In this chapter, we will go through how to set up nRF Sniffer and test that it works appropriately by sniffing Bluetooth LE packets.
The nRF Sniffer for Bluetooth LE is a useful tool for learning about and debugging Bluetooth Low Energy (LE) applications. It provides a near real-time display of Bluetooth packets that are sent between a selected Bluetooth Low Energy device and the device it is communicating with, even when the connection is encrypted.
When developing a Bluetooth Low Energy product, knowing what happens over-the-air between devices can help you identify and fix issues quickly.
In this lesson, you will need an extra development kit or a dongle to act as a sniffer.
Programming the nRF Sniffer firmware
The nRF Sniffer firmware supports the following boards:
nRF52840 DK
nRF52840 Dongle
nRF52833 DK
Important
Due to a bug in the nrfutil Sniffer plugin, you will need to use the nRF USB port instead of the IC USB port on the Development kits. This unfortunately means that only the nRF52840 DKs, nRF52833 DKs and nRF52840 Dongles can be used with the nRF Sniffer firmware.
Additionally, the nRF52833 DK v3 is not compatible with the nRF Sniffer software at the moment, so you will need to use another DK as the sniffer backend. nRF52833 DK v2 and earlier works fine.
2. In the Stable Release list at the top of the page, select the release package for your operating system.
The download should start automatically.
3. Open up the downloaded file when it’s finished downloading, and follow the instructions to install Wireshark.
Wireshark is an open-source packet analyzer, and can be used for many different protocols. To use it with the nRF Sniffer firmware, we offer an external capture plugin to use with Wireshark.
In the following steps, we will setup the integration between Wireshark and the sniffer hardware (Development Kit or a Dongle) and flash the hardware with the sniffer firmware.
4. Install nRF Util (nrfutil) (if you don’t have it installed already).
nRF Util is a unified command line utility for Nordic products. nrfutil functionality is provided through installable and upgradeable commands served on a central package registry on the Internet. The nrfutil commands of interest in this lesson is the ble-sniffer to setup the interface between the sniffer hardware and Wireshark . You can also use ble-sniffer to capture PCAP file directly. The othercommand that we will use is the device command that will help us flash the dongle or the development kit with the sniffer firmware.
Download the binary compatible with your OS from nRF Util Downloads and store it somewhere on your disk drive (for example C:\nordic_tools\nrfutil.exe for Windows).
5. (Windows) Update your system’s PATH to include the location where nrfutil is stored. Open Edit environment variable for your account and add the path where you stored the nrfutil binary, as shown below:
Your shell can now locate nrfutil.
6. Install ble-sniffer command.
The nrfutil binary you just downloaded does not come with any pre-installed commands. Therefore, the first time using nrfutil, you need to search for available commands and then install commands of interest, as the functionalities of nrfutil are offered as separate commands.
Open a terminal and type nrfutil search to search available commands served on an online central package registry
For this lesson, you will need the ble-sniffer and device commands, but there is no harm in downloading the other commands as they are also helpful.
Issue the following command to install the needed commands
nrfutil install ble-sniffer completion device
To access the documentation of the ble-sniffer command, type
nrfutil ble-sniffer help
It will open the documentation as a local HTML file. It’s also recommended to setup auto-completion for nrfutil as described here.
Note
Starting from nRF Connect SDK v3.0.0, nrfutil is installed as part of the toolchain and it’s automatically sourced within the toolchain environment (e.g. nRF Connect Terminal of a specific SDK/toolchain).
The version of nrfutil included in the toolchain includes the device command only (+ the core of course). It is locked by default, meaning it cannot be modified to avoid accidental changes.
If you want to unlock this local version of nrfutil associated with a certain toolchain, you need to delete the following file:
Setting up Wireshark integration and flashing the nRF Sniffer Firmware
Sniffer firmware is shipped with the installation of the nrfutil ble-sniffer command . These files are located under $NRFUTIL_HOME/share/nrfutil-ble-sniffer/firmware. $NRFUTIL_HOME is usally placed in C:\Users\<USER_PROFILE>\.nrfutil
7. To make the Bluetooth Low Energy Sniffer accessible from Wireshark, you need to run the bootstrap subcommand. You must run this subcommand in admin mode.
