Hello,
I purchased the Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 (2269). It is a black "Friend" board.
I have followed the instructions to set it up. I am using Wireshark 3.6.6 on Windows 10, Python 3.10.5 and version NRF 4.1.0 plugin. I also tried the previous version of NRF plugin.
My problem is I only see advertisements / broadcast traffic when I start a capture. It will not follow the connection. There are no connection requests or PDU's shown. I have multiple connections created to the LE devices and I know there is data being transmitted but I cannot see it. I read the item in the FAQ and I have tried multiple times but it does not seem to work.
I'd appreciate any assistance.
Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Shows
Moderators: adafruit_support_bill, adafruit
Please be positive and constructive with your questions and comments.
- sniffer
- Posts: 2
- Joined: Thu Jun 23, 2022 8:52 pm
Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Shows
- Attachments
-
- snip.PNG (75 KiB) Viewed 331 times
- markingle
- Posts: 10
- Joined: Sun Jan 14, 2018 9:36 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
You have to apply a filter in wireshark to track the packets between devices
- sniffer
- Posts: 2
- Joined: Thu Jun 23, 2022 8:52 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
Could you explain how to do that please? I don't see any mention of it in the documentation (https://learn.adafruit.com/introducing- ... -wireshark) I tried filtering for the CONNECT_REQ but I don't see any.
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
I have the same problem...
Applying a filter such asdoesn't make a difference, I only see advertisements captured.
I've set up the column display so that I can better see what's going on, and it seems that my LE Sniffer is only capturing on channels 37, 38, and 39.
The Wireless > Bluetooth Devices menu shows a summary of BLE devices, but doesn't populate any values.
I notice that in the tutorial images, the addresses are resolved as Master and Slave, which I don't know how to enable: https://learn.adafruit.com/assets/21310
Applying a filter such as
Code: Select all
(btle.target_address==d4:36:39:b7:30:f5) || (btle.advertising_address == d4:36:39:b7:30:f5)
I've set up the column display so that I can better see what's going on, and it seems that my LE Sniffer is only capturing on channels 37, 38, and 39.
Code: Select all
gui.column.format:
"Protocol", "%p",
"Channel", "%Cus:nordic_ble.channel:0:R",
"No.", "%m",
"RSSI", "%Cus:nordic_ble.rssi:0:R",
"Time", "%Yut",
"Source", "%s",
"Destination", "%d",
"Length", "%L",
"Info", "%i"
I notice that in the tutorial images, the addresses are resolved as Master and Slave, which I don't know how to enable: https://learn.adafruit.com/assets/21310
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
After poking around in the extcap\nrf_sniffer_ble.py file and browsing the extcap documentation, I've discovered that there is a toolbar
https://www.wireshark.org/docs/wsdg_htm ... r_controls
https://www.wireshark.org/docs/wsdg_htm ... r_controls
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
A bit more fiddling with Sniffer\Packet.py and the Log, it seems like my BLE Sniffer device is sending out packets that weren't deemed important enough to decipher
Last edited by 9th on Fri Jul 01, 2022 9:17 pm, edited 3 times in total.
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
A lot of head scratching later and I might have to just give up.
Setting the Device in the toolbar sends a packet via UART and instructs the sniffer to follow a certain address, and the sniffer sends back PACKET 0x01 EVENT_FOLLOW, which according to sniffer_uart_protocol.txt means "Sniffer tells the Host that it has entered the FOLLOW state."
This also turns off the blue LED on the sniffer, and turns on the red LED instead.
PACKET 0x05 seems to be "Sniffer tells the Host that someone has connected to the unit we are following."
Things work fine on the sniffer until this connect event, and it reads the packet just fine!
However, the sniffer still doesn't hop channels, and just sits idle while the devices communicate.
Follow flags is 0, which means No to all below:
I'm just not sure why the sniffer refuses to follow the BLE communications as shown below to channel 10.
Is it because the devices I'm using have no passkey pairing sequence?
For context, they're a Salter-BKT temperature gauge, which has no standard BLE authentication but disconnects if a keepalive packet isn't sent every 5 seconds, and and Oral-B toothbrush, which has no standard BLE authentication, instead just a magical array of hidden protocols which I'd very much like to figure out
Setting the Device in the toolbar sends a packet via UART and instructs the sniffer to follow a certain address, and the sniffer sends back PACKET 0x01 EVENT_FOLLOW, which according to sniffer_uart_protocol.txt means "Sniffer tells the Host that it has entered the FOLLOW state."
This also turns off the blue LED on the sniffer, and turns on the red LED instead.
