In this chapter, we will go through how to set up nRF Sniffer and test that it is working properly by sniffing a Bluetooth LE packet.
nRF Sniffer has a comprehensive documentation on how to program the nRF Sniffer firmware on to your device, and how to set up Wireshark on your computer, to analyze packets. The content in this chapter closely follows the documentation with some additional information and screenshots to help you along the way.
You can choose to either continue with the instructions here or go to the documentation page and follow the steps there.
Programming the nRF Sniffer firmware
The nRF Sniffer firmware supports the following boards:
Due to a recent update of the nRF52833 DK version 3 and nRF52840 DK version 3, the new Interface IC on the DK is not fully compatible with the nRF Sniffer software. If you have an nRF52840DK v3, you will need to use the nRF USB port instead of the Interface IC USB port. The nRF52833 DK v3 is not compatible with the sniffer software at the moment, so you will need to use another DK as the sniffer backend. nRF52833 DK v2 and earlier works fine.
1. To start sniffing, make sure the nRF Sniffer (your DK or dongle running the nRF Sniffer firmware) is turned on and place it between the two devices that are communicating over Bluetooth LE.
2. In Wireshark, under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, see below
3. Wireshark should now look something like the image below, listing all Bluetooth LE packets in radio range.
Explaining Wireshark in Live Capture
Before proceeding to the exercise portion of this lesson, let’s explain what we are seeing in the Wireshark window.
Your window should be divided into three parts, the packet list, packet details and packet bytes.
If you cannot see all three windows, select View and make sure the following three lines are checked off
Packet List: Displays all the packets in the current capture session. Each line corresponds to one packet, and if you select a line, more details about the packet will be displayed in the “Packet Details” and “Packet Bytes” panes, below.
Packet Details: Shows the current packet, selected in the Packet List window, in a more detailed form.
Packet Bytes: Shows the data of the current packet, selected in the Packet List window, in a hexdump style.
Clicking on a specific section of the data in the Packet Bytes window will show where in the Packet Details window. And similarly, selecting a header in the Packet Details window, will show where in the data this information is defined, in the Packet Bytes window.
Columns in the Packet List window
Let’s take a look at the columns in the Packet List window. Your column headers should look like this
If you are missing any of the column headers, go to the Packet Details window and expand nRF Sniffer for Bluetooth LE. Then right-click on any of the parameters you are missing, select Apply as Column and it will show up in the main view as a column.
Now you should have the following column headers in your live capture view.
No.: The packet number, incremented for every packet the sniffer captures.
Time: The timestamp for when the packet was captured, relative to how long the sniffer has been running.
Source: The address of the device that the packet came from.
Protocol: Which Bluetooth LE stack layer the packet came from, most will come from the link layer (LE LL). Connection parameter updates come from L2CAP, while GATT operations come from the ATT layer, and packets having to do with encryptiong and pairing come from SMP.
Length: The number of bytes captured in the packet.
Event counter: The instant number of each connection event starting from 0 when the connection is established.
Channel Index: Channel number the packet was captured on.
Delta time (start to start): The time between the start of the previous packet until the start of the current packet. It’s often used to count the distance between each connection event, and very close to the actual connection interval.
Info: Information about the packet.
You are now ready for the exercise portion of this lesson, where we will go into more detail on what you are seeing.
If you have issues setting up the nRF sniffer, there is a Troubleshooting section from the documentation that you can take a look at.