Hi there,
1. I want to sniff BLE LESC bonding session in tshark/CLI not in Wireshark/GUI. And decrypt it in the same session using LTK. The idea is to increase the time interval between LTK generation and encryption start packet, then extract the LTK from nRF logs and load it in tshark. So, it can decrypt the bonding session.
The question is would tshark accept the LTK mid scan? If i load the LTK as soon as it is generated and before the encryption packets are exchange would it decrypt the packet?
2. I have found in some old NRF cases that It is only to possible sniff with Wireshark and not tshark.
I read that I can use nrfutil or NRF CLI to scan in CLI using sniffer API. I tried doing it with sniffer API the sniffer was able to follow the device address but 0 packets were captured.
Now, tshark is also recording the scan in background because I wanted the sniffer API to follow the hop and tshark to record it so i can decrypt it afterwards. but I think since both sniffer API and tshark have to listen on the same port, tshark is missing the scan. (I am not sure if this is really the reason)
My objective is to capture the bonding traffic in CLI and decrypt it with LTK. Any suggestions or other approach will be appreciated.
Thanks,
Umer Qureshi