Therefore, given that there's no CONNECT_IND included in the pcap when doing wble-connect -i hci0 <BDADDR> | wshark | wble-central profile, it leads to the pcap looking a bit sub-optimal, in that it's not easy to just eyeball it and see which direction the packets are flowing:
While it's still technically possible to figure out direction from the packet flags, it'd be better if it just included the CONNECT_IND and then it would just look normal with central and peripheral made more clear.
Also what I mean by "inject" in the title is that if there's no easy architectural way to capture the real CONNECT_IND, you could create a fake equivalent. That's what appears to be required for Sniffle as mentioned over on that cited ticket.
Wireshark relies on the presence of a CONNECT_IND with the same Access Address to show valid central or peripheral / source or destination columns. (I accidentally discovered this here: https://github.com/nccgroup/Sniffle/issues/83#issuecomment-2237765290)
Therefore, given that there's no CONNECT_IND included in the pcap when doing
wble-connect -i hci0 <BDADDR> | wshark | wble-central profile, it leads to the pcap looking a bit sub-optimal, in that it's not easy to just eyeball it and see which direction the packets are flowing:While it's still technically possible to figure out direction from the packet flags, it'd be better if it just included the CONNECT_IND and then it would just look normal with central and peripheral made more clear.
Also what I mean by "inject" in the title is that if there's no easy architectural way to capture the real CONNECT_IND, you could create a fake equivalent. That's what appears to be required for Sniffle as mentioned over on that cited ticket.