If you are having issues with the exercises, please create a ticket on DevZone:
Click or drag files to this area to upload. You can upload up to 2 files.

Setting up nRF Sniffer for Bluetooth LE

In this chapter, we will go through how to set up nRF Sniffer and test that it is working properly by sniffing a Bluetooth LE packet.

nRF Sniffer has a comprehensive documentation on how to program the nRF Sniffer firmware on to your device, and how to set up Wireshark on your computer, to analyze packets. The content in this chapter closely follows the documentation with some additional information and screenshots to help you along the way.

You can choose to either continue with the instructions here or go to the documentation page and follow the steps there.

Programming the nRF Sniffer firmware

    The nRF Sniffer firmware supports the following boards:

    • nRF52840 DK
    • nRF52840 Dongle
    • nRF52833 DK
    • nRF52 DK
    • nRF51 DK
    • nRF51 Dongle


    Due to a recent update of the nRF52833 DK version 3 and nRF52840 DK version 3, the new Interface IC on the DK is not fully compatible with the nRF Sniffer software. If you have an nRF52840DK v3, you will need to use the nRF USB port instead of the Interface IC USB port. The nRF52833 DK v3 is not compatible with the sniffer software at the moment, so you will need to use another DK as the sniffer backend. nRF52833 DK v2 and earlier works fine.

    Download the firmware

    1. Download nRF Sniffer for Bluetooth LE v4.x or later and extract the contents of the zip file into a folder of your choice.

    In the following sections, this folder is referred to as Sniffer_Software.

    All the firmware HEX files are located in Sniffer_Software/hex.

    Development kit/dongleFirmware file name
    nRF52840 DKsniffer_nrf52840dk_nrf52840_*.hex
    nRF52840 Donglesniffer_nrf52840dongle_nrf52840_*.hex
    nRF52833 DKsniffer_nrf52833dk_nrf52833_*.hex
    nRF52 DKsniffer_nrf52dk_nrf52832_*.hex
    nRF51 DKsniffer_nrf51dk_nrf51422_*.hex
    nRF51 Donglesniffer_nrf51dongle_nrf51422_*.hex

    2. Open up nRF Connect for Desktop and install and launch the Programmer application.

    On macOS and Linux: install the SEGGER J-Link software before proceeding to the next step.

    If you are running an M1-based Mac, you must install the Intel/x86 variants of J-Link. 

    3. In the upper left hand corner, select the board you are using as the Bluetooth LE sniffer.

    4. Select Add file and Browse, then navigate to Sniffer_Software/hex and select the file that applies to the hardware you are using, see the table above. Select Open.

    5. Click Erase & write to flash the firmware to your board.

    nRF Connect Programmer

    Installing Wireshark 

    This will explain the installation process for Windows and macOS. For instructions on Ubuntu Linux, see Installing Wireshark on Ubuntu Linux.

    1. Go to the Wireshark download page.

    2. In the Stable Release list at the top of the page, select the release package for your operating system.

    The download should start automatically.

    3. Open up the file when it’s finished downloading, and follow the instructions to download Wireshark.

    Wireshark is an open-source packet analyzer, and can be used for many different protocols. To use it with the nRF Sniffer firmware, we offer an external capture plugin to use with Wireshark.

    Installing the nRF Sniffer capture tool

    The nRF Sniffer capture tool comes as an external capture plugin for Wireshark.

    1. Install the Python requirements

    1.1 Open a command window and navigate to the folder Sniffer_Software/extcap.

    1.2 Depending on your system, run one of the following commands (make sure you have Python installed on your computer):

    • On Windows with Python launcher, type py -3 -m pip install -r requirements.txt.
    • On Windows without Python launcher, type python -m pip install -r requirements.txt.
    • On Linux or macOS, type python3 -m pip install -r requirements.txt.

