You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
btlejack -c any -w /tmp/ble -o ble_test.pcap
BtleJack version 2.1
[i] No output format supplied, pcap format will be used
[i] Waiting for wireshark ...
[i] Detected sniffers:
> Sniffer #0: version 2.1
LL Data: 45 22 aa 82 1d 47 e1 6c aa 94 a1 0e 6c 94 95 84 9a af b3 35 fa 03 14 00 18 00 00 00 48 00 00 00 c0 d7 0f 0e
[i] Got CONNECT_REQ packet from 6c:e1:47:1d:82:aa to 94:6c:0e:a1:94:aa
|-- Access Address: 0xaf9a8495
|-- CRC Init value: 0xfa35b3
|-- Hop interval: 24
|-- Hop increment: 14
|-- Channel Map: 0fd7c00000
|-- Timeout: 720 ms
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
LL Data: 03 06 0c 0b 0f 00 11 02
Wireshark/tshark sees the following:
tshark -i /tmp/ble
Capturing on '/tmp/ble'
1 0.000000 af:9a:84:95:94:aa → Renasis_fa:35:aa LE LL 33 ADV_DIRECT_IND
2 0.019143 → LE LL 7 UnknownDirection [Malformed Packet]
3 0.049076 → LE LL 7 UnknownDirection [Malformed Packet]
4 0.079197 → LE LL 7 UnknownDirection [Malformed Packet]
5 0.109192 → LE LL 7 UnknownDirection [Malformed Packet]
6 0.139112 → LE LL 7 UnknownDirection [Malformed Packet]
7 0.169077 → LE LL 7 UnknownDirection [Malformed Packet]
8 0.199098 → LE LL 7 UnknownDirection [Malformed Packet]
I thought perhaps it was because of the older version of Wireshark I'm running (to use someone else's custom BLE dissector), but I copied the ble_test.pcap to a system with the latest version of Wireshark, and it also saw the packets as malformed.
I'm also wondering why btlejack says it's seeing a CONNECT_REQ but wireshark thinks it's an ADV_DIRECT_IND?
Am I doing something wrong on my end?
The text was updated successfully, but these errors were encountered:
On Ubuntu 20.04, when I run the following:
Wireshark/tshark sees the following:
I thought perhaps it was because of the older version of Wireshark I'm running (to use someone else's custom BLE dissector), but I copied the ble_test.pcap to a system with the latest version of Wireshark, and it also saw the packets as malformed.
I'm also wondering why btlejack says it's seeing a CONNECT_REQ but wireshark thinks it's an ADV_DIRECT_IND?
Am I doing something wrong on my end?
The text was updated successfully, but these errors were encountered: