• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 74 subscribers
  • Views 1898 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 282719
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF52840 DK sniffer only displays ADV_IND

aladin.taleb

Hey! I'm trying to sniff the data moving between a Bluetooth LE button and a Central.

Installation of the Bluetooth LE Sniffer went pretty smoothly but Wireshark only shows `ADV_IND` packets.

  • nRF52840 DK
  • macOS Intel on Catalina
  • I have to use a USB-C hub to go from the DK to the MacBook Pro
  • Wireshark Version 3.6.1 (v3.6.1-0-ga0a473c7c1ba)
  • JLink version 7.60d
  • nRF Bluetooth sniffer v4.1.0

What can I do to see all the packets going between the the button and the central?

only_adv.pcapng

Parents
  • 0

    Hello,

    Normally, this means that you have not selected the device to listen for in the dropdown menu. When this is set to 'all advertising devices' the sniffer will not follow into any connections, but instead only listen for packets on the primary advertising channels. It does however seem like you have selected the device, so that should not be the issue here.

    Could you verify that the devices actually went into a connection while your sniffer was listening, and could you also ensure that you are listening to the correct device?
    Did the advertising packets keep on coming in even after the devices entered into the connection? If so, is this the correct behavior of the peripheral device, or could it be that you are targeting an incorrect device?

    In the attached sniffer trace it seems that you have not applied any filter / chosen a specific device to follow, but your screenshot seems to have all the correct filters set.
    For the record, you do not have to fill in the btle.advertising_address filter in the top bar if you make use of the key and value fields to follow your device. The filter specified in the top bar only filters what is viewable in the sniffer trace, as a convenience. You could try to remove this line, to see if this changes anything in your trace.

    Best regards,
    Karl

  • 0 in reply to Karl Ylvisaker

    Hey Karl, thanks for your answer!

    Yeah I'm positive that the device went into a connection while the sniffer was listening. The central is actually a node.js script on the mac - I'm able to follow the connection through it. I've also tried with the connection being made from my iPad - got the same issue. I've also double-checked the device id, I'm 100% sure it's the right device id.

    Once the connection is made, the advertising packets are not received. The button automatically disconnects after about 10sec. Once I wake up the button again, the advertising packets are coming back as expected.

    I was using `btle.advertising_address.filer` in the toolbar because selecting the device in the dropdown didn't filter anything.

    How should I use Key/Value to follow the device? Any other advise here?

  • 0 in reply to aladin.taleb

    Hello,

    aladin.taleb said:
    thanks for your answer!

    No problem at all, I am happy to help!

    aladin.taleb said:
    Yeah I'm positive that the device went into a connection while the sniffer was listening. The central is actually a node.js script on the mac - I'm able to follow the connection through it. I've also tried with the connection being made from my iPad - got the same issue. I've also double-checked the device id, I'm 100% sure it's the right device id.

    Thank you for confirming this. I assumed so, but I just wanted to make sure.

    aladin.taleb said:
    Once the connection is made, the advertising packets are not received. The button automatically disconnects after about 10sec. Once I wake up the button again, the advertising packets are coming back as expected.

    Great, this is also good to know - I assume it is the expected behavior of the device to stop advertising once a connection is made, since this is how most single concurrent-connection devices work.

    aladin.taleb said:

    I was using `btle.advertising_address.filer` in the toolbar because selecting the device in the dropdown didn't filter anything.

    How should I use Key/Value to follow the device? Any other advise here?

    Selecting the device in the dropdown did not filter anything? That is very strange.
    The key and value field can be used for different things, like following a LE Address without having seen it first (it only appears in the device drop down list after an advertising is picked up from it), or to follow privacy enabled devices through use of the IRK directly (the identity key, used for generating the new addresses), for instance.
    You can do this by selecting the desired key - such as Follow LE Address - and then inputting the value - the LE Address in this case - in the value field, and pressing the arrow button on the value field to apply it.

    aladin.taleb said:
    I gave it a try with v3.1.0 of the bluetooth sniffer. 

    I would recommend using the newest sniffer - v4.1.0 - instead. There has been made a lot of improvements on the sniffer with the v4.0.0 and v4.1.0 release.

    aladin.taleb said:
    When I connect the button, Wireshark outputs a CONNECT_IND packet - and the "device" drop down displays the correct name - but then nothing.

    This is strange indeed. Are the devices already paired/bonded, so that they could be reverting to their stored keys once the connection indication is received?
    If so, please delete the pairing/bond information on both devices, and re-do the connection + pairing/bonding while the sniffer is listening in (peripheral chosen in the drop-down menu).
    If not, could you show me the contents of the CONNECT_IND packet?

    Best regards,
    Karl

  • 0 in reply to Karl Ylvisaker
    Karl Ylvisaker said:
    Selecting the device in the dropdown did not filter anything? That is very strange.

