Bluetooth connections sniffing
This resource consists on capturing traffic from a Bluetooth connection using specific hardware with the ability to intercept packets of third-party setup networks. It is a technique similar to the “monitor mode” in Wi-Fi.
This technique commonly captures packets from the Bluetooth “Link Layer” layer, i.e. “LMP” packets in BR/EDR and “LL” packets in BLE. Depending on the connection being monitored, it is possible that the captured packets are encrypted.
Bluetooth Sniffers
The following table lists some hardware and software that allows this technique to be performed. It is important to check the limitations of the projects below as many do not allow reliable capture of communications due to the channel hopping techniques used in Bluetooth.
| Hardware | Software | Modes |
|---|---|---|
| Ubertooth | Ubertooth tools | BR* / EDR* / BLE |
| TI CC1352/CC26x2 | Sniffle | BLE 4.x / BLE 5 |
| nRF51822 | Btlejack | BLE 4.x / BLE 5.x* |
| Bluefruit LE sniffer | Btlejack | BLE 4.x / BLE 5.x* |
| Micro:Bit | Btlejack | BLE 4.x / BLE 5.x* |
| nRF52840 | nRF Sniffer | BLE |
| PANalyzr | - | BR / EDR / BLE |
| Ellisys Bluetooth Vanguard | - | BR / EDR / BLE |
| Ellisys Bluetooth Explorer | - | BR / EDR / BLE |
| TeledyneLecroy Frontline X500 | - | BR / EDR / BLE |
* Limited support. See product or project for more information.
