This exercise builds on the firmware we made in Exercise 2 of Lesson 2, where the peripheral advertised in scannable, non-connectable mode, and we also made a scan response packet containing a URL.
We will use the sniffer to capture advertising packets and analyze the content of the advertising packet, as well as the scan request packet and scan response packet.
Note that this is the same firmware as the solution to exercise 2 found in l2/l2_e2_sol.
1. Build and flash the application on your board.
LED1 on your board should be blinking (or LED0 on nRF54 Series devices), indicating that your board is advertising.
2. Run the sniffer on Wireshark
Open Wireshark. Under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, just like we did when setting up nRF Sniffer.
3. Filter advertising packets from “Nordic_Beacon“
You may notice that the captured advertising packets are from multiple different advertising devices.
Let’s filter these out, by clicking on the Device drop-down list to find the “Nordic_Beacon“.
Note
If the name of the advertiser is not shown, you can also look for the address. You can find the address of the device in nRF Connect for Mobile (on Android).
Now you should only see the advertising packets from this device, including the scan requests and scan response related to this device.
Make sure that the “Automatic Scroll” function is enabled to always see the latest packets
Note
Since the peripheral in exercise 2 from lesson 2 uses a randomly generated address that is assigned boot-up, resetting the device will give it a new address. The sniffer won’t be able to track that, so you will need to select “All advertising devices” to track all advertisers and then select the new Nordic_Beacon device with the new address.
4. (optional) Apply an RSSI filter for the Capture interface
If you are working in a dense environment, with many Bluetooth LE devices, this list of devices can be quite long. In the next step, we will filter out these devices based on their vicinity to the sniffer, using the RSSI. If you don’t have a problem with too many devices, you can skip straight to step 5.
Let’s apply a filter for the capture interface, based on the RSSI, or Received Signal Strength Indicator, of the advertising packets.
4.1 Close and re-open Wireshark, to see the Capture menu again
4.2 In the Capture interface selection, type in RSSI >= -50
Make sure to click on nRF Sniffer for Bluetooth LE COM port before typing in the filter. Otherwise, the bar will turn red.
This will filter out all Bluetooth LE packets that have RSSI smaller than -50dBm
4.3 Start the sniffer again, and you should see much fewer devices in the Device drop-down list.
5. Inspect the broadcasted advertising packets
1. First, observe that the advertising packets are of type ADV_SCAN_IND, which is non-connectable and scannable. This means the advertiser will accept scan request, but not connection requests.
2. Notice that the advertising packets are broadcasted consecutively on the three advertising channels 37, 38 and 39.
Another thing to note, in the Delta time column, is that the advertising interval is roughly 500 ms. The three packets are relatively close together, with around 1.5ms between them, and then about 500ms later, another cluster of three advertising packets are sent.
Notice the slight difference in the delta time between each advertising event. It’s not exactly 500ms between them. This is because of the 10ms random delay added to each advertising event to avoid continuous collisions if two advertisers have the same advertising interval.
6. Inspect the contents of an advertising packet
Let’s inspect an advertising packet, by clicking on a ADV_SCAN_IND packet from the Nordic_Beacon device.
The bottom half of your window (the Packet Details and Packet Bytes window) will now be updated to show this advertising packet.
Inspecting an advertising packet
Expand Bluetooth Low Energy Link Layer and Advertising Data. Clicking on the different subitems (Flags, Device Name, Manufacturer Specific) will highlight in which part of the packet this data is.
We can match the advertising data in binary to the format we learned in Lesson 2. Recall that the advertising data consists of multiple advertising data structures, starting with the length followed by the type and then the content.
In this case, we can see 0x02 0x01 0x04 is the first advertising structure. In this we have the length is 0x02 byte, the type is 0x01 (meaning it’s a flag) and the value of the flag is BT_LE_AD_NO_BREDR (0x04). You can find the same pattern repeated with the Manufacturer Specific data, starting with the length 0x05, then the type 0xFF (Manufacturer Specific), and the actual contents which consist of the Company ID (0x0059) and then the Data 0x0000.
