分析蓝牙低能耗流量 [英] Analyzing Bluetooth Low Energy Traffic
问题描述
在尝试研究BLE时,我想知道是否可以通过Wireshark和snort之类的工具对其进行分析?我碰到一个名字叫"ubertooth"的东西,但这是一个USB设备,需要购买它才能使我们在BLE框架上进行DPI,对吗?是否可以在Wireshark上捕获和分析BLE帧?
是的,可以使用wirehark分析BLE数据包,但是您将需要其他硬件.嗅探连接需要蓝牙芯片组内部实现的基带层的支持.计算机内部芯片组的软件不支持嗅探,因此您需要另一个可以控制其软件的芯片组.
我使用 nRF51加密狗,这是针对nRF51,来自Nordic Semi的BLE + Cortex M0 SoC. Nordic为该板提供固件,从而将其转变为嗅探器.他们还为Windows提供了一个应用程序,该应用程序通过USB与该固件进行通信以获取嗅探数据,并以Wireshark可以理解的方式对其进行格式化.
如果您使用的是Windows,则可以使用下载新工具这里.
然后,一旦一切正常,并且将数据包传送到Wireshark,您就可以使用所有很棒的Wireshark内置过滤器用于蓝牙和BLE: btl2cap ,牛逼,...
原始帖子
如果像我一样,您在Mac上,则需要:
- RKNRFGO 以编程自定义固件
- nrf-ble-sniffer-osx 与之通信并将数据包通过管道传送到Wireshark.
nrf-ble-sniffer-osx Wiki 解释了如何设置它向上.感谢Roland King制作了这些工具.
关于Mac设置的两个重要警告:
- 在nrf-ble-sniffer-osx之前安装Wireshark.这是因为nrf-ble-sniffer-osx需要为Wireshark安装一些其他过滤器,以便它可以解码Nordic固件添加到数据包的标头,并且如果以后安装Wireshark也不会这样做.
- 使用Wireshark版本1.12.在撰写本文时,没有新版本可用于此设置.是的,这意味着您必须使用XQuartz.
如果您使用的是Linux,请看起来也可以使用此加密狗,但是我还没有尝试过.
While trying to study BLE I am wondering if it is possible to analyse it through tools like Wireshark and snort? I came across one by the name "ubertooth" but that's a USB device which needs to be purchased in order for us to do DPI on BLE frames, right? Is it possible to capture and analyse BLE frames on Wireshark?
Yes it's possible to use wireshark to analyse BLE packets, but you will need additional hardware. Sniffing a connection requires support from the baseband layer which is implemented inside the Bluetooth chipset. The software of the chipset inside your computer doesn't support sniffing, so you'll need another chipset whose software you can control.
I use the nRF51 Dongle, which is a dev kit for the nRF51, a BLE + Cortex M0 SoC from Nordic Semi. Nordic provides firmware for this board that turns it into a sniffer. They also provide an application for Windows that communicates with that firmware over USB to get back the sniffing data, and that formats it in a way understandable for Wireshark.
If you're on Windows you can just use the tools provided by Nordic on this page, and follow the instructions in the User Guide.
Edit 2018-10: Nordic have released a Mac and Linux app in beta to support their sniffer, so the rest of this post shouldn't be necessary any more. You can download the new tool here.
Then once everything is working and you are piping packets to Wireshark you can use all the awesome Wireshark built-in filters for Bluetooth and BLE: btatt, btl2cap, btle,...
Original post
If, like me, you are on Mac, you'll need:
- RKNRFGO to program the custom firmware
- nrf-ble-sniffer-osx to communicate with it and pipe the packets to Wireshark.
The nrf-ble-sniffer-osx Wiki explains how to set it up. Thanks to Roland King for making these tools.
Two important caveats for the Mac setup:
- Install Wireshark before nrf-ble-sniffer-osx. That's because nrf-ble-sniffer-osx needs to install some additional filters for Wireshark so that it can decode the headers that the Nordic firmware adds to packets, and it won't do it if Wireshark is installed afterwards.
- Use Wireshark version 1.12. At the time of writing, no newer version worked with this setup. Yes that means you'll have to use XQuartz.
If you're on Linux, it looks like it's also possible to use this dongle, but I haven't tried it.
这篇关于分析蓝牙低能耗流量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
