Once things are all setup, usage is fairly easy. However, there are numerous separate items that need to be installed and configured. So the initial setup can be a bit cumbersome. We'll go through each step, but it can also help to have a general understanding of the overall setup.
Here's a simplified diagram of the setup:
Here's a summary of all the parts needed:
- The actual BLE sniffing hardware. This guide uses the Adafruit Bluefruit LE Sniffer with V2 firmware.
- The BLE Sniffer uses a Silicon Labs CP2104 to provide USB to serial conversion. In order for this to show up as a COM port, the Silicon Labs Virtual COM Port driver is needed.
- The BLE sniffing plugin uses Python.
- To talk to the virtual com port from Python, the pyserial module needs to be installed.
- Wireshark is the main software front end used to facilitate BLE sniffing and decoding.
- To talk to the BLE sniffer from Wireshark, the Nordic Semiconductor nRF Sniffer for BLE plugin in is used.
These parts come from numerous different sources - at least 5 different vendors are shown in the diagram above. So this will be quite the journey. Here we go...
Silicon Labs VCP Driver
This driver allows the CP2104 chip on the Adafruit BLE Sniffer to show up as a COM port on your PC.
Once installed, a COM port should show up on your PC when the Adafruit BLE Sniffer is plugged into a USB port. It should have CP210x in the name.
This check does not require any of the other software components we install later. So if a COM port is not showing up at this point, do not proceed further until determining why.
Python 3
If Python 3 is not already installed on your system, go to the Python main page to learn how to download and install it for your specific system:
It should now be possible to launch Python and run some simple commands:
On Windows, try using py
to launch Python.
It should now be possible to launch Python and import the pyserial package:
NOTE: the import is actually serial
, not pyserial.
Install Wireshark
Go to the Wireshark main page to learn how to download and install Wireshark for your specific system:
Once complete, it should be possible to run Wireshark and at least get the start screen:
Install BLE Sniffer Plugin
OK, finally, the thing we actually care about. The thing that will let us talk to the Adafruit BLE Sniffer and do some actual BLE sniffing. Let's download and install that BLE sniffing plugin!
Download Plugin from Nordic
Start by downloading the nRF Sniffer for BLE package from Nordic Semiconductor:
This will be a ZIP file. At the time of this guide, the version is 4.0.
Determine Wireshark Plugin Folder Location (extcap)
We need to install items from the ZIP file downloaded from Nordic into a specific Wireshark folder location. This location is different on different systems. To determine it for your system, do this:
We'll refer to this folder location as the Wireshark extcap folder.
Install BLE Sniffer Plugin into Wireshark
To install the plugin, simply copy the files shown below from the ZIP downloaded from Nordic into the Wireshark extcap folder location determined above.
Open the ZIP file downloaded from Nordic:
Final Check and Test Capture
OK, now we can test things out with some real actual BLE sniffing! woot!
- Plug in the Adafruit BLE Sniffer.
- Launch Wireshark.
- The sniffer should show up under the available capture devices.
- Double click on the sniffer capture device.
- This will open the device and start capturing.
- If there is BLE traffic, it will be seen right away.
- If there is no BLE traffic, it will look like this.
- Note the device has opened properly and is sniffing, there's just nothing to be seen.
interface, extcap_version = interface.split('-')
interface, extcap_version = interface.rsplit('-', 1)
Next Steps
Once everything is working as shown above, you are ready to move on to working with these BLE packets.
Text editor powered by tinymce.