libbtbb Usage error of ubertooth-rx and save to pcap file

When I try ubertooth-rx -q mm.pcap

I get the following error:

PCAP error:: mm.pcap: link-layer type 255 isn't supported in savefiles ubertooth-rx: btbb_pcap_create_file: : Success

I run the latest libpcap and libbtbb releases and still get this error.

Would love to get some help.

Feb 22 '16 11:02 michaelp123

Which version of libpcap, libbtbb and libubertooth are you using?

Pcap support is fairly new and is rather experimental at this stage. The git code has better support than the last release, but it is not currently stable.

Feb 22 '16 12:02 dominicgs

Hi I am using libpcap 1.7.4. The libbtbb I downloaded from here: https://github.com/greatscottgadgets/libbtbb. And also using ubertooth 2015-10-R1

Feb 22 '16 12:02 michaelp123

Did you download a release of libbtbb or clone the git repository?

We recommend using matched release versions for libbtbb and Ubertooth, or using git latest for both (as long as they match).

Feb 22 '16 12:02 dominicgs

I downloaded the Zip file. It is called libbtbb-master. Is it correct?

Feb 22 '16 12:02 michaelp123

Can please tell me what is proper way to download both packages?

Feb 22 '16 12:02 michaelp123

That may cause your error. You can download the 2015-10-R1 release from here: https://github.com/greatscottgadgets/libbtbb/releases

Feb 22 '16 12:02 dominicgs

Hi, thanks. Installed this version. Still getting this error.

Feb 22 '16 12:02 michaelp123

You may have multiple versions installed - ls -l /usr/local/lib/libbtbb* should show a few files. It's probably best to delete them all and then re-run make install.

Have you tried using pcapng files rather than pcap? ubertooth-rx -r mm.pcap

Feb 22 '16 12:02 dominicgs

This code is certainly buggy and not stable yet, but I have not seen your original error before, so I am trying to determine if it's a new bug or if it is something caused by the environment.

Feb 22 '16 12:02 dominicgs

Hi, in /usr/local/lib/ I see three files: libbtbb.so, libbtbb.so.0, libbtbb.so.0.3. (I deleted them and re-ran make install). After that these 3 files appeared again.

When trying pcapng, I get no error, the file is saved but in wireshark I get: "22 WTAP_ENCAP=0"

Feb 22 '16 13:02 michaelp123

Do I need to install something else?

Feb 22 '16 13:02 michaelp123

Have you installed the Wireshark dissectors from the libbtbb/wireshark/plugins/ directory?

Again, I am not confident that this code works reliably.

On 22 February 2016 at 13:23, michaelp123 [email protected] wrote:

Do I need to install something else?

— Reply to this email directly or view it on GitHub https://github.com/greatscottgadgets/libbtbb/issues/37#issuecomment-187170105 .

Feb 22 '16 13:02 dominicgs

Yes I installed all dissectors and still getting "WTAP_ENCAP=0".

Is there any other way I can see payload from bluetooh packets?

Feb 22 '16 13:02 michaelp123

ubertooth-rx or ubertooth-follow will log data to screen if you specify the LAP/UAP on the commandline. As always, the following is not completely reliable, so it is unlikely that you will get all data.

Any encrypted packets will still be encrypted.

Feb 22 '16 14:02 dominicgs

i have also this error running this command ubertooth-rx -q trace.pcap. link-layer type 255 isn't supported in savefiles

is this bug fixed now? i've installed my ubertooth with the ubertooth-2015-10-R1 and libbtbb-2015-10-R1 release

Mar 14 '16 09:03 che88

No, this bug will be closed when it is fixed.

There is a chance that it will not occur with the version of libbtbb and Ubertooth in the git repositories, but I have not confirmed it.

Mar 29 '16 13:03 dominicgs