Open rgov opened 5 years ago
https://github.com/greatscottgadgets/ubertooth/pull/464 was my solution for this kind of an issue. We don't have a tap interface but we can write to a pcap. Read the PCAP but ignore EOF and let a loop handle the reading to avoid starting over at the beginning of the file.
This patch makes
ubertooth-btle -f -c -
do what you would expect. Unfortunately it only works on Linux because it requires procfs;libbtbb
does not let us capture to a file descriptor, so we need to be able to pass it an actual path.Without this patch,
ubertooth-btle
could be forced to write to /dev/stdout, but it will interleave its status messages, corrupting the pcap.Another (perhaps better) solution would be to track down every call to
printf()
and whatever else writes to stdout, and make them all conditional, but I didn't know how much work that would be.This is mostly useful for using with the
sshdump
extcap tool, which lets us stream captures from another host over SSH. I'm using it successfully to capture from an Ubertooth attached to a Linux virtual machine while I use Wireshark natively in macOS. (I wrote it up for the wiki.) However, without being able to capture to stdout, it requires some contortions with temporary named pipes and such.