bluetoothbluetooth-lowenergypacket-sniffers

Can i intercept traffic of all nearby bluetooth devices with built into the laptop bluetooth dongle?


I know that bluetooth uses hoping, and because of this difficult to intercept traffic.

  1. Сan i put my dong into monitoring mode?

  2. If for example are 30 devices nearby, and i will always listen just one bluetooth channel, and my dongle works in monitor mode, should i get sometimes some data?

  3. Can i use for these purposes Hcidump or tcpdump?

  4. If I understand correctly, if bluetooth device does not have a password, i can directly interact with its services(with hcitool and tmux).? I read that i can watch the battery level, device name, and other information.

PS: sorry for bad english.


Solution

  • It is possible to monitor traffic between Bluetooth devices but I am quite sure that your default laptop dongle is not capable of doing that.

    Before establishing connection between two Bluetooth devices, they send connection request/response packets on primary advertising channels (37th, 38th, 39th channel). You need to capture these packets to learn hopping pattern, connection interval and etc. After receiving packets, you can monitor insecure Bluetooth connections. However it is hard to monitor 30 device simultaneously because you need to make time division between each connection.

    Let's answer your questions.

    1. It might be possible but you need to write driver level code.
    2. It might be possible. As I mentioned, it is good approach to capture connection request/response packets before monitoring devices.
    3. I have no idea about these tools.
    4. To manipulate services, you need to know service handle and duplicate GATT client's mac address. I am not sure that, this method will work.