Once things are all setup, usage is fairly easy. However, there are numerous separate items that need to be installed and configured. So the initial setup can be a bit cumbersome. We'll go through each step, but it can also help to have a general understanding of the overall setup.

Here's a simplified diagram of the setup:

Here's a summary of all the parts needed:

  1. The actual BLE sniffing hardware. This guide uses the Adafruit Bluefruit LE Sniffer with V2 firmware.
  2. The BLE Sniffer uses a Silicon Labs CP2104 to provide USB to serial conversion. In order for this to show up as a COM port, the Silicon Labs Virtual COM Port driver is needed.
  3. The BLE sniffing plugin uses Python.
  4. To talk to the virtual com port from Python, the pyserial module needs to be installed.
  5. Wireshark is the main software front end used to facilitate BLE sniffing and decoding.
  6. To talk to the BLE sniffer from Wireshark, the Nordic Semiconductor nRF Sniffer for BLE plugin in is used.

These parts come from numerous different sources - at least 5 different vendors are shown in the diagram above. So this will be quite the journey. Here we go...

BLE Sniffer Hardware

You'll need one of these:

Angled shot of bluetooth sniffer device.
Interested in learning how Bluetooth Low Energy works down to the packet level? Debugging your own BLE hardware, and trying to spot where something is going wrong? Or maybe you're...

Silicon Labs VCP Driver

This driver allows the CP2104 chip on the Adafruit BLE Sniffer to show up as a COM port on your PC.

Once installed, a COM port should show up on your PC when the Adafruit BLE Sniffer is plugged into a USB port. It should have CP210x in the name.

This check does not require any of the other software components we install later. So if a COM port is not showing up at this point, do not proceed further until determining why.

Python 3

If Python 3 is not already installed on your system, go to the Python main page to learn how to download and install it for your specific system:

It should now be possible to launch Python and run some simple commands:

On Windows, try using py to launch Python.

Python Serial Support

To provide access to the COM port, install the pyserial package.

It should now be possible to launch Python and import the pyserial package:

NOTE: the import is actually serial, not pyserial.

Install Wireshark

Go to the Wireshark main page to learn how to download and install Wireshark for your specific system:

Once complete, it should be possible to run Wireshark and at least get the start screen:

Install BLE Sniffer Plugin

OK, finally, the thing we actually care about. The thing that will let us talk to the Adafruit BLE Sniffer and do some actual BLE sniffing. Let's download and install that BLE sniffing plugin!

Download Plugin from Nordic

Start by downloading the nRF Sniffer for BLE package from Nordic Semiconductor:

This will be a ZIP file. At the time of this guide, the version is 4.0.

Determine Wireshark Plugin Folder Location (extcap)

We need to install items from the ZIP file downloaded from Nordic into a specific Wireshark folder location.  This location is different on different systems. To determine it for your system, do this:

Open Wireshark, in the Help menu select About wireshark

In the Folders tab, find the extcap path

We'll refer to this folder location as the Wireshark extcap folder.

Install BLE Sniffer Plugin into Wireshark

To install the plugin, simply copy the files shown below from the ZIP downloaded from Nordic into the Wireshark extcap folder location determined above.

Open the ZIP file downloaded from Nordic:

We only need the contents of the extcap folder from the ZIP file.

Extract and copy all of the contents of the extcap folder to the Wireshark extcap folder location.

Final Check and Test Capture

OK, now we can test things out with some real actual BLE sniffing! woot!

  • Plug in the Adafruit BLE Sniffer.
  • Launch Wireshark.
  • The sniffer should show up under the available capture devices.
  • Double click on the sniffer capture device.
  • This will open the device and start capturing.
  • If there is BLE traffic, it will be seen right away.
  • If there is no BLE traffic, it will look like this.
  • Note the device has opened properly and is sniffing, there's just nothing to be seen.
MacOS device names do not parse correctly with the 4.1.1 extcap/nrf_sniffer_ble.py script. This currently requires a small change of interface.split to interface.rsplit to parse correctly. See forum post for additional details. https://forums.adafruit.com/viewtopic.php?t=202787
interface, extcap_version = interface.split('-')
interface, extcap_version = interface.rsplit('-', 1)

Next Steps

Once everything is working as shown above, you are ready to move on to working with these BLE packets.

This guide was first published on Nov 19, 2014. It was last updated on Mar 08, 2024.

This page (Using with Sniffer V2 and Python3) was last updated on Mar 08, 2024.

Text editor powered by tinymce.