7. Inspect the scan response packet
To inspect a scan response packet, we need the central, i.e your smartphone, to send a scan request packet to the advertiser.
7.1 Open the nRF Connect for Mobile application and start scanning. This will trigger the phone to automatically send a scan request.
The SCAN_REQ (Scan Request) from the scanner is sent after an advertising packet (in this case on channel 39) and it is followed by a SCAN_RSP (Scan Response) from the advertiser. Both SCAN_REQ and SCAN_RSP is performed on the same channel as the advertising packet it follows.
7.2 Select the SCAN_RSP packet to inspect the contents.
You can find the same pattern of the advertising structure here. It starts with the length 0x1A (26 bytes) followed by type 0x24 (which is URI) and then the actual data which is the URL: //academy.nordicsemi.com
8. Observe the dynamic data being updated
Recall from lesson 2 exercise 2, that we learned how to dynamically change the contents of the advertising data, triggered by pressing button 1.
8.1 Select any of the advertising packets, ADV_SCAN_IND, and observe the Manufacturer Specific data value of 0x0000.
8.2 Now press button 1 on the board acting as the peripheral
8.3 Inspect a new advertising packet
Observe that the contents of the advertising packets will now be updated, to 0x0100.
Each time you press button 1 on the board that is advertising, the value of the Manufacturer Specific Data will be increased by one.
Note
Bluetooth LE uses little endianness to represent the data in GAP and GATT layers, which is why it increments from 0x00 00 to 0x01 00, etc.
v2.9.0 – v2.7.0
Capture and analyze Bluetooth advertising packets
This exercise builds on the firmware we made in Exercise 2 of Lesson 2, where the peripheral advertised in scannable, non-connectable mode, and we also made a scan response packet containing a URL.
We will use the sniffer to capture advertising packets and analyze the content of the advertising packet, as well as the scan request packet and scan response packet.
Note that this is the same firmware as the solution to exercise 2 found in l2/l2_e2_sol.
1. Build and flash the application on your board.
LED1 on your board should be blinking (or LED0 on nRF54 Series devices), indicating that your board is advertising.
2. Run the sniffer on Wireshark
Open Wireshark. Under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, just like we did when setting up nRF Sniffer.
3. Filter advertising packets from “Nordic_Beacon“
You may notice that the captured advertising packets are from multiple different advertising devices.
Let’s filter these out, by clicking on the Device drop-down list to find the “Nordic_Beacon“.
Note
If the name of the advertiser is not shown, you can also look for the address. You can find the address of the device in nRF Connect for Mobile (on Android).
Now you should only see the advertising packets from this device, including the scan requests and scan response related to this device.
Make sure that the “Automatic Scroll” function is enabled to always see the latest packets
Note
Since the peripheral in exercise 2 from lesson 2 uses a randomly generated address that is assigned boot-up, resetting the device will give it a new address. The sniffer won’t be able to track that, so you will need to select “All advertising devices” to track all advertisers and then select the new Nordic_Beacon device with the new address.
4. (optional) Apply an RSSI filter for the Capture interface
If you are working in a dense environment, with many Bluetooth LE devices, this list of devices can be quite long. In the next step, we will filter out these devices based on their vicinity to the sniffer, using the RSSI. If you don’t have a problem with too many devices, you can skip straight to step 5.
Let’s apply a filter for the capture interface, based on the RSSI, or Received Signal Strength Indicator, of the advertising packets.
4.1 Close and re-open Wireshark, to see the Capture menu again
4.2 In the Capture interface selection, type in RSSI >= -50
Make sure to click on nRF Sniffer for Bluetooth LE COM port before typing in the filter. Otherwise, the bar will turn red.
This will filter out all Bluetooth LE packets that have RSSI smaller than -50dBm
4.3 Start the sniffer again, and you should see much fewer devices in the Device drop-down list.
5. Inspect the broadcasted advertising packets
1. First, observe that the advertising packets are of type ADV_SCAN_IND, which is non-connectable and scannable. This means the advertiser will accept scan request, but not connection requests.