    Yep it doesn't do anything. 

    Karl Ylvisaker said:

    You can do this by selecting the desired key - such as Follow LE Address - and then inputting the value - the LE Address in this case - in the value field, and pressing the arrow button on the value field to apply it.

    I am not sure I understand how that works. When I input an address in the "Value", the field gets all red and I cannot click on the arrow (see screenshot)

    Karl Ylvisaker said:
    This is strange indeed. Are the devices already paired/bonded, so that they could be reverting to their stored keys once the connection indication is received?

    To be honest, I don't know. It seems that anything can connect to this button.

    Karl Ylvisaker said:
    If not, could you show me the contents of the CONNECT_IND packet?

    Please find attached the trace with CONNECT_IND

    connect_ind.pcapng

  • 0 in reply to aladin.taleb

    Hello,

    Thank you for your patience with this.

    aladin.taleb said:
    I am not sure I understand how that works. When I input an address in the "Value", the field gets all red and I cannot click on the arrow (see screenshot)

    You will need to include the " (random)" or " (private)" at the end of address before it is a valid address.

    aladin.taleb said:
    To be honest, I don't know. It seems that anything can connect to this button.

    Could you use the "forget device" on your central side, and then redo the trace for the scenario in which the central establishes connection to the device, to see if there is any difference then?

    Best regards,
    Karl

  • 0 in reply to Karl Ylvisaker
    Karl Ylvisaker said:

    You will need to include the " (random)" or " (private)" at the end of address before it is a valid address.

    Okay, I had to add " public" to make the Value field not turn red but it didn't really help. 

    Karl Ylvisaker said:
    Could you use the "forget device" on your central side, and then redo the trace for the scenario in which the central establishes connection to the device, to see if there is any difference then?

    So the central side is a node.js script running on my mac. After digging into the library (@abandonware/noble) it seems that bonding/pairing is not supported so I don't see how "forgetting the device" would help.

    I've also tried to sniff a connection between my iPhone and the button but same thing: only `ADV_IND` are output on Wireshark.

    Any other ideas?

  • 0 in reply to aladin.taleb
    aladin.taleb said:
    Okay, I had to add " public" to make the Value field not turn red but it didn't really help. 

    Strange that this also made no difference.

    aladin.taleb said:

    So the central side is a node.js script running on my mac. After digging into the library (@abandonware/noble) it seems that bonding/pairing is not supported so I don't see how "forgetting the device" would help.

    I've also tried to sniff a connection between my iPhone and the button but same thing: only `ADV_IND` are output on Wireshark.

    I see - it is still strange that the sniffer log ends so abruptly, and that it does not perform as expected prior to the abrupt stop.
    Since the devices are able to connect this means that there is something wrong with the wireshark / sniffer.
    I will discuss this with some colleagues who work on Mac's, to see if they ever have experienced anything like this with wireshark, and if they are able to reproduce the behavior you describe.

    In the mean time, could you do a completely fresh install of the sniffer v4.1 - including reflashing of the sniffer device?
    Could you also try to switch which USB port you are using on the DK, to see if this makes any difference after the re-installation?
    I.e if you were using the programming port during regular operation, try to switch to the nRF USB port (after having successfully flashed the sniffer firmware), or visa versa.

    Best regards,
    Karl

Reply
  • 0 in reply to aladin.taleb
    aladin.taleb said:
    Okay, I had to add " public" to make the Value field not turn red but it didn't really help. 

    Strange that this also made no difference.

    aladin.taleb said:

    So the central side is a node.js script running on my mac. After digging into the library (@abandonware/noble) it seems that bonding/pairing is not supported so I don't see how "forgetting the device" would help.

    I've also tried to sniff a connection between my iPhone and the button but same thing: only `ADV_IND` are output on Wireshark.

    I see - it is still strange that the sniffer log ends so abruptly, and that it does not perform as expected prior to the abrupt stop.
    Since the devices are able to connect this means that there is something wrong with the wireshark / sniffer.
    I will discuss this with some colleagues who work on Mac's, to see if they ever have experienced anything like this with wireshark, and if they are able to reproduce the behavior you describe.

    In the mean time, could you do a completely fresh install of the sniffer v4.1 - including reflashing of the sniffer device?
    Could you also try to switch which USB port you are using on the DK, to see if this makes any difference after the re-installation?
    I.e if you were using the programming port during regular operation, try to switch to the nRF USB port (after having successfully flashed the sniffer firmware), or visa versa.

    Best regards,
    Karl

Children
  • +1 in reply to Karl Ylvisaker

    It seems that using the nRF USB port instead of "the other one" has made it work as expected!

    After reading through the doc - I now realise that there was a note about this... However, as a non-bluetooth expert, I just followed the hardware setup picture.

    The nRF USB connector is on the size of the DK - hence the mistake!

    Thanks for your support.

Related
Terms of service