• State Not Answered
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 1303 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 312613
Options

Unable to capture or see data packets in Wireshark

Ayaz

Hello,

I've recently purchased nRF 52840 dongle (Just a beginner). Installed nRF Connect desktop app on macbook pro. My goal is to sniff BLE frames in wireshark. 

To do so, I have followed the user guide "nRF Sniffer for Bluetooth LE" v4.1.0. Everything has worked out fine. I am able to see random LE packets in wireshark. 

Now, I want to capture packets between my iphone 11 pro and ipod. As far as I know they should be working on BLE (please correct me if wrong). While I listen to a song over this channel, I start the Wireshark to sniff, and get the result as depicted in the picture.

As you can see, all the packets captured are of advertisements. And I am unable to see any data packets (scrolled all way down). Can you please guide me on how to capture all packets advertisement as well as data ? Is there a default configuration that is filtering out the data packets that I should disable ?

  • 0

    From another similar post I learnt that we need to selecr the device before start capturing. Now, my device is an ipod, and i have its MAC addr. But I do not find that MAC addr in the device list.

  • 0

    Hello,

    Are you certain that your device (iPod) is advertising, and that it is using the same advertisement address (MAC address) all the time? Where did you find the MAC addr?

    Please note that Bluetooth Low Energy is different from Bluetooth Classic. If you intend to see the data packets containing the audio data, you will not be able to find this. I am not sure how the devices are transferring audio between them when both devices are Apple devices, but it is not standard Bluetooth Low Energy (Apple uses a lot of proprietary radio protocols). 

    If you are looking for the data from e.g. an iPhone and a 3rd party wireless audio headset, this will be using Bluetooth Classic, which you will not be able to pick up with this sniffer. 

    What you can do with your dongle to confirm the Bluetooth Low Energy address of the device is to download and open nRF Connect for Desktop -> Bluetooth Low Energy, and start scanning for BLE devices. If you see your iphone/ipod, you will also be able to see the address. Note that for privacy, these devices (mobile phones, headsets and a lot of commercial devices) change their BLE address every now and then. But to be honest, I don't think you will be able to pick up communication between two Apple devices, because I think they are mostly using proprietary radio protocol. (I did not test). Besides, I bet that it is encrypted, and unless you have the keys, it will be difficult to proceed. 

    If you are developing an application on a separate DK, you can connect to it using an Apple or Android device, and then you can follow it into the connection using the sniffer. But in this case, you can either run without encryption, or you will be in charge of the encryption yourself, so you can get access to the keys being used, so that the sniffer knows how to decode the data, including what channels that will be used, so that it will manage to pick up and decrypt the packets.

    Best regards,

    Edvin

  • 0 in reply to Edvin

    Hi Edvin, Thank you for the reply. 

    - The way I am getting the MAC addr of ipod is from my macbook pro toolbar (with the bluetooth icon). If I click on the bluetooth icon (holding opt key) it shows all the available bluetooth device with their MAC addr. From it I can also say that ipod is advertising.

    - You are right, apple products might have their own propritarary protocols that might be stopping us from capturing / seeing it from BLE sniffer.

    - As you suggested, I checked with the nRF Connect for Desktop app. Unfortunately I did not find the required MAC address (ipod/ipad). So the ipod might not be a BLE device. Given whatever advertising device i see in the nRF connect Desktop app, the name is always "Unknown". And if the advertising device is changing MAC addr often, it is difficult to confirm.

    - My goal here is to only sniff 2 BLE device communicating, that are continuously transferring something (file/audio) and compute 3 things : throughout, frame error rate / packet drop and rssi. That is all I want to do. Therefore, I do not want to invest time on developing an app separately for this. Any hint on this ? Or exactly what devices/products communicates on BLE that the nRF 52840 will definitely capture ? Is there any example provided somewhere ?

  • 0 in reply to Ayaz

    Hello,

    Ayaz said:
    Given whatever advertising device i see in the nRF connect Desktop app, the name is always "Unknown".

    Yes. I don't think you will see many mobile phones advertise their name. This is for privacy and tracking reasons. This is also why they change addresses regularly. I just remember that I have seen both my phone and watch's advertisements, but that was in nRF Connect for iOS, so since they are bonded, they can resolve the "hidden" address. 

    Ayaz said:
    My goal here is to only sniff 2 BLE device communicating, that are continuously transferring something (file/audio) and compute 3 things : throughout, frame error rate / packet drop and rssi.

    If you want to do this from a 3rd device, and not from one of the devices in the connection, then you would need to use the sniffer. That is the only thing (that we provide) that will follow two other devices into a connection. If the two devices that connect to each other use pairing/bonding (encryption) and you don't have that key, you will not be able to capture a sniffer trace. The reason is that they will regularly update their channel hopping sequence, and if you can't decrypt the packets, you don't know what channels they will use, and you will loose track of them (the sniffer can only listen on one channel at the time). 

    If there are no specific devices you want to test, but you want to test the capabilities of Bluetooth Low Energy, we have samples that will connect to one another, that you can program to two additional DKs, and then you can capture a sniffer trace of this connection. We even have samples that will test the throughput on different connection settings. You can use this if you just want to test the connection between two devices. But I am not sure whether this is what you are looking for. Note that while using our bluetooth stack, you will not be able to see the number of retransmissions, because this is all handled by the stack. You can see the retransmissions using the sniffer.

    Also note that using the sniffer, you will not be able to tell the RSSI (Received signal strength indicator) exactly as the other devices see them. Remember that this is a number that is measured when the packet is received, and it is not a broadcasted value. 

    So in short: If you want to measure the communication between two commercial devices using BLE, if they use encryption, you need to have access to the keys. If they don't use encryption, you can probably do so, but you need to know the device address or device name (if it advertises with a device name). 

    I would stay out of "pure" Apple connections, since these are known for using proprietary radio protocols. 

    You also can't sniff Bluetooth Classic connections, so that is pretty much everything with audio.

    Also note that the sniffer doesn't output clear numbers for throughput and packet drop. You would need to count up the packets and lengths over a given amount of time to calculate this.

    Best regards,

    Edvin

Related
Terms of service