Hi,
I've installed nRF sniffer version 2-0-0-beta on nRF52832 DK and verified it with BLE Beacon example. It works nice.
But when running light-switch example from Mesh SDK I don't see any packets in wireshark. Moreover, the wireshark doesn't see the device with such MAC address at all.
Any ideas?
hello au,
It was a few months back (on Mesh SDK v0.9.2, I believe) but my team did some basic analysis with nRF Sniffer and although we did manage to capture mesh packets, they obviously (apart from some basic info) weren't usable to trace any mesh specific data since the packets are obfuscated and parts are encrypted at the mesh network layer.
From recollection, I believe Wireshark shows the Bluetooth MAC address (see offset 0x17 - 0x1C in the Wireshark image) i.e. the Nordic FICR->DEVICEADDR[0][1] value (see offest 0x100000A4 in the J-Mem image below) within the packet as well as the AD Type (see offset 0x1E in the Wireshark image). This specific packet shows an AD Type of 0x2A which corresponds to a Mesh Message (i.e. not a provisioning or beacon packet). The rest (as mentioned above is obfuscated & encrypted) however can be resolved by using the Privacy and network keys used by the mesh network.
We did some basic work on the de-obfuscation/decryption side of things but haven't rolled those into a Wireshark extension at this time. (Based on some feedback which we received, I believe that Nordic are planning/have planned to do some work to ensure that nRF Sniffer works with mesh but obviously I'm not privy to any timetable on that!)
(1) - Wireshark Mesh packet
(2) - FICR->DEVICEADDR[0][1] value
(3) - Bluetooth SIG Mesh packet AD-Types
Hope this helps!!!
Regards,