2. Notice that the advertising packets are broadcasted consecutively on the three advertising channels 37, 38 and 39.
Another thing to note, in the Delta time column, is that the advertising interval is roughly 500 ms. The three packets are relatively close together, with around 1.5ms between them, and then about 500ms later, another cluster of three advertising packets are sent.
Notice the slight difference in the delta time between each advertising event. It’s not exactly 500ms between them. This is because of the 10ms random delay added to each advertising event to avoid continuous collisions if two advertisers have the same advertising interval.
6. Inspect the contents of an advertising packet
Let’s inspect an advertising packet, by clicking on a ADV_SCAN_IND packet from the Nordic_Beacon device.
The bottom half of your window (the Packet Details and Packet Bytes window) will now be updated to show this advertising packet.
Inspecting an advertising packet
Expand Bluetooth Low Energy Link Layer and Advertising Data. Clicking on the different subitems (Flags, Device Name, Manufacturer Specific) will highlight in which part of the packet this data is.
We can match the advertising data in binary to the format we learned in Lesson 2. Recall that the advertising data consists of multiple advertising data structures, starting with the length followed by the type and then the content.
In this case, we can see 0x02 0x01 0x04 is the first advertising structure. In this we have the length is 0x02 byte, the type is 0x01 (meaning it’s a flag) and the value of the flag is BT_LE_AD_NO_BREDR (0x04). You can find the same pattern repeated with the Manufacturer Specific data, starting with the length 0x05, then the type 0xFF (Manufacturer Specific), and the actual contents which consist of the Company ID (0x0059) and then the Data 0x0000.
7. Inspect the scan response packet
To inspect a scan response packet, we need the central, i.e your smartphone, to send a scan request packet to the advertiser.
7.1 Open the nRF Connect for Mobile application and start scanning. This will trigger the phone to automatically send a scan request.
The SCAN_REQ (Scan Request) from the scanner is sent after an advertising packet (in this case on channel 39) and it is followed by a SCAN_RSP (Scan Response) from the advertiser. Both SCAN_REQ and SCAN_RSP is performed on the same channel as the advertising packet it follows.
7.2 Select the SCAN_RSP packet to inspect the contents.
You can find the same pattern of the advertising structure here. It starts with the length 0x1A (26 bytes) followed by type 0x24 (which is URI) and then the actual data which is the URL: //academy.nordicsemi.com
8. Observe the dynamic data being updated
Recall from lesson 2 exercise 2, that we learned how to dynamically change the contents of the advertising data, triggered by pressing button 1.
8.1 Select any of the advertising packets, ADV_SCAN_IND, and observe the Manufacturer Specific data value of 0x0000.
8.2 Now press button 1 on the board acting as the peripheral
8.3 Inspect a new advertising packet
Observe that the contents of the advertising packets will now be updated, to 0x0100.
Each time you press button 1 on the board that is advertising, the value of the Manufacturer Specific Data will be increased by one.
Note
Bluetooth LE uses little endianness to represent the data in GAP and GATT layers, which is why it increments from 0x00 00 to 0x01 00, etc.
v2.6.2 – v2.3.0
Capture and analyze Bluetooth advertising packets
This exercise builds on the firmware we made in Exercise 2 of Lesson 2, where the peripheral advertised in scannable, non-connectable mode, and we also made a scan response packet containing a URL.
We will use the sniffer to capture advertising packets and analyze the content of the advertising packet, as well as the scan request packet and scan response packet.
Note that this is the same firmware as the solution to exercise 2 found in l2/l2_e2_sol.
1. Build and flash the application on your board.
LED1 on your board should be blinking, indicating that your board is advertising.
2. Run the sniffer on Wireshark
Open Wireshark. Under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, just like we did when setting up nRF Sniffer.
3. Filter advertising packets from “Nordic_Beacon“
You may notice that the captured advertising packets are from multiple different advertising devices.
Let’s filter these out, by clicking on the Device drop-down list to find the “Nordic_Beacon“.
Note
If the name of the advertiser is not shown, you can also look for the address. You can find the address of the device in nRF Connect for Mobile (on Android).
