Skip to content
Log in

Ubertooth One

Definition

An open-source USB Bluetooth sniffing platform developed by Michael Ossmann that can capture raw Bluetooth BR/EDR and BLE frames from the air. It operates by hopping channels to follow active piconets. Output is typically a PCAP file readable in Wireshark. It is a common tool in forensic Bluetooth capture because it is open-source, inexpensive, and produces standard packet captures.

Related terms

BD_ADDR (Bluetooth Device Address)
The 48-bit hardware address assigned to each classic Bluetooth device by its manufacturer. Analogous to a MAC address on Ethernet. Unlike BLE...
GATT (Generic Attribute Profile)
The protocol framework used by BLE for data exchange. A GATT server exposes data as Services and Characteristics; a GATT client reads...
Link Key / Long-Term Key (LTK)
The cryptographic secret negotiated during Bluetooth pairing that is stored on both devices and used to authenticate and encrypt subsequent connections. In...
Resolvable Private Address (RPA)
A BLE address type that rotates on a timer (typically every 15 minutes) but can be resolved back to the device's true...
RFCOMM
Radio Frequency Communication, the Bluetooth protocol that emulates a serial RS-232 connection over an L2CAP channel. Used by profiles including Serial Port...

Explained in

  • Bluetooth ForensicsAn open-source USB Bluetooth sniffing platform developed by Michael Ossmann that can capture raw Bluetooth BR/EDR and BLE frames from the air. It operates by h...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account