This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Wireshark BLE L2CAP packet reassembly

I have some BLE traffic that I have sniffed and am displaying in Wireshark. Most of the opcodes (read/write request/response indications/notifications etc.) are parsed/displayed correctly. However, I have some packets that are prepare write requests/responses and these just show as L2CAP fragments. Is there a way to reassemble fragmented prepare write requests/responses in Wireshark so that I can see the header data (attribute opcodes 0x16, 0x17) and reassembled value?

Top Replies

Stig over 7 years ago +1

The latest development version of Wireshark has support for BLE L2CAP reassembly, and even the Nordic BLE sniffer meta header (so you don't need the plugin). You can try one of the latest automated…

Parents

0 RK over 7 years ago

Nope. There's no code in wireshark which does that for BLE. In fact there's not much stateful conversation parsing in the BLE dissectors at all.

You could add code to do that and submit it to wireshark, but you probably want to check it's not already on someone's radar and if it's the kind of stateful dissection they'd want.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 RK over 7 years ago

Nope. There's no code in wireshark which does that for BLE. In fact there's not much stateful conversation parsing in the BLE dissectors at all.

You could add code to do that and submit it to wireshark, but you probably want to check it's not already on someone's radar and if it's the kind of stateful dissection they'd want.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data