Here's some useful tips for filtering BLE packets with Wireshark and the Nordic BLE Sniffer.
The internet provides little answer to filtering BLE advertisement packets within Wireshark. Wireshark requires odd looking entries to filter your data.
So let me share some hard won filters with you. (I'm using Wireshark 2.6.5 and Nordic nrf Sniffer 2.2)
MAC ADDRESS FILTERING BY btle.advertising_address
Within the Wireshark tool...
Left Click on Expression button and search on
btle
Bluetooth Low Energy Link Layer
Locate and build the following filter and enter desired MAC address to filter on.
Filter example:
btle.advertising_address == f2:f1:d1:a1:9c:1f
This will display all advertising packets with the defined MAC address.
ANY VALUE FILTERING BY BYTE SEQUENCE
Use Wireshark to filter on any defined byte sequence within your packet.
frame[index to first byte from packet start, #of bytes to check] = byte0:byte1:...
So to give an example, within the Wireshark tool...
Filter on MAC address.
Note the MAC address values MUST BE REVERSED to correspond to endian order in packet.
Enter the following text into the filter text field at top of Wireshark display:
frame[23:6] == 1f:9c:a1:d1:f1:f2
This will display all BLE advertising packets with the defined MAC address.
Such a filter can be used to filter on anything, including any byte sequence of any length from 1-n bytes.
Hope this helps you out.
Ken Huebner
Product Developer
