Once things are all setup, usage is fairly easy. However, there are numerous separate items that need to be installed and configured. So the initial setup can be a bit cumbersome. We'll go through each step, but it can also help to have a general understanding of the overall setup.
Here's a simplified diagram of the setup:
Here's a summary of all the parts needed:
- The actual BLE sniffing hardware. This guide uses the Adafruit Bluefruit LE Sniffer with V2 firmware.
- The BLE Sniffer uses a Silicon Labs CP2104 to provide USB to serial conversion. In order for this to show up as a COM port, the Silicon Labs Virtual COM Port driver is needed.
- The BLE sniffing plugin uses Python.
- To talk to the virtual com port from Python, the pyserial module needs to be installed.
- Wireshark is the main software front end used to facilitate BLE sniffing and decoding.
- To talk to the BLE sniffer from Wireshark, the Nordic Semiconductor nRF Sniffer for BLE plugin in is used.
These parts come from numerous different sources - at least 5 different vendors are shown in the diagram above. So this will be quite the journey. Here we go...
This driver allows the CP2104 chip on the Adafruit BLE Sniffer to show up as a COM port on your PC.
Once installed, a COM port should show up on your PC when the Adafruit BLE Sniffer is plugged into a USB port. It should have CP210x in the name.
This check does not require any of the other software components we install later. So if a COM port is not showing up at this point, do not proceed further until determining why.
If Python 3 is not already installed on your system, go to the Python main page to learn how to download and install it for your specific system:
It should now be possible to launch Python and run some simple commands:
On Windows, try using
py to launch Python.
It should now be possible to launch Python and import the pyserial package:
NOTE: the import is actually
serial, not pyserial.
Go to the Wireshark main page to learn how to download and install Wireshark for your specific system:
Once complete, it should be possible to run Wireshark and at least get the start screen:
OK, finally, the thing we actually care about. The thing that will let us talk to the Adafruit BLE Sniffer and do some actual BLE sniffing. Let's download and install that BLE sniffing plugin!
Download Plugin from Nordic
Start by downloading the nRF Sniffer for BLE package from Nordic Semiconductor:
This will be a ZIP file. At the time of this guide, the version is 4.0.
Determine Wireshark Plugin Folder Location (extcap)
We need to install items from the ZIP file downloaded from Nordic into a specific Wireshark folder location. This location is different on different systems. To determine it for your system, do this:
Open Wireshark, in the Help menu select About wireshark
In the Folders tab, find the extcap path
We'll refer to this folder location as the Wireshark extcap folder.
Install BLE Sniffer Plugin into Wireshark
To install the plugin, simply copy the files shown below from the ZIP downloaded from Nordic into the Wireshark extcap folder location determined above.
Open the ZIP file downloaded from Nordic:
We only need the contents of the extcap folder from the ZIP file.
Extract and copy all of the contents of the extcap folder to the Wireshark extcap folder location.
OK, now we can test things out with some real actual BLE sniffing! woot!