nRF ble sniffer for authenticated connections

Question

To the kind attention of Nordic support team, 
 I have been using nRF ble sniffer successfully, it is a great tool. But I have some troubles when it comes to use it for ble authenticated connections (I'm using a device that introduce a passkey, 
 having got a key matrix). 
 After: 
 1.Sent Pairing DHKey Check 
 2.Rcvd Pairing DHKey Check 
 3.LL_ENC_REQ 
 4.LL_ENC_RSP 
 5.LL_START_ENC_REQ 
 I always get "Encrypted packet decrypted incorrectly (bad MIC)". I'm using Wireshark version 3.4.6 and nrf_sniffer_for_bluetooth_le_3.1.0_7cc811f packet for extcap and nRF52840 dk as the 
 hw. Do you think is there something I could do so to solve this issue? What is the recommended configuration? Should I be able to sniff the authenticated connection? 
 Thank you very much for your help, 
 Best regards

run_ar · Accepted Answer

Hi, 
 As long as you have just works encryption that should be enough if you want to check the reliability of the connection. The difference in encryption levels dictates how hard it is to pick up the keys. For reconnect after bonding tests, you would like to have the same pairing metod, i.e. LESC or Legacy. but for reliability of the connection you either run with encryption or you don't (ccm is not used if you do not run with encryption).

nRF ble sniffer for authenticated connections

Top Replies