nrf52840 capture security level negotiation

Hi, 
Please send the whole sniffer trace. 
I would suggest to follow the exercises in the academy course. Exercise 3 would walk you through inspecting a pairing process. 
When a packet has CRC failure the content of the packet is not reliable and should be ignored unless you know that it's actually correct. 

Could you please share the link to that Exercise 3

This logs are from Android phone to my device.

logs after connecting iphone to my device.

Hi Hung Bui , 

Hope this is what you're asking for and accessible.

Hi, 
Due to company's policy we don't access google drive. Please attach the file  here. What's the issue of attaching the file ? I showed how you can attach via Insert -> Image/video/file

Please make sure it's the export from Wireshark, similar to the one that you showed with the screenshot. 

complete_connection.pcapng

This logs are from Android phone to my device.

complete_connection_iphone.pcapng

 The logs when I connect iphone says insufficient authentication what could be the reason

Hung Bui hope this is what you're expecting

Hi, 
Thanks for the trace. I can read it now. 
Could you tell which device was used in the test ? Did it run on our chip ? 

In the Android trace, I don't see any response from the peripheral about Insufficient Authentication. This mean you may want to configure the characteristic to require encryption. This way it will force the phone to pair. 

In the iPhone trace, it's the peripheral that's trying to do the read and get Insufficient Authentication response from the phone but the peripheral didn't request pairing after that. So you may want to implement the code to request pairing. Or you should wait for the phone to start pairing by doing what I suggested above. 

Please be aware that if you are not using our chip, we can't really help you here as we don't know your device. 

Hi, 
Thanks for the trace. I can read it now. 
Could you tell which device was used in the test ? Did it run on our chip ? 

In the Android trace, I don't see any response from the peripheral about Insufficient Authentication. This mean you may want to configure the characteristic to require encryption. This way it will force the phone to pair. 

In the iPhone trace, it's the peripheral that's trying to do the read and get Insufficient Authentication response from the phone but the peripheral didn't request pairing after that. So you may want to implement the code to request pairing. Or you should wait for the phone to start pairing by doing what I suggested above. 

Please be aware that if you are not using our chip, we can't really help you here as we don't know your device. 

Hi Hung Bui ,

The setup is like this nrf52840 dongle is connected to windows machine and to this windows machine my device is connected. I am trying to connect via bluetooth to my device using phone's nrf connect app. I have opened the wireshark in windows machine and filtered it based on my device mac address and sniffing. 

So, I am trying to understand here when the device is getting paired what is the security level, is there any security level negotiation? The pairing is happening fine and I am able to send and receive data also[all these are done in application level code with my device to phone not with dongle please dont get confused here]. From the logs I dont see anything on LL_enc_start or ll_enc_req since I am using just works pairing. Just by seeing these wireshark logs can we conclude what level of security mode we are in.

Hope this should be clear. Let me know if you have any more questions.

Hi again, 
Yes I don't see any pairing in the trace you sent. I explained in the last reply. 
I would suggest you to go through the exercises in lesson 5 and 6, especially at lesson 5. The exercise will show you how to configure the device so that pairing would happen automatically. 

From that you can implement to your device. 

Hi Hung, 

I have configured the dongle based on this(https://www.nordicsemi.com/Products/Development-tools/nRF-Sniffer-for-Bluetooth-LE/Download?lang=en#infotabs). I am able to see the Connect_IND log also please check the file complete_connection.pcapng, 9th log we could see that.

Please Refer below image,

this has come because I have connected my phone to my device and sniffing through nrf52840 dongle.
Hope you see both encryption and authentication signature are no and false everywhere seeing this can we conclude the security mode?

I could also see the LL_CONNECTION_PARAM_RSP in same logs which shows interval which means connection is successfully established


Hope the same is visible to you also please let me know.

Hi,

Please clarify what you want to achieve here. As I mentioned we can't help you to debug your own product that doesn't use Nordic chip. I also mentioned that I don't see any pairing activity. What you pointed to was a connect request (CONNECT_IND) it has nothing to do with pairing/security. 

If you see packets missing, please try to recapture, please place the sniffer close to both of the devices you want to capture the communication.