From 335d322069e59efe126ecfd95ab138569620543d Mon Sep 17 00:00:00 2001
From: stryngs <stryngs@users.noreply.github.com>
Date: Thu, 9 Sep 2021 02:51:32 -0400
Subject: [PATCH 1/2] Create capturing_BLE_scapy

---
 docs/source/capturing_BLE_scapy | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 docs/source/capturing_BLE_scapy

diff --git a/docs/source/capturing_BLE_scapy b/docs/source/capturing_BLE_scapy
new file mode 100644
index 00000000..b7875f91
--- /dev/null
+++ b/docs/source/capturing_BLE_scapy
@@ -0,0 +1,33 @@
+
+# Capturing BLE in scapy
+Use ubertooth-btle with -q and stream to a file.
+
+[Workaround](https://github.com/secdev/scapy/issues/2764#issuecomment-674387163) the dilemma of reaching EOF due to scapy defaults in a low traffic area.
+
+## Rough concept
+In a terminal, run ubertooth-btle with -f, -n or -p.  Use -q for the pcap output:
+```
+ubertooth-btle -f -q /tmp/pipe
+```
+In another terminal, open python and run:
+```
+from scapy.all import *
+
+class Reader(PcapReader):
+    def read_packet(self, size = MTU):
+        try:
+            return super(Reader, self).read_packet(size)
+        except EOFError:
+            return None
+
+
+p = sniff(opened_socket=Reader('/tmp/pipe'), prn = lambda x: x.summary())
+
+```
+
+## Takeaways from the concept
+- p is now a list of the packets captured.  This object is usable if you crtl+c
+  within a Python IDE such as [ipython](https://ipython.org/)
+- Save RAM by using prn to do something other than print to stdout; set store = 0
+- ubertooth-btle is blocking when invoked via os.system()
+- "mount -t tmpfs -o size=10M tmpfs /tmp/foo" <~~~ might just be a friend

From 272d39dcd1783c21f6e2c82799d01606616527e8 Mon Sep 17 00:00:00 2001
From: Straithe <b@straithe.com>
Date: Thu, 2 Dec 2021 14:49:38 -0500
Subject: [PATCH 2/2] Rename capturing_BLE_scapy to capturing_BLE_scapy.rst

---
 docs/source/{capturing_BLE_scapy => capturing_BLE_scapy.rst} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/source/{capturing_BLE_scapy => capturing_BLE_scapy.rst} (100%)

diff --git a/docs/source/capturing_BLE_scapy b/docs/source/capturing_BLE_scapy.rst
similarity index 100%
rename from docs/source/capturing_BLE_scapy
rename to docs/source/capturing_BLE_scapy.rst