Ask Your Question
0

how to convert pcap/pcapng file to btsnoop

asked 2024-08-02 18:26:46 +0000

vlsireddy gravatar image

updated 2024-08-02 19:05:53 +0000

Chuckc gravatar image

Hi,

[1] Used wireshark+usbpcap to capture BT USB HCI transactions [output -> .pcapng file]

[2] I need to convert [BT USB HCI traffic] file from pcap/pcapng into BTSnoop file format.

things which i tried:

I tried with editcap, it throws following error.

editcap: The capture file being read can't be written as a "btsnoop" file.

Thanks

edit retag flag offensive close merge delete

Comments

Hi, I see the Link Type as "USB packets with USBPcap header

Interface   Droppedpackets    Capture filter      Link type                                                   Packet size limit (snaplen)
USBPcap2  Unknown                none                 USB packets with USBPcap header               65535 bytes

let me know if this link type CAN be converted to BTSnoop_HCI.log format.

Thanks

vlsireddy gravatar imagevlsireddy ( 2024-08-02 20:27:09 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2024-08-02 20:43:35 +0000

Guy Harris gravatar image

updated 2024-08-02 20:43:58 +0000

USB packets with USBPcap header

let me know if this link type CAN be converted to BTSnoop_HCI.log format.

Wireshark does not support converting from that link-layer type header BTSnoop format.

edit flag offensive delete link more

Comments

Hi,

Thanks for reply

[1] which link type can be converted to to the BTSnoop_HCI.log format ?

[2] any idea, how to get such BTSnoop_HCI.log file on windows OS. ?

Thnx

vlsireddy gravatar imagevlsireddy ( 2024-08-02 22:26:05 +0000 )edit

No guarantees but there have been questions about usbpcap on the Wireshark Discord server.
Link to join is on the top level page for this (Ask Q&A) site.

Chuckc gravatar imageChuckc ( 2024-08-03 00:54:14 +0000 )edit

which link type can be converted to to the BTSnoop_HCI.log format ?

As per @Chuckc's answer, WTAP_ENCAP_BLUETOOTH_HCI (btsnoop files), WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR (Linux - and FreeBSD? - hcidump command, and captures from Linux bluetooth devices), and WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR (captures from Linux Bluetooth monitor capture mechanism).

any idea, how to get such BTSnoop_HCI.log file on windows OS. ?

That's not supported.

Guy Harris gravatar imageGuy Harris ( 2024-08-05 11:00:54 +0000 )edit
0

answered 2024-08-02 19:27:34 +0000

Chuckc gravatar image

updated 2024-08-02 19:30:04 +0000

wiretap/btsnoop.c

/* Returns 0 if we could write the specified encapsulation type,
   an error indication otherwise. */
static int btsnoop_dump_can_write_encap(int encap)
{
    /* Per-packet encapsulations aren't supported. */
    if (encap == WTAP_ENCAP_PER_PACKET)
        return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;

    /*
     * XXX - for now we only support WTAP_ENCAP_BLUETOOTH_HCI,
     * WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR, and
     * WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR.
     */
    if (encap != WTAP_ENCAP_BLUETOOTH_HCI &&
        encap != WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR &&
        encap != WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR)
        return WTAP_ERR_UNWRITABLE_ENCAP;

    return 0;
}

[output -> .pcapng file]

Can you remake the capture and output as a .pcap or other capture format?
Then check in Statistics -> Capture File Properties to see if the linktype is one of the supported types.

failure_message.c

        case WTAP_ERR_UNWRITABLE_ENCAP:
            cmdarg_err("The capture file being read can't be written as a \"%s\" file.",
                       wtap_file_type_subtype_name(file_type_subtype));
            break;

        case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
            cmdarg_err("The capture file being read can't be written as a \"%s\" file.",
                       wtap_file_type_subtype_name(file_type_subtype));
            break;

wiretap/wtap.h

#define WTAP_ERR_UNWRITABLE_ENCAP              -8
    /**< Wiretap can't read or save files in the specified format with the
       specified encapsulation */

#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED  -9
    /**< The specified format doesn't support per-packet encapsulations */
edit flag offensive delete link more

Comments

There are Bluetooth captures on the Wiki that can be exported to btsnoop to see a working example.

Chuckc gravatar imageChuckc ( 2024-08-02 19:32:56 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-08-02 18:26:46 +0000

Seen: 201 times

Last updated: Aug 02