In this chapter, we will go through how to set up nRF Sniffer and test that it is working properly by sniffing a Bluetooth LE packet.
nRF Sniffer has a comprehensive documentation on how to program the nRF Sniffer firmware on to your device, and how to set up Wireshark on your computer, to analyze packets. The content in this chapter closely follows the documentation with some additional information and screenshots to help you along the way.
You can choose to either continue with the instructions here or go to the documentation page and follow the steps there.
The nRF Sniffer firmware supports the following boards:
1. Download nRF Sniffer for Bluetooth LE v4.x or later and extract the contents of the zip file into a folder of your choice.
In the following sections, this folder is referred to as Sniffer_Software
.
All the firmware HEX files are located in Sniffer_Software/hex
.
Development kit/dongle | Firmware file name |
---|---|
nRF52840 DK | sniffer_nrf52840dk_nrf52840_*.hex |
nRF52840 Dongle | sniffer_nrf52840dongle_nrf52840_*.hex |
nRF52833 DK | sniffer_nrf52833dk_nrf52833_*.hex |
nRF52 DK | sniffer_nrf52dk_nrf52832_*.hex |
nRF51 DK | sniffer_nrf51dk_nrf51422_*.hex |
nRF51 Dongle | sniffer_nrf51dongle_nrf51422_*.hex |
2. Open up nRF Connect for Desktop and install and launch the Programmer application.
On macOS and Linux: install the SEGGER J-Link software before proceeding to the next step.
If you are running an M1-based Mac, you must install the Intel/x86 variants of J-Link.
3. In the upper left hand corner, select the board you are using as the Bluetooth LE sniffer.
4. Select Add file and Browse, then navigate to Sniffer_Software/hex
and select the file that applies to the hardware you are using, see the table above. Select Open.
5. Click Erase & write to flash the firmware to your board.
This will explain the installation process for Windows and macOS. For instructions on Ubuntu Linux, see Installing Wireshark on Ubuntu Linux.
1. Go to the Wireshark download page.
2. In the Stable Release list at the top of the page, select the release package for your operating system.
The download should start automatically.
3. Open up the file when it’s finished downloading, and follow the instructions to download Wireshark.
Wireshark is an open-source packet analyzer, and can be used for many different protocols. To use it with the nRF Sniffer firmware, we offer an external capture plugin to use with Wireshark.
The nRF Sniffer capture tool comes as an external capture plugin for Wireshark.
1. Install the Python requirements
1.1 Open a command window and navigate to the folder Sniffer_Software/extcap
.
1.2 Depending on your system, run one of the following commands (make sure you have Python installed on your computer):
2. Copy the nRF Sniffer capture tool into Wireshark
2.1 Open Wireshark
2.2 Go to Help > About Wireshark (on Windows or Linux) or Wireshark > About Wireshark (on macOS).
2.3 Select the Folders tab.
2.4 Double-click the location for the Personal Extcap path to open this folder.
You may be prompted with a notice saying The directory does not exist. Click Yes to create it.
2.5 Copy the contents of the Sniffer_Software/extcap/
folder into this folder.
3. Enable the nRF Sniffer capture tool in Wireshark.
3.1 Refresh the interfaces in Wireshark by selecting Capture > Refresh Interfaces or pressing F5.
3.2 Select View > Interface Toolbars > nRF Sniffer for Bluetooth LE to enable the nRF Sniffer interface.
You should see that nRF Sniffer is displayed as one of the interfaces on the Wireshark capture screen, and you should see the nRF Sniffer toolbar.
1. To start sniffing, make sure the nRF Sniffer (your DK or dongle running the nRF Sniffer firmware) is turned on and place it between the two devices that are communicating over Bluetooth LE.
2. In Wireshark, under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, see below
3. Wireshark should now look something like the image below, listing all Bluetooth LE packets in radio range.
Before proceeding to the exercise portion of this lesson, let’s explain what we are seeing in the Wireshark window.
Your window should be divided into three parts, the packet list, packet details and packet bytes.
If you cannot see all three windows, select View and make sure the following three lines are checked off
Clicking on a specific section of the data in the Packet Bytes window will show where in the Packet Details window. And similarly, selecting a header in the Packet Details window, will show where in the data this information is defined, in the Packet Bytes window.
Let’s take a look at the columns in the Packet List window. Your column headers should look like this
If you are missing any of the column headers, go to the Packet Details window and expand nRF Sniffer for Bluetooth LE. Then right-click on any of the parameters you are missing, select Apply as Column and it will show up in the main view as a column.
Now you should have the following column headers in your live capture view.
You are now ready for the exercise portion of this lesson, where we will go into more detail on what you are seeing.