Closed dlech closed 3 years ago
Thanks for the contribution! Is it useful to look at a packet capture alongside the bluetooth capture? If not, then I'd say this should be its own tool (perhaps it could be in the same repo to share the pcapng helper functions). I ask because I didn't see an explicit mention of doing this in the PR desc.
Thanks for the review. I would not expect anyone to be parsing network and Bluetooth traffic at the same time (which answers the inline question about GetInterface(0)
), so I suppose having a separate tool would be fine. It's been so long since I did this I don't remember for sure, but I think I didn't want to spend time deduplicating the code until I was sure there was interest in including these changes for sure (which answers the other two questions).
Would you like me to look at creating a separate etl2pcapng-bt.exe
?
Would you like me to look at creating a separate
etl2pcapng-bt.exe
?
Sounds good, thanks! Sorry for the delay in review; I wasn't notified of this until csujedihy pointed it out to me.
It looks like there is a new tool to log in Wireshark in realtime, so this is no longer necessary.
https://docs.microsoft.com/en-us/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs
Motivation: Although there is a tool for this in the Windows Driver Kit, it is a bit annoying to have to install 1GB of things you don't need just for the one tool.
I basically worked this out through reverse engineering a
.etl
file by converting it to.xml
withtracerpt.exe
.FYI, the log command in the README comes from here. Not sure if all of it is actually necessary.
The resulting
.pcap
file was verified to be correct compared to the.cfa
file generated bybtetlparse .exe
from the Windows Driver Kit. This was done using a short capture of an interaction with a Bluetooth Low Energy device.