In your terminal type: nrfutil ble-sniffer bootstrap
This subcommand will make the sniffer runnable from Wireshark by either copying or creating symbolic links between the executable and its plugins to Wireshark’s external capture (extcap) directory.
The tool will promote an output similar to the one below, guiding you to the next step, which is flashing a development kit or a dongle with the sniffer firmware.
Important
You need to run the subcommand nrfutil ble-sniffer bootstrap in admin mode. On a Windows machine, if you use nRF Connect terminal from within VS Code , you must run VS Code as an administrator.
8. Based on the development kit or dongle that you want to use as a sniffer, select the right sniffer firmware to flash, as shown in the table below:
Development kit/dongle
Firmware file name
nRF52840 DK
sniffer_nrf52840dk_nrf52840_*.hex
nRF52840 Dongle
sniffer_nrf52840dongle_nrf52840_*.zip
nRF52833 DK
sniffer_nrf52833dk_nrf52833_*.hex
nRF52 DK
sniffer_nrf52dk_nrf52832_*.hex
We will assume that the target hardware to be the sniffer is an nRF52840 Dongle. Since it has no debugger on board, the dongle must be put in DFU mode by pressing the side switch first. Once in DFU mode, the red LED will start blinking.
We will first issue a nrfutil device list to list connected devices. Then, we will issue nrfutil device program to flash the hardware with the correct firmware.
You need to do the do the steps above only one time.
Running the nRF Sniffer
9. Open Wireshark
You should see that nRF Sniffer is displayed as one of the interfaces on the Wireshark capture screen, and you should see the nRF Sniffer toolbar.
If you don’t see the nRF Sniffer toolbar, go to View -> Interfaces -> nRF Sniffer for Blueooth LE.
Note
If you can’t see the nRF Sniffer for the Bluetooth LE COMXX, try refreshing interfaces ( Capture -> Refresh Interfaces ), or repeat step 7. Note that the COM port number will vary.
Running the nRF Sniffer
10. To start sniffing, make sure the nRF Sniffer (your DK or dongle running the nRF Sniffer firmware) is turned on and place it between the two devices that are communicating over Bluetooth LE.
Set up for sniffing Bluetooth LE packets
11. In Wireshark, under Capture, double-click on the hardware interface nRF Sniffer for Bluetooth LE COM port, see below:
12. Wireshark should now look something like the image below, listing all Bluetooth LE packets in radio range.
Explaining Wireshark in Live Capture
Before proceeding to the exercise portion of this lesson, let’s explain what we are seeing in the Wireshark window.
Your window should be divided into three parts, the packet list, packet details and packet bytes.
If you cannot see all three windows, select View and make sure the following three lines are checked off
Packet List: Displays all the packets in the current capture session. Each line corresponds to one packet, and if you select a line, more details about the packet will be displayed in the “Packet Details” and “Packet Bytes” panes, below.
Packet Details: Shows the current packet, selected in the Packet List window, in a more detailed form.
Packet Bytes: Shows the data of the current packet, selected in the Packet List window, in a hexdump style.
Clicking on a specific section of the data in the Packet Bytes window will show where in the Packet Details window. And similarly, selecting a header in the Packet Details window, will show where in the data this information is defined, in the Packet Bytes window.
Columns in the Packet List window
Let’s take a look at the columns in the Packet List window. Your column headers should look like this
If you are missing any of the column headers, go to the Packet Details window and expand nRF Sniffer for Bluetooth LE. Then right-click on any of the parameters you are missing, select Apply as Column and it will show up in the main view as a column.
Now you should have the following column headers in your live capture view.
No.: The packet number, incremented for every packet the sniffer captures.
Time: The timestamp for when the packet was captured, relative to how long the sniffer has been running.
Source: The address of the device that the packet came from.
Protocol: Which Bluetooth LE stack layer the packet came from, most will come from the link layer (LE LL). Connection parameter updates come from L2CAP, while GATT operations come from the ATT layer, and packets having to do with encryptiong and pairing come from SMP.
Length: The number of bytes captured in the packet.
Event counter: The instant number of each connection event starting from 0 when the connection is established.
Channel Index: Channel number the packet was captured on.
Delta time (start to start): The time between the start of the previous packet until the start of the current packet. It’s often used to count the distance between each connection event, and very close to the actual connection interval.
