• State Verified Answer
  • Replies 15 replies
  • Subscribers 65 subscribers
  • Views 688 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 328259
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

unable to sniff packets with wireshark setting higher connection intervals

antoine98

Hello, 

I'm trying to sniff packets with wireshark by varying the connection interval and supervision timeout of my ble application. I see that with lower connection intervals i'm able to do this. The test was performing good util the values CI=1000ms supervision timeout = 2010. If I increase these two values to CI=2000ms and supervision timeout=4010 then wireshark is not able to sniff my ble communication. It sniffs some packets but it stops after some seconds. Should i change something in the wireshark settings to make me able to sniff packets also with higher connection intervals?

Sniffing process stops after connection parameters update has been performed.

Parents
  • 0

    Hello,

    What device are you using as the sniffer? and is it possible to upload the sniffer trace (.pcapng file) that you recorded that wasn't able to keep track of the connection?

    Best regards,

    Edvin

  • 0 in reply to Edvin

    Hi Edvin, 

    I'm using a nRF52840 USB dongle as a sniffer. 

    The track is this: 

    track_sniffer.pcapng

    As you can see there after connection parameter exchange the sniffing process ends

  • 0 in reply to antoine98

    Hmm. I am still not able to reproduce it in v4.1.1 of the nRF Sniffer for Bluetooth LE. 

    antoine98 said:
    extcap files on another computer and the result is the same

    Is this with the same nRF52840 dongle?

    Can you try with another Dongle, or another DK for the sniffer? If you have an extra nRF device?

    BR,
    Edvin

  • 0 in reply to Edvin

    Yes I tried with the same dongle as before, unfortunately I have just one dongle. I noticed that i have the same problem with encrypted communications, after some time capturing process end.

  • 0 in reply to antoine98

    Hello,

    Yes. For encrypted connections, the sniffer will not be able to follow the connection after a while, because the messages are encrypted, so the sniffer will not be able to pick up the channel update messages, so eventually, it doesn't know what channel to hop to next. In addition, it will not be able to decrypt the packets it actually picks up, so it will just show the raw, undecrypted packets.

    Depending on the type of enctyption, it is still possible to make the sniffer decrypt the packets. If the connection is encrypted using "just works" encryption, the sniffer will pick up the keys and use them. If they use a 6-digit passkey you can enter this in the sniffer before you enter it in the BLE devices, and it will be able to decrypt the packets. If you are using bonding, you need to delete bonding information, so that the devices will do the key-exchange again.

    LESC however, which uses a Diffie-Hellman key exchange is not possible to sniff, because the keys are never sent over the air, and there is no good way to extract it from the application. 

    But back to this issue:

    What does it say on the Dongle that you are using? On the white sticker on the back, what does it say on the line directly below "pca10059"?

    BR,
    Edvin

  • 0 in reply to Edvin

    Thanks for the explanation Edvin, in the back of my dongle there is a qr code which sends me to this link: https://wiki.makerdiary.com/nrf52840-mdk-usb-dongle/. There is no line pca10059

  • +1 in reply to antoine98

    Oh, that is not a Nordic nRF52840 Dongle. Ok, now I see. 

    I see that they claim it will work with the WireShark sniffer, but that will be something that they need to make sure it does. The nRF Sniffer for Bluetooth LE is made to work with the DKs and Dongles produced by Nordic Semiconductor (this dongle), and if it doesn't work with a 3rd party dongle, then you need to contact the 3rd party company to ask why it doesn't do what it promised to do. 

    That being said, I guess it is a clock issue. Perhaps they use a different Low frequency clock crystal than we use, which doesn't have the same accuracy. Unfortunately, since the sniffer FW is closed source, it is not possible to tweak these parameters, so that it would work on your device. 

    But you have two devices, right? The 3rd party dongle and something else that the Device Under Test (DUT) is running on. What is the DUT? Another dongle of the same kind? A Nordic dongle/DK?

    If it is a nordic device, I guess you could try to swap them around. Run the application on the 3rd party dongle, and run the sniffer on the Nordic device.

    Either way, I am sorry, but I don't think there is much else I can do, other than to tell you that the nRF Sniffer for Bluetooth LE works only with Nordic devices, not 3rd party devices.

    Best regards,

    Edvin

Reply
  • +1 in reply to antoine98

    Oh, that is not a Nordic nRF52840 Dongle. Ok, now I see. 

    I see that they claim it will work with the WireShark sniffer, but that will be something that they need to make sure it does. The nRF Sniffer for Bluetooth LE is made to work with the DKs and Dongles produced by Nordic Semiconductor (this dongle), and if it doesn't work with a 3rd party dongle, then you need to contact the 3rd party company to ask why it doesn't do what it promised to do. 

    That being said, I guess it is a clock issue. Perhaps they use a different Low frequency clock crystal than we use, which doesn't have the same accuracy. Unfortunately, since the sniffer FW is closed source, it is not possible to tweak these parameters, so that it would work on your device. 

    But you have two devices, right? The 3rd party dongle and something else that the Device Under Test (DUT) is running on. What is the DUT? Another dongle of the same kind? A Nordic dongle/DK?

    If it is a nordic device, I guess you could try to swap them around. Run the application on the 3rd party dongle, and run the sniffer on the Nordic device.

    Either way, I am sorry, but I don't think there is much else I can do, other than to tell you that the nRF Sniffer for Bluetooth LE works only with Nordic devices, not 3rd party devices.

    Best regards,

    Edvin

Children
No Data
Related