How to capture/dump Bluetooth LE Link Layer packets in linux without sniffer?

Question

I want to capture/dump BLE air interface Link Layer packets in linux stably.

The BLE air interface Link Layer packets seem like follows:

sniffered using ubertooth when connecting another BLE device

However, sniffering through ubertooth is much less reliable(often lose packets).

So, I want to dump BLE traffic data using tools like tcpdump and btmon. I got results like this:

result of tcpdump when connecting another BLE device

However, there is no information about LL_ENC_REQ and LL_ENC_RSP, which contains SKD and IV.

Is it possible to capture SKD and IV without sniffer like ubertooth?

Thanks for advice.

score 1 · Accepted Answer · answered Nov 25 '19 at 20:36

1

No, btmon only captures HCI packets, which are the packets sent between the computer (host) and the Bluetooth chip (controller). The Link Layer is the communication between two Bluetooth controllers (over the air). To sniff SKD etc. you need an air sniffer.

answered Nov 25 '19 at 20:36

Emil

16,784
2
41
52

I have thought about it but I'm not sure. Thank you! – user632337 Nov 26 '19 at 07:32
What is an **air sniffer**? – IgorGanapolsky May 14 '20 at 15:31
What is the additional hardware that is required for sniffer which is not present in linux laptop? Also, shouldn't we be able to scan all channels the way we can scan advertising channels and dump data observed and figure out list of devices (lap) (this can be performed easily for wifi)? – Tejas Pawar Jan 13 '21 at 11:25
I was able to capture packets with Wireshark – UdaraWanasinghe Jul 27 '21 at 20:42

How to capture/dump Bluetooth LE Link Layer packets in linux without sniffer?

1 Answers1

Linked