Ask Your Question
0

Why is there no bluetooth-monitor device on Linux Mint?

asked 2020-03-17 17:04:44 +0000

rdpx gravatar image

updated 2020-03-17 22:27:47 +0000

Guy Harris gravatar image

Hi, I've recently noticed that my Wireshark (2.6.10) installed on Mint 19.3 would only propose me to capture Bluetooth traffic with the following Link-layer Header "Bluetooth HCI UART transport layer plus pseudo-header".

Is it possible for me to change this ? I'd like to have the "Bluetooth Linux Monitor" Link Layer Header proposed instead. (Like on my other computer, running on Manjaro)

Would someone be able to clarify what's the difference between these two "Link Layer Headers" and if it makes any real difference when it comes to capture bluetooth traffic with Wireshark?

Thanks :-)

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-03-17 21:13:23 +0000

Guy Harris gravatar image

updated 2020-03-17 21:13:42 +0000

I've recently noticed that my Wireshark (2.6.10) installed on Mint 19.3 would only propose me to capture Bluetooth traffic with the following Link-layer Header "Bluetooth HCI UART transport layer plus pseudo-header".

Is it possible for me to change this ? I'd like to have the "Bluetooth Linux Monitor" Link Layer Header proposed instead.

For now, the way to change it is to switch to a Linux that's not based on Debian; the maintainers of the libpcap Debian package appear to have deliberately disabled the ability to sniff using the Bluetooth monitor mechanism in libpcap.

I don't know why this is, but I've reported it as a Debian bug. Hopefully, they'll fix that, and it'll propagate down to Ubuntu, Mint, etc..

edit flag offensive delete link more
add a comment
1

answered 2020-03-17 17:49:06 +0000

Jaap gravatar image

You can look at these Link-layer Header types here. It seems the first you mention is "LINKTYPE_BLUETOOTH_HCI_H4_WITH_PHDR" (201), while the second is "LINKTYPE_BLUETOOTH_LINUX_MONITOR" (254). The text for that says: "Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack." Do you have that? Since both have a different header, the dissector needs to be able to understand those. It may be that the version 2.6 doesn't (you didn't specify the Wireshark version on your Manjaro machine).

edit flag offensive delete link more

Comments

2.6 supports it.

Linux Mint - and Debian GNU/Linux, and Ubuntu, and... - don't support the device that provides it. This appears to be a deliberate choice on the part of the Debian maintainers; see my comment.

Guy Harris gravatar imageGuy Harris ( 2020-03-17 22:28:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-03-17 17:04:44 +0000

Seen: 1,288 times

Last updated: Mar 17 '20

Related questions

Monitor device

Problems decoding BLE capture from another Wireshark program

Data packets not captured

promiscuous mode windows 10 not working

How to switch Mac OS NIC to monitor mode during use internet

no data packet except broadcast or multicast

Where are IP headers in Monitor mode capture?

Cannot find wlan device (monitor mode) in device list / Linux mint

Microsoft Network Monitor cap file can be opened by Wireshark but save as function is disabled

Wi-Fi Packet Capture Best Method

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2