Low-cost BLE sniffer

Most BLE sniffers are expensive (and probably not affordable to small teams). The nRF52 DK (Nordic evaluation board) offers a ready-to use software able to provide a BLE sniffer function under Wireshark: nRF Sniffer for Bluetooth LE - nordicsemi.com

Once installed, you can capture / filter / decode BLE messages easily when your nRF52 board is between your central and your peripheral board. The capture below shows the SMP exchanges between ble_central_client_bond and ble_peripheral_server_bond running on 2 RSL10 evaluation boards:

This sniffer can also decode LE encrypted frames if at least one side uses the predefined ECDH keys private / public key pair described by https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=421043 at page 2318

The tricky thing for RSL10 is that the debug keys must be defined byte-reversed (in the app.h of either ble_central_client_bond or ble_peripheral_server_bond), as described by KB: How to use Bluetooth LE security manager in debug mode

I consider this BLE sniffer worth the price!

2 Likes

Hi @rvs,

Thank you for your great contribution to our Community Forum.