• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 9 replies
  • Subscribers 64 subscribers
  • Views 4712 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 107402
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF Sniffer intercept ADV, SCAN and CONNECT packages but no data packages

Zitter

Hi,

I have a BLE thermometer I want to snif using nRF-Sniffer and Wireshark.

Unfortunately I'm unable to sniff the data, I only see the initial "hand-shake".

Process:

a) I start RF-Sniffer and then Wireshark

b) I initialize pairing between the themometer and an iOS device.

What I see:
Approx. 35 packages are exchanged as the pairing is initialized (screenshot below). Most are ADV packages but there are also some SCAN packages too and then finally a CONNECT package. After that all goes silent.

After the pairing: On the iOS device I can see that the temparature changes up and down as I apply different temperatures on thermometer - i.e. data most be exchanging between the devices. Unfortunately I'm unable to intercepting any of those data packages.

The set-up:

  • nRF51 dongle - PCA10031

  • nRF-Sniffer 1.0.1_1111

  • Wireshark 1.12

The thermometer and the Ios device is placed on a table approx. 15 cm appart with the nRF51 dongle placed in the middle between them

Any suggestiongs would be highly appreciated...

Note: I have also tested another BLE device (i.e. a heart rate monitor) with the same iOS device and same set-up. Here I see a flood of data packages being intercepted. I therefore assume that there is something special about this particular thermometer that I am overlooking. But what might it be?

image description Capture 2 (used at forum).pcapng

  • 0

    @Zitter: Could you let me know which iOS device did you use and the iOS version running on it ?

    It's could be the issue that the peripheral is not Nordic, but it should has nothing to do with the packets from the central which is an iOS device. I'm suspecting the issue with the clock accuracy on the Iphone 6 that is not matched with the accuracy on the CONNECT REQ.

    Could you upload a trace that you test with the same phone and a Nordic device ?

  • 0

    I've tried this with an iPad air 1. I've also tried it with an Android Galaxy 3 and an Windows Phone Lumia 930. I get the same result in all cases.

    With a Nordic device, do you mean a device purchased in the Nordics or do you mean a device with a Nordic Semiconductor chip inside? :-) I suspect that the thermometer could be from the US.

  • 0

    I'll do a new trace later tonight. I'll also try and do the test in another venue to see if the issue observed might be interference related.

  • 0

    @Zitter: We did some more investigation on the trace you sent us. The interesting part is that the CONNECT REQ was on channel 38 but there was no advertising packet on channel 38 captured right before that. The way our chip broadcasting (and scanner scanning) by default hopping from channel 37 to 38 and then 39. I suspect that the hopping sequence could be different on Broadcom chip. The sniffer didn't expect the CONNECT REQ in that case (because it hasn't received the advertising packet to perpare for the connect request) so this explain why the connection wasn't followed.

    My suggestion for you is to try changing the channel hopping secquence for scanning. You can do that by pressing "h" in the scaner console. Then you can select the hopping sequence, or can select to scan for just 1 channel. Note that if you scan for 1 channel there is only 33% chance that you can catch a connection. But it worth some tries. I would suggest to try on channel 38.

Related