Skip to content

Instantly share code, notes, and snippets.

@gnyman

gnyman/ibeacon.lua

Last active May 22, 2019 20:39
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gnyman/06db1605f9e80e55ca74b33bda7678a6 to your computer and use it in GitHub Desktop.
Save gnyman/06db1605f9e80e55ca74b33bda7678a6 to your computer and use it in GitHub Desktop.
Download ZIP
wireshark iBeacon parser
Raw
ibeacon.lua
-- A better iBeacon parser
-- Wireshark has the capability to parse iBeacons but that parser shows the
-- wrong UUID and does not show TX
-- This is a quick hack to create a iBeacon parser which shows
-- the same UUID as my Android and iPhone test devices
--
-- To use this, place this file in ~/.wireshark/plugins and then open WireShark
-- and view a iBeacon BLE packet. Expand until Manufacturer Specific then
-- right click and choose, Decode As.. Set the field to BT EIR/AD Manufacturer
-- Company ID and the decoder to IBEACON-2
-- Done...
-- Tested with Wireshark 2.4.0 on OS X on packets captured with NRF51822 using
-- ble-sniffer-osx
-- To view those packets the first thing you need to do is to go in to
-- Wireshark preferences, Plugins, DLT_USER, Edit and add DLT=157 and payload
-- nordic_ble
local ibeacon = Proto("iBeacon-2", "Better iBeacon")
local function ibeacon_dissector(buffer, pinfo, tree)
local subtree = tree:add(ibeacon,buffer(),"iBeacon")
subtree:add(buffer(2,16),"UUID: " .. buffer(2,2) .. "-" .. buffer(6,2) .. "-" .. buffer(8,2) .. "-" .. buffer(10,2) .. "-" .. buffer(12,6))
subtree:add(buffer(18,2),"Major: " .. buffer(18,2):int())
subtree:add(buffer(20,2),"Minor: " .. buffer(20,2):int())
subtree:add(buffer(22,1),"TX: " .. buffer(22,1):int())
end
ibeacon.dissector = ibeacon_dissector
bt_table = DissectorTable.get("btcommon.eir_ad.manufacturer_company_id")
bt_table:add_for_decode_as(ibeacon)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment