monitor bluetooth with tcpdump

follow this guide

pkg reqs

  • bluetoothd
  • bluetoothctl
  • tcpdump
  • libpcap
  • openssl

on arch:

pacman -S extra/bluez extra/bluez-utils tcpdump libpcap openssl

start bluetooth service

systemctl start bluetooth

check state of bluetooth device

rfkill list bluetooth
sudo rfkill unblock bluetooth
rfkill list bluetooth

get bluetooth adaptor name

tcpdump -D

start tcpdump

tcpdump -i <bluetooth_adaptor> -w <output_file>.pcap

connect to bluetooth devices

[bluetooth]# power on
[bluetooth]# scan on
[bluetooth]# trust <mac_address> # optional
[bluetooth]# pair <mac_address>