Is nRF Sniffer doing decryption?

RE: Is nRF Sniffer doing decryption?

Vidar Berg — Tue, 24 May 2016 11:27:58 GMT

You have to start sniffing before the connection is established, and then you will only be able to follow the first 10 to 20 packets transmitted before connection jumps to a new channel. The sniffer will not be able to follow the connection after that since it is not able to resolve the channel map.

RE: Is nRF Sniffer doing decryption?

Elias — Mon, 23 May 2016 23:12:20 GMT

You answered my first question, but when the connection is encrypted, I cannot see any traffic whatsoever, even though I know some (presumably encrypted) traffic is happening. Should I actually be getting the junk packets, or is there a way to enable viewing them?

Alternatively, sniffing a secure connection from the start and then deleting the keys to simulate this would also be acceptable. I still want to actually see the encrypted packets.

RE: Is nRF Sniffer doing decryption?

Vidar Berg — Mon, 23 May 2016 19:51:11 GMT

The sniffer picks up the encryption key if it is listening during the key exchange, and when it has this key it is able to decrypt the BLE traffic. But the sniffer will not be able to decrypt the packets if the key exchange took place before it started 'sniffing'. You will then see "junk" traffic.