V1 Nordic nRF Sniffer

This page is for the V1 Sniffer firmware only! If you have V2, check the other page - the process has changed between versions.

The following guide will walk you through downloading, installing and using the official nRF Sniffer application for Nordic Semiconductors.

Getting the Sniffer Utility

The Bluefruit LE Sniffer comes pre-flashed with the special sniffer firmware image, but you'll need to go to Nordic's website and download the nRF-Sniffer package to capture the data on Windows and push it out into Wireshark for packet by packet analysis.

Go to the nRF Sniffer product page and click the 'downloads' tab, then download the latest version of the utility, as shown below, and unzip it:

Inside this downloaded file you'll find the sniffer executable, which will open up the command-line tool when you click on it.

Getting Wireshark

In order to use the sniffer utility you'll also need to download Wireshark, preferably verison 1.12.1 (the same one used in this tutorial).

You may need to explore the download mirrors, such as https://1.na.dl.wireshark.org/ to find the  download link since they dont have a direct v1 link

Simply select the 32-bit or 64-bit Windows Installer and install it on your machine using the default settings:

Make sure you are using a version greater than or equal to 1.12.1, but less than the most recent 2.x release family. The plugin is written with 1.12.x as a target.
Make sure that you install the libpcap library when installing Wireshark. Any log files captured by the python library are in libpcap format, and will require this library to work.

Running the Sniffer

Now that everything is installed, you can get started using the Bluefruit LE Sniffer and the sniffer bridge SW that pushes any sniffed data out into Wireshark ...

Select the Sniffer Target

The nRF-Sniffer can only sniff one device at a time, so the first step is getting the sniffer running and then selecting the device that you want to debug.

Start nRF-Sniffer by running the ble-sniffer_win executable (for example: ble-sniffer_win_1.0.1_1111_Sniffer.exe).

This will try to detect the device running the nRF-Sniffer firmware over a UART COM port.

If the board isn't detected right away type 'f' to erase any previous com port settings, or try removing and then re-inserting the sniffer while the console application is running.

Once the sniffer is found, you should see a list of all BLE devices that were detected in listening range:

If you see a warning in the application about your firmware being out of date and requesting to update it, IGNORE THE WARNING. The Adafruit boards run a slightly modified version of the sniffer firmware, which causes the tool to think it is out of date.

In this particular case, we'll select device number 2, which is a BLEFriend running the standard UART firmware.

Type the device number you want to sniffer (in this case '2'), and you should see the device highlighted in the list, similar to the image below:

At this point you can type 'w', which will try to open wireshark and start pushing data out via a dedicate pipe created by the nRF-Sniffer utility.

This guide was first published on Nov 19, 2014. It was last updated on Oct 18, 2018. This page (V1 Nordic nRF Sniffer) was last updated on Aug 12, 2018.