unable to sniff packets with wireshark setting higher connection intervals

Hello,

What device are you using as the sniffer? and is it possible to upload the sniffer trace (.pcapng file) that you recorded that wasn't able to keep track of the connection?

Best regards,

Edvin

Hi Edvin, 

I'm using a nRF52840 USB dongle as a sniffer. 

The track is this: 

track_sniffer.pcapng

As you can see there after connection parameter exchange the sniffing process ends

yes, the peripheral is firstly reset.

In segger I can see that the communication with packet exchange has been correctly performed, but i cannot see the packet exchange in wireshark since the sniffing process stops immediatly after the parameter exchange. 

It happens each time I set a connection interval which at least 2000ms.

The devices are not bonded nor paired.

The two boards are nrf52dk, I didn't tryed with other examples setting a CI of 2000ms but I will do 

sniffer_uart.pcapng

This is a track done with the uart example setting:

#define MAX_CONN_INTERVAL               MSEC_TO_UNITS(2000, UNIT_1_25_MS)

#define MIN_CONN_INTERVAL               MSEC_TO_UNITS(2000, UNIT_1_25_MS)

#define CONN_SUP_TIMEOUT                MSEC_TO_UNITS(8010, UNIT_10_MS)

the problem is the same

Hello,

I didn't see the same. I set up the sniffer on the dongle at work today, but I am not able to change the sniffer FW from my home office. I will give it another go with the latest sniffer FW flashed to the dongle tomorrow. 

In the meantime, what version of nRF Sniffer for Bluetooth LE did you use? If you have not already, can you try the v4.1.0, which I am currently using, and see if that changes anything for you?

Best regards,

Edvin

I used version 4.1.1, i will now try with version 4.1.0 and I'll let you know

I have now tryed with version 4.1.0, but nothing changed. The capturing process stops after connection parameters update as before. 

I have now tryed with version 4.1.0, but nothing changed. The capturing process stops after connection parameters update as before. 

That is very strange. Did you only use the .hex file, or did you install the entire sniffer 4.1.0 in wireshark (with the extcap files and all those things)?

Have you tried using a different device (DK instead of dongle)? Or have you tried a different computer?

BR,

Edvin

I installed extcap file and relative profile. I have now tryed to install from 0 wireshark, python and relative extcap files on another computer and the result is the same. When i use a connection interval of 2000ms capuring process stops after connection parameter update

Hmm. I am still not able to reproduce it in v4.1.1 of the nRF Sniffer for Bluetooth LE. 

antoine98 said:

extcap files on another computer and the result is the same

Is this with the same nRF52840 dongle?

Can you try with another Dongle, or another DK for the sniffer? If you have an extra nRF device?

BR,
Edvin

Yes I tried with the same dongle as before, unfortunately I have just one dongle. I noticed that i have the same problem with encrypted communications, after some time capturing process end.

Hello,

Yes. For encrypted connections, the sniffer will not be able to follow the connection after a while, because the messages are encrypted, so the sniffer will not be able to pick up the channel update messages, so eventually, it doesn't know what channel to hop to next. In addition, it will not be able to decrypt the packets it actually picks up, so it will just show the raw, undecrypted packets.

Depending on the type of enctyption, it is still possible to make the sniffer decrypt the packets. If the connection is encrypted using "just works" encryption, the sniffer will pick up the keys and use them. If they use a 6-digit passkey you can enter this in the sniffer before you enter it in the BLE devices, and it will be able to decrypt the packets. If you are using bonding, you need to delete bonding information, so that the devices will do the key-exchange again.

LESC however, which uses a Diffie-Hellman key exchange is not possible to sniff, because the keys are never sent over the air, and there is no good way to extract it from the application. 

But back to this issue:

What does it say on the Dongle that you are using? On the white sticker on the back, what does it say on the line directly below "pca10059"?

BR,
Edvin