Now you should only see the advertising packets from this device, including the scan requests and scan response related to this device.
Make sure that the “Automatic Scroll” function is enabled to always see the latest packets
Note
Since the peripheral in exercise 2 from lesson 2 uses a randomly generated address that is assigned boot-up, resetting the device will give it a new address. The sniffer won’t be able to track that, so you will need to select “All advertising devices” to track all advertisers and then select the new Nordic_Beacon device with the new address.
4. (optional) Apply an RSSI filter for the Capture interface
If you are working in a dense environment, with many Bluetooth LE devices, this list of devices can be quite long. In the next step, we will filter out these devices based on their vicinity to the sniffer, using the RSSI. If you don’t have a problem with too many devices, you can skip straight to step 5.
Let’s apply a filter for the capture interface, based on the RSSI, or Received Signal Strength Indicator, of the advertising packets.
4.1 Close and re-open Wireshark, to see the Capture menu again
4.2 In the Capture interface selection, type in RSSI >= -50
Make sure to click on nRF Sniffer for Bluetooth LE COM port before typing in the filter. Otherwise, the bar will turn red.
This will filter out all Bluetooth LE packets that have RSSI smaller than -50dBm
4.3 Start the sniffer again, and you should see much fewer devices in the Device drop-down list.
5. Inspect the broadcasted advertising packets
1. First, observe that the advertising packets are of type ADV_SCAN_IND, which is non-connectable and scannable. This means the advertiser will accept scan request, but not connection requests.
2. Notice that the advertising packets are broadcasted consecutively on the three advertising channels 37, 38 and 39.
Another thing to note, in the Delta time column, is that the advertising interval is roughly 500 ms. The three packets are relatively close together, with around 1.5ms between them, and then about 500ms later, another cluster of three advertising packets are sent.
Notice the slight difference in the delta time between each advertising event. It’s not exactly 500ms between them. This is because of the 10ms random delay added to each advertising event to avoid continuous collisions if two advertisers have the same advertising interval.
6. Inspect the contents of an advertising packet
Let’s inspect an advertising packet, by clicking on a ADV_SCAN_IND packet from the Nordic_Beacon device.
The bottom half of your window (the Packet Details and Packet Bytes window) will now be updated to show this advertising packet.
Inspecting an advertising packet
Expand Bluetooth Low Energy Link Layer and Advertising Data. Clicking on the different subitems (Flags, Device Name, Manufacturer Specific) will highlight in which part of the packet this data is.
We can match the advertising data in binary to the format we learned in Lesson 2. Recall that the advertising data consists of multiple advertising data structures, starting with the length followed by the type and then the content.
In this case, we can see 0x02 0x01 0x04 is the first advertising structure. In this we have the length is 0x02 byte, the type is 0x01 (meaning it’s a flag) and the value of the flag is BT_LE_AD_NO_BREDR (0x04). You can find the same pattern repeated with the Manufacturer Specific data, starting with the length 0x05, then the type 0xFF (Manufacturer Specific), and the actual contents which consist of the Company ID (0x0059) and then the Data 0x0000.
7. Inspect the scan response packet
To inspect a scan response packet, we need the central, i.e your smartphone, to send a scan request packet to the advertiser.
7.1 Open the nRF Connect for Mobile application and start scanning. This will trigger the phone to automatically send a scan request.
The SCAN_REQ (Scan Request) from the scanner is sent after an advertising packet (in this case on channel 39) and it is followed by a SCAN_RSP (Scan Response) from the advertiser. Both SCAN_REQ and SCAN_RSP is performed on the same channel as the advertising packet it follows.
7.2 Select the SCAN_RSP packet to inspect the contents.
You can find the same pattern of the advertising structure here. It starts with the length 0x1A (26 bytes) followed by type 0x24 (which is URI) and then the actual data which is the URL: //academy.nordicsemi.com
8. Observe the dynamic data being updated
Recall from lesson 2 exercise 2, that we learned how to dynamically change the contents of the advertising data, triggered by pressing button 1.
