Live Android Btsnoop logging is not available on Android 10 and newer
Summary
In Android 8 and 9 it was possible to get live Btsnoop logging with Wireshark using the androiddump tool, however it does not seem to be possible Android 10 and newer.
Developer options are enabled and the same goes for "Enable Bluetooth HCI snoop log". The Bluetooth HCI snoop log is also present when taking bugreports, so that is not the issue.
I have tested with Wireshark on both Win10 and Mac, and neither can get live Btsnoop logging to work on the newer Android versions.
Phones where live Btsnoop logging works:
- Samsung Galaxy A3 (2017), Android 8.0
- LG G5, Android 8.0
- Motorola Moto G5, Android 8.1
- Nokia 8, Android 8.0 and 9
Phones where live Btsnoop logging does NOT work:
- Samsung Galaxy S20, Android 10 and 11
- Samsung Galaxy M21, Android 10 and 11
- Google Pixel 4, Android 10, 11 and 12DP
Is it an error in Android? I have also reported this issue to Google.
Or is it an error on the Wireshark/androiddump side?
Steps to reproduce
Android phone:
- Enable Developer options
- Inside developer options, enable Bluetooth HCI snoop logging
- Restart Bluetooth (Android 8+) older phones need a reboot
PC/Mac:
- Install the latest Android development tools to get the Android Debug Bridge ADB
- Connect the phone to the PC/Mac and accept the request on the phone to be debugged from the PC/Mac
- Install Wireshark with the androiddump tool option selected.
- Start Wireshark
What is the current bug behavior?
The "Android Bluetooth btsnoop Net" capture interface is only present when connected to phones with Android 9 and older.
When starting Wireshark from the command line, the error is the same for both platforms and all phones with Android 10 or newer:
"The capture session could not be initiated on interface 'android-bluetooth-btsnoop-net-{PHONE_SN}' (No such device exists)."
For the phone with Android 10 and newer, Wireshark still lists the options for showing Android Logcat (crash, events, main, radio and system), but the "Android Bluetooth btsnoop Net" option is only present on the phones with Android 9 and older.
What is the expected correct behavior?
Be able to do live Btsnoop logging like on older Android phones.
Sample capture file
N/A
Relevant logs and/or screenshots
N/A
Build information
3.4.4 (v3.4.4-0-gc33f6306)
Compiled (64-bit) with Qt 5.15.1, with libpcap, with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 (closed) support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler), with Minizip.
Running on 64-bit Windows 10 (2009), build 19042, with Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz (with SSE4.2), with 32519 MB of physical memory, with locale Danish_Denmark.utf8, with light display mode, with mixed DPI, with Npcap version 1.10, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (21 loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.28, build 29910).