Ask Your Question
0

How to capture filter on BLE address?

asked 2018-08-23 14:23:36 +0000

johngriswold gravatar image

updated 2018-08-24 17:24:55 +0000

Guy Harris gravatar image

I'm using the AdaFruit BLE sniffer, along with a bunch of software so it can talk to Wireshark. I see BLE packets galore, but I'm interested only in the device I'm testing, not Bill's Android, or the TV, or the... I think everything has BT in it now.

So, I have been trying to filter for the MAC address to no avail. I've tried making filters that look like:

btle.access_address == 00:00:00:00:00:00 (i.e. "some MAC address")
btle.advertising_address == <some MAC address>

One of them does no apparent filtering, the other apparently causes the program distress in that it can't figure out the filter's meaning, I guess.

Can someone tell me what filter string to really use? (This has been a bane of mine in Wireshark from the very beginning, when I was using it on (gasp) wired Ethernet.

Thanks, John

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-03-19 10:48:27 +0000

I have been crazy trying to use a capture filter on BLE traffic. I have come to the, perhaps incorrect, conclusion that it is not possible.

My take is that Wireshark capture filters use the Berkeley Packet Filter syntax, which does not have any functions for filtering by BLE hardware addresses. Therefore it is not possible to use a capture filter, just a display filter. Is that correct? If so, I'll stop trying.

edit flag offensive delete link more
0

answered 2018-08-23 14:38:51 +0000

grahamb gravatar image

Are you getting confused between:

The btle fields can only be used with Wireshark Display filters.

edit flag offensive delete link more

Comments

I am! Now I know the btle fields don't work for capture. Thank you.

johngriswold gravatar imagejohngriswold ( 2018-08-23 15:10:06 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-23 14:23:36 +0000

Seen: 393 times

Last updated: Mar 19