Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2023-02-10 12:59:59 +0000

voytex gravatar image

How to dissect BLE in UDP payload?

Dear community,

TLDR: I have raw BLE data as a payload of UDP datagrams and would like Wireshark to dissect them properly, without developing new dissector

Theme of my master's project is wireless sniffer for BLE and IEEE 802.15.4. I am basically trying to replicate Texas Instruments' Packet Sniffer 2. Using even the same hardware (CC2652RB). Captured BLE (Bluetooth Low Energy) frames are being sent as a payload of UDP messages to a PC running Wireshark, which should be able to dissect them.

TI Solution behaves like this:

TI Packet Sniffer Wireshark picture

As you can see, in UDP payload, there are another auxiliary protocol headers (TI Radio Packet Info and TI BLE Packet Info) before the actual BLE Link Layer. Dissectors for these headers were installed during the installation of TI Packet Sniffer itself. However I do believe, that dissector for BLE LL is a part of default Wireshark installation.

My solution looks like this:

My solution where there is only UDP packets dissected

Now here is my problem: Wireshark seems to "ignore" the BLE LL frames in UDP payload. And I would like to ask how to "make Wireshark" recognize them? Or how can I help Wireshark recognizing them? My advisor says, I should look into Wireshark Remote Capture field, however I am not sure if it is the right way, as I wasn't been able to find anything useful regarding this issue so far.

Thank You for any feedback!

click to hide/show revision 2
None

updated 2023-02-10 15:40:10 +0000

grahamb gravatar image

How to dissect BLE in UDP payload?

Dear community,

TLDR: I have raw BLE data as a payload of UDP datagrams and would like Wireshark to dissect them properly, without developing new dissector

Theme of my master's project is wireless sniffer for BLE and IEEE 802.15.4. I am basically trying to replicate Texas Instruments' Packet Sniffer 2. Using even the same hardware (CC2652RB). Captured BLE (Bluetooth Low Energy) frames are being sent as a payload of UDP messages to a PC running Wireshark, which should be able to dissect them.

TI Solution behaves like this:

TI Packet Sniffer Wireshark picture

As you can see, in UDP payload, there are another auxiliary protocol headers (TI Radio Packet Info and TI BLE Packet Info) before the actual BLE Link Layer. Dissectors for these headers were installed during the installation of TI Packet Sniffer itself. However I do believe, that dissector for BLE LL is a part of default Wireshark installation.

My solution looks like this:

My solution where there is only UDP packets dissected

Now here is my problem: Wireshark seems to "ignore" the BLE LL frames in UDP payload. And I would like to ask how to "make Wireshark" recognize them? Or how can I help Wireshark recognizing them? My advisor says, I should look into Wireshark Remote Capture field, however I am not sure if it is the right way, as I wasn't been able to find anything useful regarding this issue so far.

Thank You for any feedback!

click to hide/show revision 3
None

updated 2023-02-10 15:44:26 +0000

grahamb gravatar image

How to dissect BLE in UDP payload?

Dear community,

TLDR: I have raw BLE data as a payload of UDP datagrams and would like Wireshark to dissect them properly, without developing new dissector

Theme of my master's project is wireless sniffer for BLE and IEEE 802.15.4. I am basically trying to replicate Texas Instruments' Packet Sniffer 2. Using even the same hardware (CC2652RB). Captured BLE (Bluetooth Low Energy) frames are being sent as a payload of UDP messages to a PC running Wireshark, which should be able to dissect them.

TI Solution behaves like this:

TI Packet Sniffer Wireshark picture

As you can see, in UDP payload, there are another auxiliary protocol headers (TI Radio Packet Info and TI BLE Packet Info) before the actual BLE Link Layer. Dissectors for these headers were installed during the installation of TI Packet Sniffer itself. However I do believe, that dissector for BLE LL is a part of default Wireshark installation.

My solution looks like this:

My solution where there is only UDP packets dissected

Now here is my problem: Wireshark seems to "ignore" the BLE LL frames in UDP payload. And I would like to ask how to "make Wireshark" recognize them? Or how can I help Wireshark recognizing them? My advisor says, I should look into Wireshark Remote Capture field, however I am not sure if it is the right way, as I wasn't been able to find anything useful regarding this issue so far.

Thank You for any feedback!

click to hide/show revision 4
None

updated 2023-02-10 15:44:58 +0000

grahamb gravatar image

How to dissect BLE in UDP payload?

Dear community,

TLDR: I have raw BLE data as a payload of UDP datagrams and would like Wireshark to dissect them properly, without developing new dissector

Theme of my master's project is wireless sniffer for BLE and IEEE 802.15.4. I am basically trying to replicate Texas Instruments' Packet Sniffer 2. Using even the same hardware (CC2652RB). Captured BLE (Bluetooth Low Energy) frames are being sent as a payload of UDP messages to a PC running Wireshark, which should be able to dissect them.

TI Solution behaves like this:

TI Packet Sniffer Wireshark picture

As you can see, in UDP payload, there are another auxiliary protocol headers (TI Radio Packet Info and TI BLE Packet Info) before the actual BLE Link Layer. Dissectors for these headers were installed during the installation of TI Packet Sniffer itself. However I do believe, that dissector for BLE LL is a part of default Wireshark installation.

My solution looks like this:

My solution where there is only UDP packets dissected

Now here is my problem: Wireshark seems to "ignore" the BLE LL frames in UDP payload. And I would like to ask how to "make Wireshark" recognize them? Or how can I help Wireshark recognizing them? My advisor says, I should look into Wireshark Remote Capture field, however I am not sure if it is the right way, as I wasn't been able to find anything useful regarding this issue so far.

Thank You for any feedback!

How to dissect BLE in UDP payload?

Dear community,

TLDR: I have raw BLE data as a payload of UDP datagrams and would like Wireshark to dissect them properly, without developing new dissector EDIT: Tried to fix the pictures not showing up.

Theme of my master's project is wireless sniffer for BLE and IEEE 802.15.4. I am basically trying to replicate Texas Instruments' Packet Sniffer 2. Using even the same hardware (CC2652RB). Captured BLE (Bluetooth Low Energy) frames are being sent as a payload of UDP messages to a PC running Wireshark, which should be able to dissect them.

TI Solution behaves like this:

TI Packet Sniffer Wireshark pictureTI Packet Sniffer Wireshark picture

If the picture does not show, hit this link

As you can see, in UDP payload, there are another auxiliary protocol headers (TI Radio Packet Info and TI BLE Packet Info) before the actual BLE Link Layer. Dissectors for these headers were installed during the installation of TI Packet Sniffer itself. However I do believe, that dissector for BLE LL is a part of default Wireshark installation.

My solution looks like this:

My solution where there is only UDP packets dissectedMy solution where there is only UDP packets dissected

if the picture does not show, hit this link

Now here is my problem: Wireshark seems to "ignore" the BLE LL frames in UDP payload. And I would like to ask how to "make Wireshark" recognize them? Or how can I help Wireshark recognizing them? My advisor says, I should look into Wireshark Remote Capture field, however I am not sure if it is the right way, as I wasn't been able to find anything useful regarding this issue so far.

Thank You for any feedback!