headers
nehemiah | 2 Jul 2010 21:43

Re: About capture Bluetooth packets

On 6/23/2010 12:01 AM, 小池 寛晃 wrote:
> 
> Hello, My name is Hiroaki Koike.
> I'm a japanese student who belongs to AoyamaGakuinUniversity,
> 
> I study about Bluetooth technologies.
> Now, I try to capture the Bluetooth packets by using WIRESHARK.But it did'nt success.
> 
> So, I want you to answer my question.
> Please tell me how to capture the Bluetooth packets by using WIRESHARK?
> 
> Warm Regards.
> 
> That's all.
> **********************************
> Name: Hiroaki Koike
> e-mail: a5807027 <at> aoyama.jp<mailto:a5807027 <at> aoyama.jp>
> **********************************

wireshark and tcpdump capture packets from network devices. bluetooth is
more similar to a USB device. If you are using mac os x look in the
Developer tools.
Permalink | Reply | 1 comment |
headers
Guy Harris | 2 Jul 2010 23:15
Picon
Favicon

Re: About capture Bluetooth packets


On Jul 2, 2010, at 12:43 PM, nehemiah wrote:

> wireshark and tcpdump capture packets from network devices. bluetooth is
> more similar to a USB device.

...and both Wireshark and tcpdump can, at least on Linux, capture on both Bluetooth and USB if the machine on
which you're capturing has:

	1) a sufficiently recent version of libpcap (1.0.0 or later, although, for USB, you probably want 1.1.0 or
later) that was configured with USB and Bluetooth support - whether you have that is up to the makers of your
Linux distribution, although you could try configuring and building libpcap yourself and either
rebuilding tcpdump/Wireshark/whatever with it or building it and installing it as a replacement for the
distribution's libpcap shared library);

	2) a Bluetooth or USB stack in the kernel that supports the capture mechanism used by libpcap.
Permalink | Reply | 0 comments |
headers
bored to death | 4 Jul 2010 16:15
Picon
Favicon

libpcap 1.0 huge packet drop?

hi guys,

i'm having quite a problem with tcpdump 4.0.0

i'm trying to dump gigabit network traffic to file with tcpdump. at first, i was on Debian 5. i had tcpdump
3.9.8 (uses libpcap 0.9.8) installed and with upgrading network-related parameters of kernel, i had no
packet drop and everything was fine. but then i installed tcpdump 4.0.0 (which uses libpcap 1.0) and this
caused a huge packet drop in my receive. (in 700Mb tcp traffic, 1 out of 3 packets were being dropped)
i installed and checked dumpcap (comes with wireshark) and realized wireshark 1.2.6 which is built with
libpcap 0.9.8 doesn't have packet drop, but wireshark 1.2.7 which is built with libpcap 1.0 has the same
problem and packets are hugely being dropped. (i'm not sure about wireshark versions)

so does libpcap 1.0 really have this bad bug or i'm doing something wrong?

also, i tested tcpdump 3.9.7(with libpcap 0.9.7) and tcpdump 4.0.0 (with libpcap 1.0) on FreeBSD 8.0
(700Mb tcp traffic) and result was almost the same. (packet drop with tcpdump 4.0 was 6 times more than
tcpdump 3.9.7, though here i couldnt make tcpdump 3.9.7 to dump with zero packet loss)

any ideas?

thank you.

      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Permalink | Reply | 1 comment |
headers
Guy Harris | 4 Jul 2010 21:36
Picon
Favicon

Re: libpcap 1.0 huge packet drop?


On Jul 4, 2010, at 7:15 AM, bored to death wrote:

> i'm having quite a problem with tcpdump 4.0.0

Combine the previous sentence and the subject line - at this point, you're comparing libpcap
0.9.8+tcpdump 3.9.8 with libpcap 1.0.0+tcpdump 4.0.0, and the problem could be caused by libpcap 1.0.0,
tcpdump 4.0.0, or the combination of them.

I doubt that it's tcpdump 4.0.0's problem, but the first thing you should try is to build the same version of
tcpdump - 3.9.8 or 4.0.0 - with both versions of libpcap, and see what happens.  (libpcap and tcpdump are
released together, but tcpdump is supposed to be able to work with versions of libpcap other than the one
with which it was released.)

> i'm trying to dump gigabit network traffic to file with tcpdump. at first, i was on Debian 5. i had tcpdump
3.9.8 (uses libpcap 0.9.8) installed and with upgrading network-related parameters of kernel, i had no
packet drop and everything was fine. but then i installed tcpdump 4.0.0 (which uses libpcap 1.0) and this
caused a huge packet drop in my receive. (in 700Mb tcp traffic, 1 out of 3 packets were being dropped)
> i installed and checked dumpcap (comes with wireshark) and realized wireshark 1.2.6 which is built with
libpcap 0.9.8 doesn't have packet drop, but wireshark 1.2.7 which is built with libpcap 1.0 has the same
problem and packets are hugely being dropped. (i'm not sure about wireshark versions)

Are those versions of dumpcap linked statically, or dynamically, with libpcap?  What happens if you run
both versions of dumpcap with the -v flag?

> so does libpcap 1.0 really have this bad bug or i'm doing something wrong?
> 
> also, i tested tcpdump 3.9.7(with libpcap 0.9.7) and tcpdump 4.0.0 (with libpcap 1.0) on FreeBSD 8.0
(700Mb tcp traffic) and result was almost the same. (packet drop with tcpdump 4.0 was 6 times more than
tcpdump 3.9.7, though here i couldnt make tcpdump 3.9.7 to dump with zero packet loss)
(Continue reading)

Permalink | Reply | 0 comments |

Gmane