Info: Information about the packet.
You are now ready for the exercise portion of this lesson, where we will go into more detail on what you are seeing.
More on this
If you have issues setting up the nRF Sniffer, there is a Troubleshooting section from the documentation that you can take a look at.
Nordic Developer Academy Privacy Policy
1. Introduction
In this Privacy Policy you will find information on Nordic Semiconductor ASA (“Nordic Semiconductor”) processes your personal data when you use the Nordic Developer Academy.
References to “we” and “us” in this document refers to Nordic Semiconductor.
2. Our processing of personal data when you use the Nordic Developer Academy
2.1 Nordic Developer Academy
Nordic Semiconductor processes personal data in order to provide you with the features and functionality of the Nordic Developer Academy. Creating a user account is optional, but required if you want to track you progress and view your completed courses and obtained certificates. If you choose to create a user account, we will process the following categories of personal data:
Email
Name
Password (encrypted)
Course progression (e.g. which course you have completely or partly completed)
Certificate information, which consists of name of completed course and the validity of the certificate
Course results
During your use of the Nordic Developer Academy, you may also be asked if you want to provide feedback. If you choose to respond to any such surveys, we will also process the personal data in your responses in that survey.
The legal basis for this processing is GDPR article 6 (1) b. The processing is necessary for Nordic Semiconductor to provide the Nordic Developer Academy under the Terms of Service.
2.2 Analytics
If you consent to analytics, Nordic Semiconductor will use Google Analytics to obtain statistics about how the Nordic Developer Academy is used. This includes collecting information on for example what pages are viewed, the duration of the visit, the way in which the pages are maneuvered, what links are clicked, technical information about your equipment. The information is used to learn how Nordic Developer Academy is used and how the user experience can be further developed.
2.2 Newsletter
You can consent to receive newsletters from Nordic from within the Nordic Developer Academy. How your personal data is processed when you sign up for our newsletters is described in the Nordic Semiconductor Privacy Policy.
3. Retention period
We will store your personal data for as long you use the Nordic Developer Academy. If our systems register that you have not used your account for 36 months, your account will be deleted.
4. Additional information
Additional information on how we process personal data can be found in the Nordic Semiconductor Privacy Policy and Cookie Policy.
Nordic Developer Academy Terms of Service
1. Introduction
These terms and conditions (“Terms of Use”) apply to the use of the Nordic Developer Academy, provided by Nordic Semiconductor ASA, org. nr. 966 011 726, a public limited liability company registered in Norway (“Nordic Semiconductor”).
Nordic Developer Academy allows the user to take technical courses related to Nordic Semiconductor products, software and services, and obtain a certificate certifying completion of these courses. By completing the registration process for the Nordic Developer Academy, you are agreeing to be bound by these Terms of Use.
These Terms of Use are applicable as long as you have a user account giving you access to Nordic Developer Academy.
2. Access to and use of Nordic Developer Academy
Upon acceptance of these Terms of Use you are granted a non-exclusive right of access to, and use of Nordic Developer Academy, as it is provided to you at any time. Nordic Semiconductor provides Nordic Developer Academy to you free of charge, subject to the provisions of these Terms of Use and the Nordic Developer Academy Privacy Policy.
To access select features of Nordic Developer Academy, you need to create a user account. You are solely responsible for the security associated with your user account, including always keeping your login details safe.
You will able to receive an electronic certificate from Nordic Developer Academy upon completion of courses. By issuing you such a certificate, Nordic Semiconductor certifies that you have completed the applicable course, but does not provide any further warrants or endorsements for any particular skills or professional qualifications.
Nordic Semiconductor will continuously develop Nordic Developer Academy with new features and functionality, but reserves the right to remove or alter any existing functions without notice.
3. Acceptable use
You undertake that you will use Nordic Developer Academy in accordance with applicable law and regulations, and in accordance with these Terms of Use. You must not modify, adapt, or hack Nordic Developer Academy or modify another website so as to falsely imply that it is associated with Nordic Developer Academy, Nordic Semiconductor, or any other Nordic Semiconductor product, software or service.
You agree not to reproduce, duplicate, copy, sell, resell or in any other way exploit any portion of Nordic Developer Academy, use of Nordic Developer Academy, or access to Nordic Developer Academy without the express written permission by Nordic Semiconductor. You must not upload, post, host, or transmit unsolicited email, SMS, or \”spam\” messages.
