nRF52840 Dongle BLE Sniffing

Hi,

The nRF Sniffer for Bluetooth LE is supported on the nRF52840 Dongle. You can see supported DKs and Dongles under nRF Sniffer for Bluetooth LE > Minimum requirements.

Information about installation and how to use the sniffer can be found in the documentation here: nRF Sniffer for Bluetooth LE.

Best regards,

Marte

Thanks for this. I have successfully followed the instructions and now I am able to see BLE packets in Wireshark with the provided profile.

But all I see is advertising packets.

How can I see messages between bonded/paired devices ?

The documentation says:

1. Run the nRF Sniffer (if not already running).
2. Select your device from the device list.
3. Enter the LTK for the bond.

But I don't have the LTK.

I also followed the "Sniffing the pairing procedure of a connection" instructions but I could not get packetrs other than advertising.

My devices pair withput a key. I just turn both devices on (reset them to force bonding) and select the device B from device A menu.

Edit:

I finally managed to sniff packets other than advertising data. But that only happens in the same session.

To continue capturing in another session, I got the LTK from the first session but I was not able to use it.

The problem is that,

1.device B starts pairing to device A

2.Then I get 2 LTKs (one is from master, the other one is from slave)

3.In the next session, device A does not advertise because it is already bonded, so I can not select it from the device list.

4. If I select device B from the list , then I try both LTK to get packets, I can not get any data other than advertising data.

What am I doing wrong ?

Hi,

If the device is not advertising you can add the device's LE address to the device list, as explained under Add LE Address in nRF Sniffer usage.

Best regards,

Marte

Thank you.

Now I am able to get packets from that specific device.

However, I see "Encrypted packet decrypted incorrectly (bad MIC)" info

In fact, from the previous pairing session I got the LTK.

I got 2 LTKs, one from master device (sent encryption information)

value: 24c2432367ca4ba062aa2be421b233e5

one from the slave device (rcvd encryption information)

value: c4383dae339da6bb0be21f61bd7cd0b6

I tried both values entering them on the value field like 0xc4383dae339da6bb0be21f61bd7cd0b6

selecting Legacy LTK

but it is still not decrypting.

Any ideas about where am I doing wrong ?

thanks.

Thank you.

Now I am able to get packets from that specific device.

However, I see "Encrypted packet decrypted incorrectly (bad MIC)" info

In fact, from the previous pairing session I got the LTK.

I got 2 LTKs, one from master device (sent encryption information)

value: 24c2432367ca4ba062aa2be421b233e5

one from the slave device (rcvd encryption information)

value: c4383dae339da6bb0be21f61bd7cd0b6

I tried both values entering them on the value field like 0xc4383dae339da6bb0be21f61bd7cd0b6

selecting Legacy LTK

but it is still not decrypting.

Any ideas about where am I doing wrong ?

thanks.

what might be wrong ?

Hi,

It is difficult to say without looking at the sniffer trace. Can you upload it here as a pcap file?

Best regarads,

Marte

did you see my post below ? Is it helpful to understand the problem ?