Capture Bluetooth Traffic from Android
Bluetooth devices have become ubiquitous, whether it's headphones, heart rate monitors, smart watches, or light bulbs. While many of them come with mobile apps for control and configuration, sometimes it's convenient to access them from a computer instead. If this is not supported out of the box, recording the Bluetooth traffic is useful in order to create a custom tool.
Helpfully, newer versions of Wireshark include an androiddump utility to capture Bluetooth traffic directly from Android phones. The setup couldn't be simpler: connect the phone to the computer via USB, enable USB debugging, select the "Android Bluetooth" capture source in Wireshark, and start recording!
Android also has a function to log all traffic into a file, which can later be copied to a computer for analysis in Wireshark. This is similar to creating a tcpdump of TCP/IP traffic, just for Bluetooth. Unfortunately, the location of this log file changes between Android versions, and access seems to require root in recent versions. One reliable method I found was:
- Enable "Bluetooth HCI snoop log" in the Android developer options.
- Connect to the phone via USB debugging with
adb - Run
adb rootto gain root-level access to the phone - Run
adb bugreport bugreport.outto create a bug report ZIP file. Either this contains the Bluetooth log file directly (search for abtsnoop_hci.log), or the full path of the log file (grep the bug report forbtsnoop_hci.log) - If the log was not contained in the bug report, get it via
adb pull <full_path_to_logfile>
Comments