• State Not Answered
  • Replies 5 replies
  • Subscribers 72 subscribers
  • Views 1418 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 310704
Options

Issues on capturing BLE packets on Wireshark

andreribeiro423

Hi!

I'm developing a BLE communication between an nRF52832 DK development kit (GATT server developed in Zephyr) and a Raspberry Pi (GATT client) to transmit notifications of 7 different characteristics. To verify the exchanged BLE packets I'm using an nRF Dongle with nRF Sniffer and Wireshark as a BLE Sniffer. Communication is working as intended since the GATT server is sending notifications of the values of the 7 characteristics and the client (Raspberry Pi) is able to receive these notifications and acquire the data. In the terminals of both the nRF52832 DK and the Raspberry Pi, it is possible to verify this transmission and the data involved.

However my issue occurs in Wireshark. Here, only notifications for 4 of the 7 GATT server characteristics are presented. Characteristics that correspond to known Bluetooth services do not appear (Heart Rate, Temperature and Battery Level Measurement). In addition, in the notifications presented in Wireshark, the UUID's of any of the characteristics are not displayed. Below I leave an image of Wireshark.

This GATT server was also tested with a smartphone and in that case it worked correctly showing all the characteristics and UUID's of the BLE notification packets in Wireshark. Below I leave an image of Wireshark for a communication with smartphone where the characteristics UUID's and known services are presented for the same GATT server.



I look forward to any help, thank you!

Parents
  • 0
    However my issue occurs in Wireshark. Here, only notifications for 4 of the 7 GATT server characteristics are presented. Characteristics that correspond to known Bluetooth services do not appear (Heart Rate, Temperature and Battery Level Measurement).

    I have not seen this myself, but it could be some sort of issue in a recent wireshark release. So you can try to use an older release as listed in the minimum requirements for nRF sniffer for BLE to check if that helps:
    https://infocenter.nordicsemi.com/topic/ug_sniffer_ble/UG/sniffer_ble/min_requirements.html

    Alternatively you can try to make a few logs and check if you see the same every time, it could for instance be that you were unlucky with the sniffer and experienced some packet loss that caused the sniffer to miss some of the packets on-air during the GATT database discovery.

    In addition, in the notifications presented in Wireshark, the UUID's of any of the characteristics are not displayed. Below I leave an image of Wireshark.

    The UUID is not part of the packets, but wireshark does a lookup based on the handle to find what UUID it refer to and display it for convenience, so if some of the previous packets were lost this will not work.

    Kenneth

  • 0 in reply to Kenneth

    I've done several logs and this problem occurs on almost all of them. Only two or three times this problem did not happen. In these situations I commented and uncommented the following config in nRF prj.conf: "CONFIG_BT_DIS=y". I don't need this service but I don't understand what this could be influencing, because commenting and uncommenting that line ends up working correctly in Wireshark. Maybe it's just coincidence I don't know. The issue is that it only works once. I run it again and it no longer works as intended in Wireshark.

    I also noticed that in Wireshark's "Bluetooth ATT Server Attributes", when it doesn't work, only the "Database Hash" appears. When it works correctly, in these situations it already presents the entire GATT server. I leave images below that prove this evidence.

    With this I'm confused if the issue is on the nRF or the Raspberry Pi side. I think that the problem will be on the side of the Raspberry Pi because this problem only occurs when communicating with the Raspberry, because with the smartphone or another nRF there is no problem. But since this variation in nRF's prj.conf is probably affecting something, I have doubts.

Reply
  • 0 in reply to Kenneth

    I've done several logs and this problem occurs on almost all of them. Only two or three times this problem did not happen. In these situations I commented and uncommented the following config in nRF prj.conf: "CONFIG_BT_DIS=y". I don't need this service but I don't understand what this could be influencing, because commenting and uncommenting that line ends up working correctly in Wireshark. Maybe it's just coincidence I don't know. The issue is that it only works once. I run it again and it no longer works as intended in Wireshark.

    I also noticed that in Wireshark's "Bluetooth ATT Server Attributes", when it doesn't work, only the "Database Hash" appears. When it works correctly, in these situations it already presents the entire GATT server. I leave images below that prove this evidence.

    With this I'm confused if the issue is on the nRF or the Raspberry Pi side. I think that the problem will be on the side of the Raspberry Pi because this problem only occurs when communicating with the Raspberry, because with the smartphone or another nRF there is no problem. But since this variation in nRF's prj.conf is probably affecting something, I have doubts.

Children
Related
Terms of service