• State Not Answered
  • Replies 12 replies
  • Subscribers 70 subscribers
  • Views 269 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 337310
Options

Coded PHY on BLE sniffer not working?

Emil Lenngren

I'm trying to use nordic's BLE sniffer on a nRF52833-DK. I have programmed it with the firmware "sniffer_nrf52833dk_nrf52833_4.1.1.hex".

I've then tried both the command "nrfutil ble-sniffer sniff --port /dev/ttyACM4 --coded" as well as "nrfutil ble-sniffer sniff --port /dev/ttyACM4 --coded --scan-follow-aux --scan-follow-aux-chain --scan-follow-aux-rsp" but I cannot see any Coded PHY advertising packets in the resulting Wireshark .pcap file. I only see a bunch of 1M advertisements from the surroundings. I have a few peripherals nearby that are advertising only on the Coded PHY and I can see them in the Android app nRF Connect and it says "LE Coded". Is there a known issue with the sniffer?

I'm using Ubuntu 24.04. FYI I had hoped to be able to use the sniffer plugin in Wireshark but that one doesn't work at all (nrf sniffer device does not show up) even though I've installed the plugin according to the instructions. So for now I'm using the sniffer on the command line.

Parents Reply Children
  • 0 in reply to Hung Bui

    After reading https://www.adam-thomas.co.uk/blog/nrfutil-bluetooth-sniffer-with-tshark/ I now understand that there are two variants of the host part of the nrf ble sniffer, one "old" in Python and one "new" in Rust.

    The Python one works for me with Wireshark:

    $ nrf_sniffer_for_bluetooth_le_4.1.1/extcap/nrf_sniffer_ble.sh --extcap-interfaces --extcap-version=4.2
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/ttyACM0-4.2}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

    but the new one in Rust doesn't work with Wireshark:

    $ ~/.local/lib/wireshark/extcap/nrfutil-ble-sniffer-shim --extcap-interfaces --extcap-version=4.2
extcap {version=0.14.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front}{validation=\b^(([0-9]{2,6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltip=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=00:00:00:00:00:00 public}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}
value {control=1}{value=8}{display=Sniffer Drift}

    As you can see, no "interface" is listed. Running Ubuntu 24.04. As mentioned earlier, running it from the command line using "nrfutil ble-sniffer sniff" works though.

Related