THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
slawekj's avatar
1
slawekj
asked 2022-04-05 18:57:36 +0000

Btsnoop as pipe input?

Hi! I am trying to inspect a live btsnoop log (incrementing file), but it appears there is no such option.

I first tried 

wireshark -k -i <input_pipe>

but I got error:

Data written to the pipe is neither in a supported pcap format nor in pcapng format. Please report this to the developers of the program writing to the pipe.

As far as I understand Wireshark does not support btsnoop file format as input pipe, only pcap.

I was hoping editcap could help - as it is able to convert btsnoop to pcap format. However I was not able to pipe the live feed through it - no such option? It worked for me only for static files (e.g. editcap in.log out.pcap).

Am I missing something obvious, or is it impossible to have live feed of btsnoop in Wireshark (except for android hci tcp/8878 via adb, but it is supported only on a small number of devices). Any python sample code that I could use for such conversion myself? (my original script live-feeding btsnoop is in python).