You are responsible for ensuring that the information you post and the content you share does not;
contain false, misleading or otherwise erroneous information
infringe someone else’s copyrights or other intellectual property rights
contain sensitive personal data or
contain information that might be received as offensive or insulting.
Such information may be removed without prior notice.
Nordic Semiconductor reserves the right to at any time determine whether a use of Nordic Developer Academy is in violation of its requirements for acceptable use.
Violation of the at any time applicable requirements for acceptable use may result in termination of your account. We will take reasonable steps to notify you and state the reason for termination in such cases.
4. Routines for planned maintenance
Certain types of maintenance may imply a stop or reduction in availability of Nordic Developer Academy. Nordic Semiconductor does not warrant any level of service availability but will provide its best effort to limit the impact of any planned maintenance on the availability of Nordic Developer Academy.
5. Intellectual property rights
Nordic Semiconductor retains all rights to all elements of Nordic Developer Academy. This includes, but is not limited to, the concept, design, trademarks, know-how, trade secrets, copyrights and all other intellectual property rights.
Nordic Semiconductor receives all rights to all content uploaded or created in Nordic Developer Academy. You do not receive any license or usage rights to Nordic Developer Academy beyond what is explicitly stated in this Agreement.
6. Liability and damages
Nothing within these Terms of Use is intended to limit your statutory data privacy rights as a data subject, as described in the Nordic Developer Academy Privacy Policy. You acknowledge that errors might occur from time to time and waive any right to claim for compensation as a result of errors in Nordic Developer Academy. When an error occurs, you shall notify Nordic Semiconductor of the error and provide a description of the error situation.
You agree to indemnify Nordic Semiconductor for any loss, including indirect loss, arising out of or in connection with your use of Nordic Developer Academy or violations of these Terms of Use. Nordic Semiconductor shall not be held liable for, and does not warrant that (i) Nordic Developer Academy will meet your specific requirements, (ii) Nordic Developer Academy will be uninterrupted, timely, secure, or error-free, (iii) the results that may be obtained from the use of Nordic Developer Academy will be accurate or reliable, (iv) the quality of any products, services, information, or other material purchased or obtained by you through Nordic Developer Academy will meet your expectations, or that (v) any errors in Nordic Developer Academy will be corrected.
You accept that this is a service provided to you without any payment and hence you accept that Nordic Semiconductor will not be held responsible, or liable, for any breaches of these Terms of Use or any loss connected to your use of Nordic Developer Academy. Unless otherwise follows from mandatory law, Nordic Semiconductor will not accept any such responsibility or liability.
7. Change of terms
Nordic Semiconductor may update and change the Terms of Use from time to time. Nordic Semiconductor will seek to notify you about significant changes before such changes come into force and give you a possibility to evaluate the effects of proposed changes. Continued use of Nordic Developer Academy after any such changes shall constitute your acceptance of such changes. You can review the current version of the Terms of Use at any time at https://academy.nordicsemi.com/terms-of-service/
8. Transfer of rights
Nordic Semiconductor is entitled to transfer its rights and obligation pursuant to these Terms of Use to a third party as part of a merger or acquisition process, or as a result of other organizational changes.
9. Third Party Services
To the extent Nordic Developer Academy facilitates access to services provided by a third party, you agree to comply with the terms governing such third party services. Nordic Semiconductor shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third party services.
10. Dispute resolution
The Terms of Use and any other legally binding agreement between yourself and Nordic Semiconductor shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction.
Switch language?
Progress is tracked separately for each language. Switching will continue from your progress in that language or start fresh if you haven't begun.
Your current progress is saved, and you can switch back anytime.
•Support for nRF54LS05 DK (Available through the early access sampling program) •Support for the nRF54LM20B with Axon NPU for Edge AI applications
Bluetooth LE updates
•Quality of Service module is now production-ready. •New experimental features for RF testing (Direct Test Mode) and low-latency packet handling (LE Flushable ACL).
MCUboot & Partition Manager
•Single-Slot DFU and RAM Load mode are both promoted to fully supported •Partition Manager is officially deprecated in favor of Zephyr's devicetree-based partitioning.
