This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Sniffing BLE 5.0 packets

Hi,

I am aware of how to use nRF51 sniffer with wireshark.

But in my current project, I am not able to sniff data packets. I am not sure which BLE stack is used in the product. whether it is BLE 4.2 or BLE 5.0.

I am able to capture advertising packets. I am able to capture connection request. I am able to capture empty PDUs.

Is there any way that I can identify the stack version from advertising packets or connection request?

Can we sniff packets of BLE mesh network via nRF51 sniffer?

  • Hi Ankit,

    Beside connection request and empty PDUs, what else can you capture ? Can you capture the Security encryption request ? Or PHY change request ? and Feature request ?

    The feature request and response will reveal if 4.2 is supported or not.

    Could you post a screenshot of a captured session ?

    The nRF51 sniffer should be able to BLE mesh packets, as long as the Mesh use the default advertising access address 0x8E89BED6. But it was not made to parse them and follow a communication (SAR packets for example)

  • Here I am attaching a snapshot of captured BLE packets.pimgpsh_fullsize_distr.png

  • Can you just upload the sniffer trace file, instead of the snapshot? You can send me via PM if there is anything confidential.

    From what I'm seeing, it seems more like the sniffer couldn't capture all packets from the peers. You need to make sure you leave the sniffer close to both of the 2 devices (dozens of cm) Which board did you use as the sniffer ?

  • I am able to capture logs for other devices which are BLE 4.2 supported. But I doubt that the device which I am not able to capture logs is supported by BLE 5.0.

    But still I will send you the trace file.

  • If you use our sniffer, you will only able to sniff BLE 4.0 . But it's not a problem because from the trace we still can see what's going on and can see if there is any feature of BLE 4.2 or 5.0 is requested (before the sniffer loses the connection).