Ask Your Question
0

Why is there no bluetooth-monitor device on Linux Mint?

asked 2020-03-17 17:04:44 +0000

rdpx gravatar image

updated 2020-03-17 22:27:47 +0000

Guy Harris gravatar image

Hi, I've recently noticed that my Wireshark (2.6.10) installed on Mint 19.3 would only propose me to capture Bluetooth traffic with the following Link-layer Header "Bluetooth HCI UART transport layer plus pseudo-header".

Is it possible for me to change this ? I'd like to have the "Bluetooth Linux Monitor" Link Layer Header proposed instead. (Like on my other computer, running on Manjaro)

Would someone be able to clarify what's the difference between these two "Link Layer Headers" and if it makes any real difference when it comes to capture bluetooth traffic with Wireshark?

Thanks :-)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-03-17 21:13:23 +0000

Guy Harris gravatar image

updated 2020-03-17 21:13:42 +0000

I've recently noticed that my Wireshark (2.6.10) installed on Mint 19.3 would only propose me to capture Bluetooth traffic with the following Link-layer Header "Bluetooth HCI UART transport layer plus pseudo-header".

Is it possible for me to change this ? I'd like to have the "Bluetooth Linux Monitor" Link Layer Header proposed instead.

For now, the way to change it is to switch to a Linux that's not based on Debian; the maintainers of the libpcap Debian package appear to have deliberately disabled the ability to sniff using the Bluetooth monitor mechanism in libpcap.

I don't know why this is, but I've reported it as a Debian bug. Hopefully, they'll fix that, and it'll propagate down to Ubuntu, Mint, etc..

edit flag offensive delete link more
1

answered 2020-03-17 17:49:06 +0000

Jaap gravatar image

You can look at these Link-layer Header types here. It seems the first you mention is "LINKTYPE_BLUETOOTH_HCI_H4_WITH_PHDR" (201), while the second is "LINKTYPE_BLUETOOTH_LINUX_MONITOR" (254). The text for that says: "Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack." Do you have that? Since both have a different header, the dissector needs to be able to understand those. It may be that the version 2.6 doesn't (you didn't specify the Wireshark version on your Manjaro machine).

edit flag offensive delete link more

Comments

2.6 supports it.

Linux Mint - and Debian GNU/Linux, and Ubuntu, and... - don't support the device that provides it. This appears to be a deliberate choice on the part of the Debian maintainers; see my comment.

Guy Harris gravatar imageGuy Harris ( 2020-03-17 22:28:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-03-17 17:04:44 +0000

Seen: 1,482 times

Last updated: Mar 17 '20