Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have limited experience with pyshark/scapy, such as capture Bluetooth low energy from sniffer devices. I have unsuccessfully searched for a solution. Any thoughts or suggestions on how to achieve this are welcome. Thanks in advance.
Setup:
I have two sniffer devices which are the Ubertooth one and nrf51-DK. A smartwatch with BLE 4.1 and Android smartphone. The platform is ubuntu 14.04.
Goal:
My goal is to capture the communication between the smartwatch and phone, during the operation of an app(for example: album or browser). All I need is the packet length, source, and destination address.
Current Status:
Initially, I started with nrf51-DK. It doesn't capture from the pairing process, so I bought the Ubertooth device, It shows the paring process, but it doesn't show any other useful components of communication between the two devices. But, there is something called "unknown", seen in the image below.
Wireshark with no Source and Destination in Unknown info
Questions:
1. Is it possible to capture at least 90% of the transmission between the smartwatch and smartphone?
The Wireshark didn't display any address(Source and Destination). Am I still able to decode "Unknow" by using pyshark/scapy?
Notes:
For question 1, I've looked around and found the following:
"This feature causes the MAC address within the advertising packets to be replaced with a random value that changes at timing intervals determined by the manufacturer. Any malicious device(s), placed at intervals along your travel route, would not be able to determine that the series of different, randomly generated MAC addresses received from your device actually relates to the same physical device. It actually looks like a series of different devices, thus, it will not be possible to track you using the advertised MAC address"
so I'm not really sure that the Ubertooth-one or other sniffer devices are able to capture 90% of the transmission.
For question 2, I have saved the PCAP file and trying using pyshark and scapy to display the source and destination address in python, but it doesn't contain an address:
cap = pyshark.FileCapture('Test_1.pcap')
print(cap[2].ip.src)
OUTPUT:
pyshark.tshark.tshar.TsharkNotFoundException: Tshark not found. Try adding its location to the configuration file.
I guess the version of my Wireshark is lower than the pyshark requirement. (current: 1.12.1). But, I have to use the older version of the Wireshark for my sniffer device. Therefore, I'm not really sure if the older version Wireshark cause the problem or the way I'm using pyshark is wrong.
question 2 update:
apt install tshark
I wanted to know if it is good practice to do so, and if not, what would be the best way to achieve this?
As long as the sniffer catches the CONNECT_IND packet (previously called CONNECT_REQ), it will be able to follow the whole connection. Naturally, some packets might be missed if the signal isn't good enough. If a channel map or connection parameter update takes place, it's vital that the sniffer gets this packet (otherwise it will lose sync with the connection).
The Bluetooth Device Address is not sent in every packet. It is only sent in the CONNECT_IND packet (and the advertisement packet).
The problem you have with Wireshark is probably because you decode it using the wrong plugin/decoding format. See the documentation for your sniffer.
Related
So, what I want is just to scan the environment and see if any packages are sent without pairing or connecting to a device. Just a general scan of bluetooth in the air and being able to see some of what comes up, like packages exchanged and maybe some information of them. Everything I've read so far is about pairing or connecting first.
Thanks in advance!
The question is old, but since nobody gave an answer I try to fill the gap.
Bluetooth is, because of its technical specifications (frequency hopping etc.), difficult to sniff. A monitor mode like in WiFi doesn't exist out of the box. You would need to scan all Bluetooth channels at the same time. And then there is the challenge that since you managed to detect something, you need to know the next hop (to which channel the devices jump next). There are commercial hardware that can do that. Also some open source projects come up like Ubertooth, but with less capabilities.
You could try to purchase an Ubertooth and play with it.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to exchange some data between two android phones. I realize I can do this over WiFi and Bluetooth but their range is much limited as compared to GSM. I'm wondering if I could do this directly using the GSM module.
As far as I know a SIM's function is not to provide transmission but only identification. It allows phone to authenticate with a provider and decrypt the signals sent on that network. The hardware to transmit and receive signals is there in the phone. So if a phone is not registered on the network it would still receive the signals going around it (though for the sake of efficiency it may choose not to do so if unregistered) but not understand it since it can't decrypt it.
Now in light of above, two phones that are in range of one another could directly transmit and receive with each other if programmed to do so. And the range of transmission would be quite good.
Is it possible to program an android phone to transmit data over GSM without a SIM?
Note: I realize what is being asked here may not be implementable straightaway using standard Android SDK. But this is for experimentation and DIY projects so I'm okay working with rooted phone and performing hacks.
No. It is not possible. The Radio Access Network technology, GSM or CDMA is only one part of cellular technologies. There are two main parts in cellular technologies: the Access Network (BTS or, NodeB (UMTS), RNC (UMTS), and RAN technology) and the Core Network, where, in GPRS and UMTS, there are components like Service GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN), among other functional components.
In order to send data, first, a cell phone needs to establish a Packet Data Protocol (PDP) context, which involves data stored in the SGSN and the GGSN. For this the IMSI, stored in the SIM, and TMSI are necessary. If the device cannot establish a PDP context, it won't be able to send data.
You can read more in about UMTS Network Architecture Specifications in http://www.3gpp.org/ftp/Specs/html-info/23002.htm
In LTE, it's the same case.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on project push to talk over wifi hotspot or wifi direct in real time, but I am unable to connect more than 10 devices through one hotspot as android given this limitation.
but I want to connect 40 - 50 devices, so can anyone tell me that how can I connect with multiple devices, So that one message can be delivered on all 50 devices in real time from one device without any router or additional hardware.
