In a previous post on Bluetooth Low Energy, I’ve shown how to do a Wireshark trace on the HCI interface without additional hardware and attached a sample trace. The downside of this approach is that the trace is made on the HCI interface between the PC and the Bluetooth hardware so layer 2 frames are unfortunately not included. It seems to be quite hard to get hold of Bluetooth layer 2 traces, but finally, I’ve come across from which one can gain interesting insights.
Have a look at the sample files of a Bluetooth security project on Github. The tar file contains an encrypted and decrypted version of the Wireshark trace after encryption has been activated. If you don’t see Bluetooth layer 2 frames in Wireshark have a look for how to configure Wireshark here.
The trace file only contains the scanning, connection, authentication and ciphering frames but unfortunately no user data (characteristics) exchanges. A bit of a pity but the characteristics can be traced at the HCI layer as per my previous post.