk has native support for the Bluetooth Attribute protocol.
If you are using a distro package that does not support it, install the
plugin found in the btatt directory (above this directory).

If the protocol column of non-empty data packets says L2CAP, you should
install the plugin. If it says ATT, you do not need the plugin. If it
says something else, please email me!

Bluetooth Security Manager Protocol
-----------------------------------

All security-related exchanges (pairing and identity resolution) take
place over the Bluetooth Security Manager (SM) protocol, which runs on
L2CAP. If you would like to dissect these packets, build and install the
plugin found in the btsm directory above this directory.