8.1 Select any of the advertising packets, ADV_SCAN_IND, and observe the Manufacturer Specific data value of 0x0000.
8.2 Now press button 1 on the board acting as the peripheral
8.3 Inspect a new advertising packet
Observe that the contents of the advertising packets will now be updated, to 0x0100.
Each time you press button 1 on the board that is advertising, the value of the Manufacturer Specific Data will be increased by one.
Note
Bluetooth LE uses little endianness to represent the data in GAP and GATT layers, which is why it increments from 0x00 00 to 0x01 00, etc.
Nordic Developer Academy Privacy Policy
1. Introduction
In this Privacy Policy you will find information on Nordic Semiconductor ASA (“Nordic Semiconductor”) processes your personal data when you use the Nordic Developer Academy.
References to “we” and “us” in this document refers to Nordic Semiconductor.
2. Our processing of personal data when you use the Nordic Developer Academy
2.1 Nordic Developer Academy
Nordic Semiconductor processes personal data in order to provide you with the features and functionality of the Nordic Developer Academy. Creating a user account is optional, but required if you want to track you progress and view your completed courses and obtained certificates. If you choose to create a user account, we will process the following categories of personal data:
Email
Name
Password (encrypted)
Course progression (e.g. which course you have completely or partly completed)
Certificate information, which consists of name of completed course and the validity of the certificate
Course results
During your use of the Nordic Developer Academy, you may also be asked if you want to provide feedback. If you choose to respond to any such surveys, we will also process the personal data in your responses in that survey.
The legal basis for this processing is GDPR article 6 (1) b. The processing is necessary for Nordic Semiconductor to provide the Nordic Developer Academy under the Terms of Service.
2.2 Analytics
If you consent to analytics, Nordic Semiconductor will use Google Analytics to obtain statistics about how the Nordic Developer Academy is used. This includes collecting information on for example what pages are viewed, the duration of the visit, the way in which the pages are maneuvered, what links are clicked, technical information about your equipment. The information is used to learn how Nordic Developer Academy is used and how the user experience can be further developed.
2.2 Newsletter
You can consent to receive newsletters from Nordic from within the Nordic Developer Academy. How your personal data is processed when you sign up for our newsletters is described in the Nordic Semiconductor Privacy Policy.
3. Retention period
We will store your personal data for as long you use the Nordic Developer Academy. If our systems register that you have not used your account for 36 months, your account will be deleted.
4. Additional information
Additional information on how we process personal data can be found in the Nordic Semiconductor Privacy Policy and Cookie Policy.
Nordic Developer Academy Terms of Service
1. Introduction
These terms and conditions (“Terms of Use”) apply to the use of the Nordic Developer Academy, provided by Nordic Semiconductor ASA, org. nr. 966 011 726, a public limited liability company registered in Norway (“Nordic Semiconductor”).
Nordic Developer Academy allows the user to take technical courses related to Nordic Semiconductor products, software and services, and obtain a certificate certifying completion of these courses. By completing the registration process for the Nordic Developer Academy, you are agreeing to be bound by these Terms of Use.
These Terms of Use are applicable as long as you have a user account giving you access to Nordic Developer Academy.
2. Access to and use of Nordic Developer Academy
Upon acceptance of these Terms of Use you are granted a non-exclusive right of access to, and use of Nordic Developer Academy, as it is provided to you at any time. Nordic Semiconductor provides Nordic Developer Academy to you free of charge, subject to the provisions of these Terms of Use and the Nordic Developer Academy Privacy Policy.
To access select features of Nordic Developer Academy, you need to create a user account. You are solely responsible for the security associated with your user account, including always keeping your login details safe.
You will able to receive an electronic certificate from Nordic Developer Academy upon completion of courses. By issuing you such a certificate, Nordic Semiconductor certifies that you have completed the applicable course, but does not provide any further warrants or endorsements for any particular skills or professional qualifications.
Nordic Semiconductor will continuously develop Nordic Developer Academy with new features and functionality, but reserves the right to remove or alter any existing functions without notice.
