Live capture of Android bluetooth traffic via Wireshark

Question

As the title suggests, I would like to analyze the bluetooth traffic of my android device on wireshark, I was able to do that just a few hours ago by just connecting the Android device via usb and opening up wireshark, the android bluetooth interface would just shouw up and worked perfectly, after some time (I rebooted the phone and did a couple other things), the bluetooth interface was gone. I'm now able to only access the phone Logcat. I think I disabled something, or have to do some steps in order to activate this feature, that I had activated before without knowing, but I can't seem to replicate that, and the only things I find online are about saving HCI log in a file and then analyzing them on wireshark, which is not ehat I'm looking for right now

Answer 1

You were probably using Wireshark extcap androiddump option which has three requirements:

• rooted device
• developer option Bluetooth HCI snoop enabled
• adb server running

From your description, you simply opened wireshark and did not start Android server

Please do the following:

• enable developer option Bluetooth HCI snoop - you can do so by tapping your device serial number in your settings menu

• From your terminal execute the following command: $adb start-server when you are finished you can use $adb kill-server

Answer 2

I too was looking for a way to do this and I think the best way I've found so far is to use wireshark's androiddump tool: https://www.wireshark.org/docs/man-pages/androiddump.html

It's built in with wireshark and if your phone is plugged in with adb installed and configured correctly so that you can do an adb shell from your computer, then when you open wireshark your android's bluetooth interface should show up as possible source of capture as soon as you open wireshark.