• State Not Answered
  • Replies 4 replies
  • Subscribers 94 subscribers
  • Views 504 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333580
Options

nrf sniffer does not decode packets on bonded reconnect after encryption

brianreinhold

There is a similar post but it is very old and none of the GUI elements jive with today's Wireshark.

I have a device that does just works (not secure connection but what is now classed as legacy I think).

The pairing procedure works fine. I can see the LTKs and all the other exchanges, establishment of encryption and then all of service discovery, reading the DIS, Battery, CTS, and enabling the descriptors are decoded correctly. The device then disconnects.

Wireshark and the sniffer continue to run

Then I take a measurement and I see the connection, then encryption, but all the remaining packets have MIC errors and are not decoded.

Why?

Parents
  • 0

    Hello,

    Please post the sniffer capture that contains the initial key exchange and the subsequent connection where you see the MIC failures so I can review it.

    Best regards,

    Vidar

  • 0 in reply to Vidar Berg

    Does it make a difference of which 'key' option is displayed? There is

    • Legacy Passkey
    • Legacy OOB data
    • Legacy LTK
    • etc.

    If you unpair the device and peer and redo the bonding (so new keys are generated) will this cause a problem on the reconnect? Yesterday the pairing worked but all reconnects failed. This AM I did the same procedure on a fresh restart of the system and both the pairing and reconnect succeeded. I have not tried a repair. I had it on Legacy Passkey with no entry. Yesterday I tried various options of the keys (no entries) and they all gave the same MIC errors on reconnect but succeeded on pairing. I even tried the 'clear' option with the same result.

    I am wondering if the keys are remembered the first time for a given device and not refreshed if one does a re-pairing?

  • 0 in reply to brianreinhold

    The sniffer will automatically store the LTK and reuse it for subsequent connections, provided you do this in the same session. Wireshark will not remember the key if you start a new capture after the key exchange.

    brianreinhold said:
    I am wondering if the keys are remembered the first time for a given device and not refreshed if one does a re-pairing?

    The key should be updated if you re-pair, but it is important that the sniffer observes the second pairing. Otherwise, it won't receive the new key.

    brianreinhold said:

    Does it make a difference of which 'key' option is displayed? There is

    • Legacy Passkey
    • Legacy OOB data
    • Legacy LTK
    • etc.

    No, this is only relevant if you need to manually input the key yourself.

  • 0 in reply to Vidar Berg

    I did restart the capture on every attempt to repair, but I did not restart the capture between the pairing connection and the measurement connection. I will repeat. I only did one capture sequence this morning and it worked.

Reply Children
No Data
Related
Terms of service