Is is possible to sniff POLL / NULL packets for bluetooth protocol with tcpdump?

0
votes


I'm trying sniffing POLL/NULL packets from bluetooth (BT) protocol using tcpdump.
As far as I understand POLL / NULL packets are packets (ACL?) sent between a master and a slave BT devices to keep track of connection syncronization info (clock drift, jitter, delta etc) If I create an l2cap connection between two devices and I do not send any data packet on it, I would expect to see those packets anyway. (is this correct?) I'm sniffing the BT traffic with tcpdump but I cannot see any packet captured, but the data packet send over the l2cap layer.
Are those packets generated at the "wire" level by the BT radio chip, so tcpdump cannot capture them?

Many thanks
Sergio

P.S. here's the tcpdump command I'm using: sudo ./tcpdump -n -s0 -tt -vv -i bluetooth0 -w bt_tcpdump.pcap

1
bluetoothtcpdump

1 Answers

1
votes

POLL/NULL packets are exchanged at a very low level in the link layer. Sending and receiving these packets is done automatically by your bluetooth hardware device. These packets are never passed up across the host control interface (HCI) to the host software stack, so there is no opportunity for you to sniff them via software. To sniff this traffic requires an external bluetooth sniffer that captures the over-the-air traffic.

Why do you want to sniff POLL/NULL packets?