Is nRF Sniffer doing decryption?

I recently tried to add security features (encryption, no MITM) to my application, and I am using nRF Sniffer to verify. nRF Master Control Panel gives me the request for the devices to pair and says that the devices are bonded. However, even though Sniffer/Wireshark says "Encrypted: Yes", it still gives me perfectly readable data. So, is nRF Sniffer just smart enough to decrypt messages as long as it's listening to that connection from the beginning?

Also, is it possible to view "junk" traffic? It would make me feel a bit better to be able to see decryption obviously not working, i.e. seeing unreadable packets.

  • The sniffer picks up the encryption key if it is listening during the key exchange, and when it has this key it is able to decrypt the BLE traffic. But the sniffer will not be able to decrypt the packets if the key exchange took place before it started 'sniffing'. You will then see "junk" traffic.

  • You answered my first question, but when the connection is encrypted, I cannot see any traffic whatsoever, even though I know some (presumably encrypted) traffic is happening. Should I actually be getting the junk packets, or is there a way to enable viewing them?

    Alternatively, sniffing a secure connection from the start and then deleting the keys to simulate this would also be acceptable. I still want to actually see the encrypted packets.

  • You have to start sniffing before the connection is established, and then you will only be able to follow the first 10 to 20 packets transmitted before connection jumps to a new channel. The sniffer will not be able to follow the connection after that since it is not able to resolve the channel map.