The following guide will walk you through downloading, installing and using the official nRF Sniffer application for Nordic Semiconductors.
The Bluefruit LE Sniffer comes pre-flashed with the special sniffer firmware image, but you'll need to go to Nordic's website and download the nRF-Sniffer package to capture the data on Windows and push it out into Wireshark for packet by packet analysis.
Go to the nRF Sniffer product page downloads tab, then download the latest V1 version of the utility, and unzip it.
Inside this downloaded file you'll find the sniffer executable, which will open up the command-line tool when you click on it.
In order to use the sniffer utility you'll also need to download Wireshark, preferably verison 1.12.1 (the same one used in this tutorial).
You may need to explore the download mirrors, such as https://1.na.dl.wireshark.org/ to find the download link since they dont have a direct v1 link
Simply select the 32-bit or 64-bit Windows Installer and install it on your machine using the default settings:
Now that everything is installed, you can get started using the Bluefruit LE Sniffer and the sniffer bridge SW that pushes any sniffed data out into Wireshark ...
The nRF-Sniffer can only sniff one device at a time, so the first step is getting the sniffer running and then selecting the device that you want to debug.
Start nRF-Sniffer by running the ble-sniffer_win executable (for example: ble-sniffer_win_1.0.1_1111_Sniffer.exe).
This will try to detect the device running the nRF-Sniffer firmware over a UART COM port.
If the board isn't detected right away type 'f' to erase any previous com port settings, or try removing and then re-inserting the sniffer while the console application is running.
Once the sniffer is found, you should see a list of all BLE devices that were detected in listening range:
In this particular case, we'll select device number 2, which is a BLEFriend running the standard UART firmware.
Type the device number you want to sniffer (in this case '2'), and you should see the device highlighted in the list, similar to the image below:
At this point you can type 'w', which will try to open wireshark and start pushing data out via a dedicate pipe created by the nRF-Sniffer utility.