PACKET 0x05 seems to be "Sniffer tells the Host that someone has connected to the unit we are following."
Things work fine on the sniffer until this connect event, and it reads the packet just fine!
However, the sniffer still doesn't hop channels, and just sits idle while the devices communicate.
Follow flags is 0, which means No to all below:
Code: Select all
Follow Options:
0000000x = Follow advertisements only.
000000x0 = Follow legacy advertisements only.
00000x00 = Follow on LE Coded PHY.
Is it because the devices I'm using have no passkey pairing sequence?
For context, they're a Salter-BKT temperature gauge, which has no standard BLE authentication but disconnects if a keepalive packet isn't sent every 5 seconds, and and Oral-B toothbrush, which has no standard BLE authentication, instead just a magical array of hidden protocols which I'd very much like to figure out
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
Somehow it just magically works now after I read the official guide and started using the provided profile:
https://infocenter.nordicsemi.com/pdf/n ... G_v2.2.pdf
https://infocenter.nordicsemi.com/index ... iffer.html
Every time I start Wireshark, I make sure to set the Key in the toolbar to Legacy Passkey, type 000000, press enter, erase it, and press enter again.
I set my display filter to the below, to avoid being overwhelmed by advertisement packets and Empty PDU packets:Then I open the device dropdown, and scroll to the bottom, waiting for new entries.
I activate the Bluetooth of the device, and usually it appears at the bottom.
I confirm whether it's the device by covering it up and watching whether the RSSI goes down consistently.
When I'm sure it's the correct device, I select it and the Bluefruit sniffer's red light activates.
A good way to double check is to activate and deactivate the device's pairing repeatedly and to watch the sniffer red LED switch between on and off, or switch between constant and flickering.
Then I start the pairing or connection process, with the device sitting right under the sniffer.
Immediately, instead of the Source column displaying MAC addresses, it will display Master_0x12345678 and Slave_0x12345678 for each packet.
I don't have any luck sniffing things between my PC and a device, because the checksums come out wrong and cause MIC errors, but sniffing between other devices works fine.
If the device uses a passkey, I wait for the prompt, enter it into the Value, hit enter, and only then I enter it into the connecting device.
The subsequent packets are logged perfectly in Wireshark, and the sniffer lights up blue, red and orange.
I hope anyone reading this finds this information useful.
https://infocenter.nordicsemi.com/pdf/n ... G_v2.2.pdf
https://infocenter.nordicsemi.com/index ... iffer.html
Every time I start Wireshark, I make sure to set the Key in the toolbar to Legacy Passkey, type 000000, press enter, erase it, and press enter again.
I set my display filter to the below, to avoid being overwhelmed by advertisement packets and Empty PDU packets:
Code: Select all
!(btle.advertising_header.pdu_type in {0x0, 0x2, 0x6}) && !(btle.data_header.length == 0)
I activate the Bluetooth of the device, and usually it appears at the bottom.
I confirm whether it's the device by covering it up and watching whether the RSSI goes down consistently.
When I'm sure it's the correct device, I select it and the Bluefruit sniffer's red light activates.
A good way to double check is to activate and deactivate the device's pairing repeatedly and to watch the sniffer red LED switch between on and off, or switch between constant and flickering.
Then I start the pairing or connection process, with the device sitting right under the sniffer.
Immediately, instead of the Source column displaying MAC addresses, it will display Master_0x12345678 and Slave_0x12345678 for each packet.
I don't have any luck sniffing things between my PC and a device, because the checksums come out wrong and cause MIC errors, but sniffing between other devices works fine.
If the device uses a passkey, I wait for the prompt, enter it into the Value, hit enter, and only then I enter it into the connecting device.
The subsequent packets are logged perfectly in Wireshark, and the sniffer lights up blue, red and orange.
I hope anyone reading this finds this information useful.
- 9th
- Posts: 7
- Joined: Fri Jul 01, 2022 4:04 pm
Re: Adafruit Bluefruit LE Sniffer (BLE 4.0) nRF51822 Only Sh
Another helpful tip:
Position the sniffer directly between the connecting devices, and repeatedly cancel and retry the pairing procedure on the master device until the Source suddenly changes to Master and Slave - it can take a few tries for the sniffer to pick up the pairing packets, and you only need to enter the Legacy Passkey when you're about to complete the pairing process.
Position the sniffer directly between the connecting devices, and repeatedly cancel and retry the pairing procedure on the master device until the Source suddenly changes to Master and Slave - it can take a few tries for the sniffer to pick up the pairing packets, and you only need to enter the Legacy Passkey when you're about to complete the pairing process.
Please be positive and constructive with your questions and comments.