On Jul 9, 2014, at 6:35 AM, Paul Raine <praine@xxxxxxxxxxxxxxxxx> wrote:
> In answer to your question I just meant "capturing traffic sent by and
> received by the machine running Wireshark"
>
> I have a version of Wireshark running on Linux Fedora 14, which I had been
> using in the past to analyze Bluetooth protocol packets sent to and from the
> computer.
> However, it has been a long time since I used it and I can't seem to capture
> any Bluetooth packets any more. (It works fine for other interfaces).
> Because I've had it working before, I feel like I am either missing
> something simple that I have just forgotten to do, or that Bluetooth capture
> is no longer supported by Wireshark.
We haven't dropped support for it. If something doesn't work, it's probably best to ask "I tried XXX, and it didn't work?", giving details, rather than "is XXX still supported?", as the former makes fewer assumptions as to the underlying problem.
(It's also best not to assume that somebody who answers an e-mail is the only person with whom you should be discussing the problem; replying only to them leaves out other people who might be able to help.)
> I have installed the following:
>
> Libpcap-1.1.1-3.fc14.i686.rpm
OK, so that version of libpcap supports Bluetooth capturing with the BlueZ Bluetooth stack *if* it was configured to include that support.
> Wireshark-1.4.10-1.fc14.i686.rpm
And that version supports dissecting Bluetooth packets.
> Wireshark-gnome-1.4.10-1.fc14.i686.rpm
...which just adds the GUI.
> And I am running Linux Kernel 2.6.35.6-45.fc14.i686 with Gnome 2.32.0
...and that kernel should include the BlueZ stack.
> If I bring up the Wireshark dialog box that lists the number of Bluetooth
> packets per interface I can see the Bluetooth packets increase when I send
> and receive Bluetooth information.
Is that the "Capture Interfaces" dialog that pops up if you click "Interface List" on the Wireshark welcome screen or select "Interfaces" from the "Capture" menu? If so, it's successfully capturing packets (the packet counts it shows for the interfaces it shows, whether Bluetooth or not, are counts of packets it captures and discards, as it's capturing them only to count them).
What is the name of the Bluetooth interface on which you're capturing?
> But I get nothing in the capture window.
Is the capture window the small "packet count" window that can be popped up during a capture, showing "Captured Packets", with a "Total" row and rows for things such as SCTP, TCP, UDP, etc., and "Other"? If so, does "I get nothing in the capture window" mean that all the counts are stuck at zero?
Or is it the main Wireshark window with the packet list, packet details, and hex dump, and does "I get nothing in the capture window" mean that there are no packets in the packet list?
