hcidump

Parse Host Controler Interface data

hcidump [option [option… ]] [filter ]

Reads raw HCI data coming from and going to a Bluetooth device.
only if somethimg -- like hcitool lescan -- is running!

Default is the first available, and outputs commands, events and data in a human-readable form. Optionally, the dump can be written to a file rather than parsed, to be parsed in a subsequent moment.

-t
--timestamp
Prepend a time stamp
>hcidump -t|grep $b -B3 -A3
2018-05-20 16:48:47.852536 > HCI Event: LE Meta Event (0x3e) plen 30
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr C4:C1:A5:FB:6D:46 (Random)
      Flags: 0x06
      Shortened service classes: 0xfe59
      Complete local name: 'RuuviBoot' 
-r file
--read-dump=file
Data from file created with -w
-i hciX read from hciX. Default: first available.
-l len
--snap-len=len
max length of processed packets
-p psm
--psm=psm
default Protocol Service Multiplexer
-m compid
--manufacturer=compid
default company id for manufacturer
-w file
--save-dump=file
data is saved in file file.
subsequently parsed with -r.

The file can be opened in Wireshark for full decoding

-a
--ascii
 
hcidump -a   |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
> HCI Event: LE Meta Event (0x3e) plen 23
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr 4C:32:75:97:3B:AE (Public)
      Flags: 0x06
      Unknown type 0xff with 6 bytes data
      RSSI: -53
> HCI Event: LE Meta Event (0x3e) plen 35
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr 71:87:54:AC:73:2A (Random)
      Flags: 0x06
      Unknown type 0xff with 18 bytes data
      RSSI: -68
> HCI Event: LE Meta Event (0x3e) plen 23
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr 4C:32:75:97:3B:AE (Public)
      Flags: 0x06
      Unknown type 0xff with 6 bytes data
      RSSI: -65
-x
--hex
  ¿?
hcidump -x   |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
> HCI Event: LE Meta Event (0x3e) plen 43
    LE Advertising Report
      ADV_NONCONN_IND - Non connectable undirected advertising (3)
      bdaddr F2:C0:C6:43:AD:03 (Random)
      Flags: 0x06
      Complete service classes: 0xfeaa
      Unknown type 0x16 with 22 bytes data
      RSSI: -62
-X
--ext
hex and ASCII. ¿?
hcidump -X   |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
> HCI Event: LE Meta Event (0x3e) plen 43
    LE Advertising Report
      ADV_NONCONN_IND - Non connectable undirected advertising (3)
      bdaddr D3:51:78:72:EC:0F (Random)
      Flags: 0x06
      Complete service classes: 0xfeaa
      Unknown type 0x16 with 22 bytes data
      RSSI: -71
-R
--raw
only the raw data is displayed.
hcidump --raw |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
> 04 3E 2B 02 01 03 01 0F EC 72 78 51 D3 1F 02 01 06 03 03 AA 
  FE 17 16 AA FE 10 F9 03 72 75 75 2E 76 69 2F 23 42 4A 41 4B 
  41 4C 78 49 72 B6 
> 04 3E 17 02 01 00 00 AE 3B 97 75 32 4C 0B 02 01 06 07 FF 4C 
  00 10 02 0B 00 B1 
> 04 3E 23 02 01 00 01 2A 73 AC 54 87 71 17 02 01 06 13 FF 4C 
  00 0C 0E 00 CB 3A F4 C4 21 9E B6 5D C4 9C D3 3E 26 B3 
> 04 3E 2B 02 01 03 01 03 AD 43 C6 C0 F2 1F 02 01 06 03 03 AA 
  FE 17 16 AA FE 10 F9 03 72 75 75 2E 76 69 2F 23 42 46 67 56 
  41 4C 78 49 4E C3 
hcidump -t --raw |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
2018-04-16 19:36:46.080953 > 04 3E 17 02 01 00 00 AE 3B 97 75 32 4C 0B 02 01 06 07 FF 4C 
  00 10 02 0B 00 B7 
2018-04-16 19:36:46.098825 > 04 3E 2B 02 01 03 01 03 AD 43 C6 C0 F2 1F 02 01 06 03 03 AA 
  FE 17 16 AA FE 10 F9 03 72 75 75 2E 76 69 2F 23 42 46 67 56 
  41 4C 78 49 4E B1 
2018-04-16 19:36:46.108579 > 04 3E 23 02 01 00 01 2A 73 AC 54 87 71 17 02 01 06 13 FF 4C 
  00 0C 0E 00 CB 3A F4 C4 21 9E B6 5D C4 9C D3 3E 26 B6 
2018-04-16 19:36:46.262135 > 04 3E 17 02 01 00 00 AE 3B 97 75 32 4C 0B 02 01 06 07 FF 4C 
  00 10 02 0B 00 C5 
-C
--cmtp=psm
for the CAPI Message Transport Protocol.
-H
--hcrp=psm
for the Hardcopy Control Channel.
-O
--obex=channel
Sets RFCOMM channel value for the Object Exchange Protocol.
-P
--ppp=channel
Sets RFCOMM channel value for the Point-to-Point Protocol.
-D
--pppdump=
Extract PPP traffic with pppdump format.
-A
--audio=file
Extract SCO audio data.
-Y
--novendor
Don't display any vendor commands, events
any pin code or link key in plain text.
hcidump -t -Y  |more
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
2018-04-16 19:40:44.038443 > HCI Event: LE Meta Event (0x3e) plen 35
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr 71:87:54:*:*:* (Random)
      Flags: 0x06
      Unknown type 0xff with 18 bytes data
      RSSI: -74
-h

