• State Not Answered
  • Replies 19 replies
  • Subscribers 87 subscribers
  • Views 821 views
  • Users 0 members are here
Attachments (5) Download All
Nordic Case Info
  • Case ID: 355850
Options

Wireshark BLE Sniffer missing packet, non-sequential event counter observed

jasperwong

I am using Wireshark with Nordic BLE Sniffer plugin. The sniffer dongle used is nRF52840. I using it to capture a BLE connection from my laptop BLE to a peripheral BLE device. 

I observe that the event counter of my BLE communication captured on Wireshark is not incrementing sequentially. I expect that "Event counter" after CONNECT_IND should be 0->1->2->3->..., but I observe that the "Event counter" after CONNECT_IND is 0->2->4->6->8->10->...

May I know why the "Event counter" is not sequentially incrementing? 

The screenshot below starts from Packet No. 4478.

nRF app success, VDD_BLE=2.6V, 100ohm shunt, peripheral_server_sleep_UART, adv_int=500ms, 20260106.pcapng

Parents
  • 0

    Hi Jasper, 
    Could you try to test on another computer ? 
    From what I can see it could be that it's the issue with the Event counter counting , not the issue with the packets. If you look at the NESN and SN you can see that they are fine, no packet missing. For example here is what I have in my capture: 

    You can add the delta time (start to start) column to see the distance between packets to see if the packet are actually missing. 

    In my case, except for connection event 3 missing, the rest looks fine. The SN of a packet should be equal to the NESN of the last packet. 

    I suspect that it could be something wrong with the counting of the event count when transmitting data from the sniffer to PC (event count is not a part of a BLE packet, when SN and NESN are) 

  • 0 in reply to Hung Bui

    As suggested, I used another Windows 11 laptop to plug in the nRF52840 USB Dongle and capture a BLE transaction with Wireshark.

    The delta time (start to start) shows the average to be 97ms when event counter is even, but at Packet No. 50699, the gap became 146ms, which is roughly 1.5 times that of 97ms. I think this suggests that packets are indeed lost/overlooked by the nRF52840 Sniffer. 

    Assuming my understanding of packet lost is correct, why would the sniffer miss out on BLE packets so consistently (every other event counter)?

    nRF app success, VDD_BLE=2.6V, 100ohm shunt, peripheral_server, adv_int=3000ms, 20260107.pcapng

  • 0 in reply to jasperwong

    Hi Jasper, 
    I didn't notice that you uploaded your file in the original question. 
    From what I can see there the sniffer indeed missing every other connection event. The connection interval in your case is 48.5ms and you are seeing 97ms and 146ms delta time between packets. Meaning there are packet missing in between. 

    Could you tell which firmware you flashed and how you program it and bootstrap wireshark to use the nRF Sniffer ? 

    Could you try to test on another dongle/DK ? I assume that you are using a PCA10059 ? Please try avoid using USB hub and connect the dongle directly to PC. 

     

  • 0 in reply to jasperwong

    Hi Hung,

    I bootstraped the Wireshark using `nrfutil ble-sniffer bootstrap`.

    I flashed the latest sniffer firmware for nRF52840 USB dongle. I used `nrfutil device program --serial-number ...` with the zip file in the /firmware folder. 

    I don't have another dongle or DK on hand. The only dongle I have is PCA10059 2.1.1 2023.46. It is plugged into the laptop's USB port directly. 

  • 0 in reply to jasperwong

    Hi Jasper, 


    I don't have further idea on what you can try except for trying on another hardware. The sniffer firmware is quite old, last update was about 5-6 years ago. We have little development and maintenance with the sniffer project since then so I don't know if it's the firmware issue or it's the particular hardware you have having issue. 

Reply Children
No Data
Related
Terms of service