Recommended
Related

BLE Sniffer in Linux using Wireshark

Stian Røed Hafskjold

Here is a small guide on how to build Wireshark with a BLE plugin under linux, with a small example on using this plugin with the Nordic Sniffer API.

##Prerequisites

  • nRF Dongle (PCA10031/PCA10000) or similar
  • Working installation of SEGGER J-Link drivers (To flash the chip with the firmware)
  • Python 2.7

###Tested using

  • Ubuntu 14.04.3
  • Wireshark version 1.12.0

##Sniffer API Download the Sniffer API and firmware here: nRF Sniffer

Inside the zip-file you will find another zip-file called SnifferAPI.zip. Unzip the content of this file to your workspace. These are the files you need. The "Sniffer API" folder contains the python API, and the "wireshark_dissector_source" folder contains the plugin source.

##Build Wireshark with BLE plugin

###Dependencies

For Ubuntu:

sudo apt-get install build-essential automake autoconf libgtk2.0-dev libglib2.0-dev libpcap0.8-dev flex bison

Also check out the Wireshark wiki: https://wiki.wireshark.org/Development

###Build

  • Download the Wireshark plugin: nordic_ble_linux-1.12.0.zip

  • Download the Wireshark source: wireshark-1.12.0.tar.bz2

  • Decompress wireshark-1.12.0.tar.bz2 and move into created folder (wireshark-1.12.0)

  • Decompress nordic_ble_linux-1.12.0.zip in plugins folder

  • Move Custom files to plugins folder

    $ mv plugins/nordic_ble/Custom.m4-1.12.0 plugins/Custom.m4 $ mv plugins/nordic_ble/Custom.make-1.12.0 plugins/Custom.make $ mv plugins/nordic_ble/Custom.nmake-1.12.0 plugins/Custom.nmake

  • Add packet-nordic_ble.c from the "wireshark_dissector_source" folder in the Sniffer API to plugins/nordic_ble folder

  • Compile wireshark:

    $ ./autogen.sh $ ./configure $ make

  • Then run wireshark to see if it works:

    $ ./wireshark

##Flash firmware

Flash the chip with the firmware included in the "Firmware" folder in the Sniffer API zip file you downloaded (ble-sniffer_nRF51822_1.0.1_1111_Sniffer.hex), using JLinkExe or preferred tool. No need to flash softdevice first.

##Linux example code

  • Download the example python script here: example_linux.py

  • Put it in the Sniffer API root folder (Called "SnifferAPIBuild" after the unzip)

  • install the "pyserial" python 2.7 package:

    pip install pyserial

In the example script under def setup() you can set the UART port for the nRF USB dongle. In Ubuntu it should enumerate under "/dev/ttyACM0". Check to see if this is the case:

ls -l /dev/ttyACM0

Also set the address of the device you want to sniff (tls_dev_addr)

Run the example script:

sudo python linux_example.py

(You might need to run as sudo to access the UART port)

If the device is found, run Wireshark (from the Wireshark root folder) using:

./wireshark -Y btle -k -i /home/username/snifferAPI_directory/SnifferAPIBuild/logs/nordic_ble.pipe

(This command will also be output from the script when the sniffer successfully finds the device. So you can copy/paste it to get the right path for the nordic_ble.pipe file)

Wireshark should start to show the packets now.

Parents

  • The SnifferAPIBuild/logs/nordic_ble.pipe used when running wireshark did not come with files I downloaded through the provided links. Where do i find this file? Or have I done something wrong?

    Some of the files are in need for an update and some of the users experiences could be added for ease of installation for new adopters, but otherwise a nice guide.

Comment

  • The SnifferAPIBuild/logs/nordic_ble.pipe used when running wireshark did not come with files I downloaded through the provided links. Where do i find this file? Or have I done something wrong?

    Some of the files are in need for an update and some of the users experiences could be added for ease of installation for new adopters, but otherwise a nice guide.

Children
No Data