FILTERS

filter is a space-separated list of packet categories:
lmp hci sco l2cap rfcomm sdp bnep cmtp hidp hcrp avdtp avctp obex capi ppp

lmp,(01) hci(02), sco(04), l2cap(08), rfcomm(10), sdp(20), bnep(40), cmtp(80), hidp(100), hcrp(200), avdtp(400), avctp(800), obex(1000), capi(2000) and ppp(4000)

Examples:

(buffers, just be patient)
hcidump -t --raw |                           # format 4
grep --after-context=2 "1A 1E 4A 74 FA F7" |  # get the interested MAC and next to lines
grep --invert-match '\-\-' |                  # get rid of the -- grep inserts
sed "N ;s/\n//; N; s/\n//" |                  # join 2nd and 3rd line
sed "s/04 3E //;  s/02 01 03 01//" |          # remove bluetooth header information
sed "s/  19 02 01 04 15 FF 99//"   |
sed "s/201.-..-..//;  s/[[:digit:]]\{3,3\} //; s/1A 1E 4A 74 FA F7//"   # pretty it up

 18:01:50.997 > 1F 02 01 06 03 03 AA   FE 17 16 AA FE 10 F9 03 72 75 75 2E 76 69 2F 23 42 47 51 59   41 4D 4F 30 47 AF 
 18:01:51.497 > 1F 02 01 06 03 03 AA   FE 17 16 AA FE 10 F9 03 72 75 75 2E 76 69 2F 23 42 47 51 59   41 4D 4F 30 47 B3 
                                                      FT TX htt r  u  u  . v  i  /  #  B     Q       A  M  O  3  G    

hcidump -t --raw |                           # format 5
grep --after-context=1 "1A 1E 4A 74 FA F7" |  # get the interested MAC and next to lines
grep --invert-match '\-\-' |                  # remove of the -- grep inserts
sed "N ;s/\n//; " |                           # join 2nd line
sed "s/04 3E //;  s/02 01 03 01//" |          # remove bluetooth header information
sed "s/  19 02 01 04 15 FF 99//"   |
sed "s/201.-..-..//;  s/[[:digit:]]\{3,3\} //; s/1A 1E 4A 74 FA F7//"   # pretty it up

 18:32:31.833> 19 02 01 04 15 FF 99   04 03 66 18 59 C4 0E 00 1B FF DD 03 DC 0A B7 00 00 00 00 B3 
 18:32:32.332> 19 02 01 04 15 FF 99   04 03 66 18 59 C4 0E 00 1B FF DD 03 DC 0A B7 00 00 00 00 B5 
 18:32:32.837> 19 02 01 04 15 FF 99   04 03 66 18 59 C4 0E 00 1B FF DD 03 DC 0A B7 00 00 00 00 B5 
                              CIC  ) fmt hh temp  press  xxxx yyyyy zzzzz battery          RSSI  


Protocol and Service Multiplexer
Protocol PSM
SDP 01 Service Discovery Protocol (SDP)
RFCOMM 03 RFCOMM with TS 07.10
TCS-BIN 05 Telephony Control Specification / TCS Binary
TCS-BIN-CORDLESS 07 Telephony Control Specification / TCS Binary
BNEP 0F Bluetooth Network Encapsulation Protocol
HID_Control 11 Human Interface Device
HID_Interrupt 13 Human Interface Device
UPnP 15 [ESDP]
AVCTP 17 Audio/Video Control Transport Protocol
AVDTP 19 Audio/Video Distribution Transport Protocol
AVCTP_Browsing 1B Audio/Video Remote Control Profile
UDI_C-Plane 1D Unrestricted Digital Information Profile [UDI]
ATT 1F Bluetooth Core Specification
3DSP 21 3D Synchronization Profile.
LE_PSM_IPSP 23 Internet Protocol Support Profile
OTS 25 Object Transfer Service