Skip to main content
Wireshark is the primary tool for capturing and analyzing Bluetooth Low Energy (BLE) packets in real-time. It provides live visibility into all data exchanged between the Whoop 4.0 device and the mobile app.

Setup

1

Enable USB debugging

Connect your Android phone to your computer via USB and ensure USB debugging is enabled in Developer Settings.
2

Verify ADB connection

Check that your device is recognized:
adb devices -l
You should see your device listed in the output.
3

Launch Wireshark

Start Wireshark with root privileges:
sudo wireshark
4

Select Bluetooth interface

In the Wireshark interface list, select Android Bluetooth Btsnoop. This will start capturing all Bluetooth traffic from your connected Android device.
Root/sudo access is required to run Wireshark with the Android Bluetooth capture interface.

Filtering for GATT Packets

Once capturing, you’ll see all Bluetooth activity. To focus on the relevant GATT communication:
  1. Apply the btatt filter in Wireshark’s filter bar: 
    btatt
  2. This filters for Bluetooth Attribute Protocol packets only, showing:
    • Characteristic writes to the device
    • Notifications from the device
    • Read/write responses
  3. Open the Whoop app and interact with features - you’ll see the corresponding packets in real-time.

Analyzing Specific Characteristics

To narrow down to specific characteristics, combine filters: 
btatt.handle == 0x0010
This filters for packets targeting the CMD_TO_STRAP characteristic (handle 0x0010), which is used to send commands to the device.

Common Handles

HandleCharacteristicDirectionPurpose
0x0010CMD_TO_STRAPWriteCommands sent to device
0x0012CMD_FROM_STRAPNotifyCommand responses
0x0015EVENTS_FROM_STRAPNotifyEvent notifications
0x0018DATA_FROM_STRAPNotifySensor data stream

Example: Opening the App

When you open the Whoop app, Wireshark reveals the following sequence:
  1. App writes to CMD_TO_STRAP (handle 0x0010): 
    aa0800a823461600699b4cfb
  2. Device responds with one notification on CMD_FROM_STRAP
  3. Multiple notifications arrive on DATA_FROM_STRAP containing sensor data
This pattern helps you understand the request-response flow and identify which commands trigger which data streams.

Alternative: Extracting HCI Logs

For post-capture analysis, you can extract Bluetooth HCI logs from an Android device:
1

Enable HCI logging

In Developer Settings, enable Bluetooth HCI snoop logging.
2

Generate bugreport

After using the Whoop app, capture logs:
adb bugreport logs
3

Extract and open in Wireshark

unzip logs.zip
wireshark FS/data/log/bt/btsnoop_hci.log
The bugreport method is useful for analyzing extended sessions, but live capture with Wireshark provides immediate feedback during reverse engineering.

Tips

  • Use “Follow > Bluetooth ATT Stream” to see all packets in a conversation
  • Right-click packets and select “Copy > as Hex Stream” to extract raw bytes
  • Apply display filters like btatt && !btatt.opcode == 0x1b to exclude ATT acknowledgments
  • Use the packet details pane to inspect header structure and CRC checksums

Build docs developers (and LLMs) love

Get started for freeTalk to us