Closed dlech closed 2 years ago
maolson-msft
commented
3 years ago Thanks for the contribution! Is it useful to look at a packet capture alongside the bluetooth capture? If not, then I'd say this should be its own tool (perhaps it could be in the same repo to share the pcapng helper functions). I ask because I didn't see an explicit mention of doing this in the PR desc.
dlech
commented
3 years ago Thanks for the review. I would not expect anyone to be parsing network and Bluetooth traffic at the same time (which answers the inline question about GetInterface(0)), so I suppose having a separate tool would be fine. It's been so long since I did this I don't remember for sure, but I think I didn't want to spend time deduplicating the code until I was sure there was interest in including these changes for sure (which answers the other two questions).
Would you like me to look at creating a separate etl2pcapng-bt.exe?
maolson-msft
commented
3 years ago Would you like me to look at creating a separate
etl2pcapng-bt.exe?
Sounds good, thanks! Sorry for the delay in review; I wasn't notified of this until csujedihy pointed it out to me.
dlech
commented
2 years ago It looks like there is a new tool to log in Wireshark in realtime, so this is no longer necessary.
https://docs.microsoft.com/en-us/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs
Motivation: Although there is a tool for this in the Windows Driver Kit, it is a bit annoying to have to install 1GB of things you don't need just for the one tool.
I basically worked this out through reverse engineering a
.etlfile by converting it to.xmlwithtracerpt.exe.FYI, the log command in the README comes from here. Not sure if all of it is actually necessary.
The resulting
.pcapfile was verified to be correct compared to the.cfafile generated bybtetlparse .exefrom the Windows Driver Kit. This was done using a short capture of an interaction with a Bluetooth Low Energy device.