    2. Copy the nRF Sniffer capture tool into Wireshark

    2.1 Open Wireshark

    2.2 Go to Help > About Wireshark (on Windows or Linux) or Wireshark > About Wireshark (on macOS).

    2.3 Select the Folders tab.

    2.4 Double-click the location for the Personal Extcap path to open this folder.

    You may be prompted with a notice saying The directory does not exist. Click Yes to create it.

    2.5 Copy the contents of the Sniffer_Software/extcap/ folder into this folder.

    3. Enable the nRF Sniffer capture tool in Wireshark.

    3.1 Refresh the interfaces in Wireshark by selecting Capture > Refresh Interfaces or pressing F5.

    3.2 Select View > Interface Toolbars > nRF Sniffer for Bluetooth LE to enable the nRF Sniffer interface.

    You should see that nRF Sniffer is displayed as one of the interfaces on the Wireshark capture screen, and you should see the nRF Sniffer toolbar.


    If you can’t see the nRF Sniffer tools, try performing step 3 in Installing the nRF Sniffer capture tool, to make sure that the nRF Sniffer files can be run correctly.

    Running the nRF Sniffer

    1. To start sniffing, make sure the nRF Sniffer (your DK or dongle running the nRF Sniffer firmware) is turned on and place it between the two devices that are communicating over Bluetooth LE.

    Set up for sniffing Bluetooth LE packets

    2. In Wireshark, under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, see below

    3. Wireshark should now look something like the image below, listing all Bluetooth LE packets in radio range.

    Explaining Wireshark in Live Capture

    Before proceeding to the exercise portion of this lesson, let’s explain what we are seeing in the Wireshark window.

    Your window should be divided into three parts, the packet list, packet details and packet bytes.

    If you cannot see all three windows, select View and make sure the following three lines are checked off

    1. Packet List: Displays all the packets in the current capture session. Each line corresponds to one packet, and if you select a line, more details about the packet will be displayed in the “Packet Details” and “Packet Bytes” panes, below.
    2. Packet Details: Shows the current packet, selected in the Packet List window, in a more detailed form.
    3. Packet Bytes: Shows the data of the current packet, selected in the Packet List window, in a hexdump style.

    Clicking on a specific section of the data in the Packet Bytes window will show where in the Packet Details window. And similarly, selecting a header in the Packet Details window, will show where in the data this information is defined, in the Packet Bytes window.

    Columns in the Packet List window

    Let’s take a look at the columns in the Packet List window. Your column headers should look like this

    If you are missing any of the column headers, go to the Packet Details window and expand nRF Sniffer for Bluetooth LE. Then right-click on any of the parameters you are missing, select Apply as Column and it will show up in the main view as a column.

    Now you should have the following column headers in your live capture view.

    • No.: The packet number, incremented for every packet the sniffer captures.
    • Time: The timestamp for when the packet was captured, relative to how long the sniffer has been running.
    • Source: The address of the device that the packet came from.
    • Protocol: Which Bluetooth LE stack layer the packet came from, most will come from the link layer (LE LL). Connection parameter updates come from L2CAP, while GATT operations come from the ATT layer, and packets having to do with encrypting and pairing come from SMP.
    • Length: The number of bytes captured in the packet.
    • Event counter: The instant number of each connection event starting from 0 when the connection is established.
    • Channel Index: Channel number the packet was captured on.
    • Delta time (start to start): The time between the start of the previous packet until the start of the current packet. It’s often used to count the distance between each connection event, and very close to the actual connection interval.
    • Info: Information about the packet.

    You are now ready for the exercise portion of this lesson, where we will go into more detail on what you are seeing.


    If you have issues setting up the nRF sniffer, there is a Troubleshooting section from the documentation that you can take a look at.
    Register an account
    Already have an account? Log in
    (All fields are required unless specified optional)

    • 8 or more characters
    • Upper and lower case letters
    • At least one number or special character

    Forgot your password?
    Enter the email associated with your account, and we will send you a link to reset your password.