USING HOTSPOT IN THE HOUSE WITH MORE THAN 10 DEVICES
I've been searching for an answer to that for a little while. I found something that works with a little money what I end up using was some old devices that I had laying around the house. What you need is two items you need a repeater, and also an old router. if you have to use a repeater alone, it uses it in bridge mode so therefore it will not be assigning new IP addresses. The IP address are assigned by the phone in that case, so therefore you will reach its limit. on top of that, the repeater itself will take away one of the spots on your phone as one of the 10 devices. but I did is the following. I use the repeater which has a ethernet out. connected my phone to the repeater. Then I plugged in my old router into the repeater routers WAN port and connected it with a CAT5 cable to the repeater. Placed the old router into DHCP mode bring it with a new network name. Then connected all the devices to the old router, and none of them show up on the repeater or on the phones hotspot. Basically you're creating a subnet I guess. Works great and honestly for low bandwidth devices it runs fine, the speed test was almost the same as off of the repeater itself. If anything, use the high priorioty/bandwidth devices onto the hotspot directly, and then use the repeater/router for the low bandwidth stuff (smart speakers/plugs/lights)
also another tip I can say. Right now my wireless carrier gives me unlimited hotspot to all of my phones. I have multiple phones that come in and out of the house. So what I have done is place all the phones with the same exact SSID for the hotspot, and also the same exact password. So therefore the Wi-Fi repeater will join so whichever phone is in the house. Personally this has been a great replacement for internet in my house since my demand for internet is not that high. And if you have unlimited internet I guess you can use this even as a replacement for home internet. also this way it distributes the Hotspot data usage to all the different phone.
That seems like a tall order considering the limitations are more to do with the WiFi components than the OS. The only possible approach I see would be to dynamically connect/disconnect the WiFi connections and cycle through each of your 50 connections. Doing that in a timely fashion and without killing the battery in the process will probably be quite challenging.
I'm studying Bluetooth protocol and implementing a position system reading RSSI in dBm from some devices. System will be implemented with 3 fix stations with an known latitude and longitude and a mobile station. Positioning will be done on mobile station with the power received in dBm from each fix station and the typically position algorithm.
In order to increase the efficiency of the system, some parameters from Bluetooth devices needs to be changed. This parameters could be:
Scan time on fix stations to decrease time on response to Inquires.
Inquires access codes to get answered to inquires just from selected devices(our 3 fix stations)
Some others.
There are some scenarios that can be used to do that depending on used tecnologies(some of them are limited):
Fix stations with Linux OS(no problem to modify parameters), mobile station with Android (seems to have just typically functions on its Bluetooth library but bluetooth setting are difficult or impossible to be modified).
See: http://developer.android.com/reference/android/bluetooth/BluetoothAdapter.html
All stations running Linux OS, and C++ on mobile station(seems to be easy to run from shell scripts hcitool for fix stations modifying our settings, but it seems difficult to implement source code on C++ to get RSSI with our need values on dBm of links to fix stations on mobile station).
The nasty way. All stations running Linux OS and shell scripts, on mobile station running under shell scripts parsing values from RSSI from output redirection of hcidump after lunching inquires.
It seems to be very difficult to find useful info related to this scenario. Maybe some one of you can help to choose best scenario and to describe how should be implemented.
(Sorry if something it's not explained in a better way.. my English is terrible..)
Thanks.
I'm sorry, I didn't follow everything you wrote, but I think the first step is to get down to the HCI layer on the fixed stations. That is fairly straight-forward to accomplish and gives you a fair bit of control.
As you mentioned, hcitool is very useful, but it doesn't matter what tool or language you use. You can access HCI commands from any language.
For example, I did something like this with Voyage Linux on an ALIX box. Voyage is debian based so now problem to load BlueZ, PyBluez, and Python. Python made it easy to quickly prototype a solution which you can convert to C++ later if need be. (More here.)
But that's just an example - use whatever stack you are comfortable with as long as you can get at the HCI layer. (Getting past the HCI layer requires you to work with a specific chipset and load code directly into the Bluetooth chipset.)
On the mobile device you might be severely limited: if you are trying for potential real world implementation. If this is just for the lab, you should get rooted Android devices that use the standard Bluez stack and then, like on the fixed devices, you can get at the HCI interface. Android is, after all, just Linux so you can do what you want if you have root.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am attempting to identify a mobile device on a LAN using Nmap, more specifically an Android smartphone. Both my laptop and the target (android smartphone) are connected to the same access point. I can ping the device etc. When I run a standard Nmap scan against the smartphone it says all 1000 ports are closed, which is odd considering I am browsing the web on the phone while the scan is running. With no ports being open, device discovery is very difficult.
Is anyone aware of an efficient way to identify a smartphone on a network? Or can anyone explain this kind of behaviour from the mobile device?
Thanks in advance
In my experience with nmap, i had to limit packet send rate to discover some devices. You can do so with the option
--max-rate : Send packets no faster than per second
For example:
nmap --max-rate 100 192.168.0.2
Using that speed, nmap finds my smartphone even though its 1000 ports are closed. If i set it to 500 packets per second, it doesn`t find it.
nmap is only going to find ports that are open and waiting for connections - ports that have services running on them. You could use Handset Detection but it'll need your device to visit a web page as it requires http headers for device detection (disclaimer : my startup).
Amethon do something like this (guessing from their blurb), perhaps by watching a traffic stream from mirrored switch port. Not sure what their product costs, but they might be able to help out with questions or give you an approach.
Hope that helps a bit.
you could make a script where the arguments received are the current subnet you want to explore and the subnet mask... just like nmap... but pinging all the host on the current network instead of looking for open ports.. this only will tell you if the host is up... but not if it's a smartphone... maybe nessus could help you since it's more complete...
You could use the following nmap -p1-65535 -O
-p will specify to scan ports 1-65535 and -O will check for the Operating system running on the device.
Hope this helps!