https://devzone.nordicsemi.com/f/nordic-q-a/67184/controlling-that-ble-is-encrypted---using-wireshark-and-nrf-52-dkHi, I am using nRF 52 DK as a sniffer and monitoring the BLE traffic on Wireshark. The goal of this is to ensure that the communication is encrypted. I can see that in the package there is a flag called &quot;encrypted&quot; - see picture below. Is thereen-USTelligent Community 13Wed, 11 Nov 2020 14:25:53 GMThttps://devzone.nordicsemi.com/thread/279523?ContentTypeID=1Wed, 11 Nov 2020 14:25:53 GMT137ad170-7792-4731-bb38-c0d22fbe4515:986ecea6-b484-44ff-a31a-c3b70b19fac5Kenneth<p>Not aware of any video in specific no, but just start Wireshark with the initial connection and bonding should do. You may need to do an erase all of the flash first to ensure that previous bonding information is gone.</p> <p>Best regards,<br />Kenneth</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/279482?ContentTypeID=1Wed, 11 Nov 2020 12:19:36 GMT137ad170-7792-4731-bb38-c0d22fbe4515:04b2f8c8-6c5f-4044-8194-5136cd09cf5aHussain<p>Do you have any video or tutorial for this thing. As I want to see the LTK for just works pairing via nrf52 dk sniffer</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/278019?ContentTypeID=1Mon, 02 Nov 2020 10:36:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2fdcd62a-2d11-4b94-b906-71e9a002adaeKenneth<p>If you are sniffing the bonding procedure when using &quot;just works&quot; pairing you should be able to get the LTK in one of the decrypted packets. In other bonding procedures (e.g MITM and passkey) you will not be able to sniff the LTK when using nRF Sniffer no.</p> <p>Best regards,<br />Kenneth</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/277990?ContentTypeID=1Mon, 02 Nov 2020 09:31:52 GMT137ad170-7792-4731-bb38-c0d22fbe4515:55583de8-e109-40bf-8caf-096455d1c5bdHussain<p>Hi ,</p> <p>I want to ask you that is there a way to know about LTK in sniffing and we can see in wireshark.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/275024?ContentTypeID=1Thu, 15 Oct 2020 09:53:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c07c398f-c19f-41ad-b773-2c145901b77fKenneth<p>Sorry no, but the fields are directly related to the BLE spec (which describe the actual implementation of link layer roles, crc, mic and encryption).</p> <p>Best regards,<br />Kenneth</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/274996?ContentTypeID=1Thu, 15 Oct 2020 07:49:15 GMT137ad170-7792-4731-bb38-c0d22fbe4515:fc79710e-48d8-46a5-b6b9-7bcaad78fca4Hussain<p>Hi,</p> <p>Is there a reference to some document regarding these explanation? which can be used as a reference.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/274874?ContentTypeID=1Wed, 14 Oct 2020 11:57:23 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8b34cb52-9d0c-4648-bbd9-949b2f67d915Kenneth<p>Hi,</p> <p>The sniffer will do the decryption in hardware (to meet the timing requirements). So Wireshark will only have access to the decrypted data. So you will need to refer to the flags if the link is encrypted or not:</p> <p><span>crc - w</span><span>as the CRC received by the sniffer OK.</span></p> <p><span>direction -&nbsp;Only relevant during connection. True -&gt; Master to Slave, False -&gt; Slave to Master</span></p> <p><span>encrypted -&nbsp;has the packet been encrypted.</span></p> <p><span>mic&nbsp;-&nbsp;</span><span>the message integriy check OK. Only relevant in encrypted state.</span></p> <p><span>Best regards,<br />Kenneth</span></p> <p></p><div style="clear:both;"></div>