3. Acceptable use
You undertake that you will use Nordic Developer Academy in accordance with applicable law and regulations, and in accordance with these Terms of Use. You must not modify, adapt, or hack Nordic Developer Academy or modify another website so as to falsely imply that it is associated with Nordic Developer Academy, Nordic Semiconductor, or any other Nordic Semiconductor product, software or service.
You agree not to reproduce, duplicate, copy, sell, resell or in any other way exploit any portion of Nordic Developer Academy, use of Nordic Developer Academy, or access to Nordic Developer Academy without the express written permission by Nordic Semiconductor. You must not upload, post, host, or transmit unsolicited email, SMS, or \”spam\” messages.
You are responsible for ensuring that the information you post and the content you share does not;
contain false, misleading or otherwise erroneous information
infringe someone else’s copyrights or other intellectual property rights
contain sensitive personal data or
contain information that might be received as offensive or insulting.
Such information may be removed without prior notice.
Nordic Semiconductor reserves the right to at any time determine whether a use of Nordic Developer Academy is in violation of its requirements for acceptable use.
Violation of the at any time applicable requirements for acceptable use may result in termination of your account. We will take reasonable steps to notify you and state the reason for termination in such cases.
4. Routines for planned maintenance
Certain types of maintenance may imply a stop or reduction in availability of Nordic Developer Academy. Nordic Semiconductor does not warrant any level of service availability but will provide its best effort to limit the impact of any planned maintenance on the availability of Nordic Developer Academy.
5. Intellectual property rights
Nordic Semiconductor retains all rights to all elements of Nordic Developer Academy. This includes, but is not limited to, the concept, design, trademarks, know-how, trade secrets, copyrights and all other intellectual property rights.
Nordic Semiconductor receives all rights to all content uploaded or created in Nordic Developer Academy. You do not receive any license or usage rights to Nordic Developer Academy beyond what is explicitly stated in this Agreement.
6. Liability and damages
Nothing within these Terms of Use is intended to limit your statutory data privacy rights as a data subject, as described in the Nordic Developer Academy Privacy Policy. You acknowledge that errors might occur from time to time and waive any right to claim for compensation as a result of errors in Nordic Developer Academy. When an error occurs, you shall notify Nordic Semiconductor of the error and provide a description of the error situation.
You agree to indemnify Nordic Semiconductor for any loss, including indirect loss, arising out of or in connection with your use of Nordic Developer Academy or violations of these Terms of Use. Nordic Semiconductor shall not be held liable for, and does not warrant that (i) Nordic Developer Academy will meet your specific requirements, (ii) Nordic Developer Academy will be uninterrupted, timely, secure, or error-free, (iii) the results that may be obtained from the use of Nordic Developer Academy will be accurate or reliable, (iv) the quality of any products, services, information, or other material purchased or obtained by you through Nordic Developer Academy will meet your expectations, or that (v) any errors in Nordic Developer Academy will be corrected.
You accept that this is a service provided to you without any payment and hence you accept that Nordic Semiconductor will not be held responsible, or liable, for any breaches of these Terms of Use or any loss connected to your use of Nordic Developer Academy. Unless otherwise follows from mandatory law, Nordic Semiconductor will not accept any such responsibility or liability.
7. Change of terms
Nordic Semiconductor may update and change the Terms of Use from time to time. Nordic Semiconductor will seek to notify you about significant changes before such changes come into force and give you a possibility to evaluate the effects of proposed changes. Continued use of Nordic Developer Academy after any such changes shall constitute your acceptance of such changes. You can review the current version of the Terms of Use at any time at https://academy.nordicsemi.com/terms-of-service/
8. Transfer of rights
Nordic Semiconductor is entitled to transfer its rights and obligation pursuant to these Terms of Use to a third party as part of a merger or acquisition process, or as a result of other organizational changes.
9. Third Party Services
To the extent Nordic Developer Academy facilitates access to services provided by a third party, you agree to comply with the terms governing such third party services. Nordic Semiconductor shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third party services.
10. Dispute resolution
The Terms of Use and any other legally binding agreement between yourself and Nordic Semiconductor shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction.
