This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is it possible to sniff 6lowpan\coap over BLE with wireshark?

I'm using the latest SDK (14.1) and have got a working COAP server running over BLE on a nRF52DK, and can exercise the service from my Ubuntu desktop without any problem.

I have a separate windows machine running the Nordic sniffer which I've been using successfully to sniff GATT data.

Is is possible to configure Wireshark to decode the 6lowpan traffic over BLE, if so how.

At the moment I can see the connect request, but no more. I'm not sure if I'm just missing a configuration step, or if there's some fundamental piece not missing. I can't believe I'm the first person to try this, but I don't see anyone else asking the same question.

Any suggestions?

Thanks.

iot trace fail.pcapng

Parents
  • Hi Phil, this should be possible, i.e. Wireshark should be able to decode the 6lowpan packet within the BLE packets. Could you post a trace? Also you should use Wireshark 2.4.1 or greater as it supports re-assemply of longer BTLE frames.

  • Thanks Bjørn, I'm using Wireshark 2.4.2. I've attached a capture to the original question. You can see in there the peripheral advertising with occasional scan requests originating from my phone.

    At packet #354 I attempt a GATT connection with nRF connect on my phone, the connection is OK, and you can see the connection is maintained for a while until the app disconnects.

    Then at #1555 I connect from my ubuntu box, and the trace ends at the connect request. The connect actually succeeds and I can exercise the COAP server.

    If I disconnect the Ubuntu box, I see advertising resume but subsequent connects result in the same behaviour, I see the connect request but no more.

    I feel like there's some configuration step I've missed out somewhere. If I create a connection with hcitool lecc I see the connection initial feature exchange MTU negotiation and then empty connection events with no problem.

Reply
  • Thanks Bjørn, I'm using Wireshark 2.4.2. I've attached a capture to the original question. You can see in there the peripheral advertising with occasional scan requests originating from my phone.

    At packet #354 I attempt a GATT connection with nRF connect on my phone, the connection is OK, and you can see the connection is maintained for a while until the app disconnects.

    Then at #1555 I connect from my ubuntu box, and the trace ends at the connect request. The connect actually succeeds and I can exercise the COAP server.

    If I disconnect the Ubuntu box, I see advertising resume but subsequent connects result in the same behaviour, I see the connect request but no more.

    I feel like there's some configuration step I've missed out somewhere. If I create a connection with hcitool lecc I see the connection initial feature exchange MTU negotiation and then empty connection events with no problem.

Children
No Data
Related