CODEWITHSUNDEEP
androidbluetoothwiresharkhcibtsnoop
Nicolas
Nicolas

Reputation: 269

Android Bluetooth Snooping with Wireshark: Missing Bluetooth Interface in androiddump

I am trying to live-capture the bluetooth traffic sent from my Samsung A51 on Android 10:

  1. Bluetooth HCI snoop log is enabled on the phone and I toggled bluetooth after enabling. I am able to download a bug report, which includes the btsnoop_hci file, from the phone via
    >adb bugreport
  1. adb is connected:
    >adb devices
    List of devices attached
    R58N427J7TD     device
  1. androiddump works, but only shows the Logcat interfaces. I am missing the Bluetooth interfaces:
    >androiddump --extcap-interfaces
    extcap {version=1.1.0}{help=file:///C:/Program%20Files/Wireshark/extcap/androiddump.html}
    interface {value=android-logcat-text-main-R58N427J7TD}{display=Android Logcat Main SM_A515F R58N427J7TD}
    interface {value=android-logcat-text-system-R58N427J7TD}{display=Android Logcat System SM_A515F R58N427J7TD}
    interface {value=android-logcat-text-radio-R58N427J7TD}{display=Android Logcat Radio SM_A515F R58N427J7TD}
    interface {value=android-logcat-text-events-R58N427J7TD}{display=Android Logcat Events SM_A515F R58N427J7TD}
    interface {value=android-logcat-text-crash-R58N427J7TD}{display=Android Logcat Crash SM_A515F R58N427J7TD}

The official docs on https://www.wireshark.org/docs/man-pages/androiddump.html weren't helpful, but they did make me wonder if perhaps the bluetooth server port needs to be configured?

Any other ideas why no bluetooth interface is showing up? Also in the Wireshark App UI I can only find the above listed interfaces.

Upvotes: 7

Views: 6300

Answers (2)

rayogunjimi
rayogunjimi

Reputation: 308

Based on the description, I assume that you are using a stock Android production build on your Samsung device.

Unfortunately, the wireshark/tshark extcap > androiddump > android-bluetooth-btsnoop-net is just the live output from data/misc/bluetooth/logs/btsnoop_hci.log onto tcp port 8872 when Developer Option Bluetooth HCI snoop log is enabled which is in a root directory. If your device is rooted then you can access it, if not then you cannot. android source reference

The reason you are able to see the btsnoop_hci file from bugreport is because bug reports do not require root privileges.

Upvotes: 6

weitang114
weitang114

Reputation: 1303

You must enable Bluetooth HCI snoop log first.

  1. Settings
  2. Developer options
  3. enable Bluetooth HCI snoop logging
  4. restart Bluetooth. If it doesn't work, try reboot.

Upvotes: 2

Related Questions