stryngs
commented
3 years ago https://github.com/greatscottgadgets/ubertooth/pull/464 was my solution for this kind of an issue. We don't have a tap interface but we can write to a pcap. Read the PCAP but ignore EOF and let a loop handle the reading to avoid starting over at the beginning of the file.
This patch makes
ubertooth-btle -f -c -do what you would expect. Unfortunately it only works on Linux because it requires procfs;libbtbbdoes not let us capture to a file descriptor, so we need to be able to pass it an actual path.Without this patch,
ubertooth-btlecould be forced to write to /dev/stdout, but it will interleave its status messages, corrupting the pcap.Another (perhaps better) solution would be to track down every call to
printf()and whatever else writes to stdout, and make them all conditional, but I didn't know how much work that would be.This is mostly useful for using with the
sshdumpextcap tool, which lets us stream captures from another host over SSH. I'm using it successfully to capture from an Ubertooth attached to a Linux virtual machine while I use Wireshark natively in macOS. (I wrote it up for the wiki.) However, without being able to capture to stdout, it requires some contortions with temporary named pipes and such.