Using Wireshark for BLE Packet Sniffing

We previously discussed the basic installation, and today we will talk about usage.If the plugin is configured correctly and the device is functioning properly, after refreshing the interface list, find the corresponding device port, double-click it, and you will see the following interface.Using Wireshark for BLE Packet SniffingWireshark main interface1. Selecting the Sniffing DeviceUsing Wireshark for BLE Packet SniffingSniffing device selectionThis shows our sniffing devices. If you have multiple sniffing devices, you can switch and select here.2. Selecting Broadcast DevicesUsing Wireshark for BLE Packet SniffingDevices to be trackedYou can select the broadcast device here, but for some reason, sometimes only a few are displayed, and sometimes none are shown.If you do not select a device here, you may only see broadcast packets. If you select a specific device here, you can see all subsequent data packets exchanged with that device. As shown in the figure below, you can see the packets on the data channel.If you cannot see the subsequent connection packets, disconnect and try again Using Wireshark for BLE Packet SniffingUsing Wireshark for BLE Packet SniffingData packets captured on the data channelIf the device has not enabled broadcasting, you will not see broadcast data. You can select ‘add le address’ from the key list and fill in the address of the device to be sniffed in the value field.And attach the address type (“public” or “random”). For example:<span>57:25:b0:81:eb:e5 random</span>If you want to filter data for a specific address, drag the corresponding address into the filter address bar.Using Wireshark for BLE Packet Sniffing3. KeysUsing Wireshark for BLE Packet Sniffing

Configure security keys and address tracking functions to decrypt encrypted communications or force sniff specific devices.

1. Legacy Passkey

  • Meaning: A 6-digit password in traditional pairing mode (e.g., <span>123456</span>).

  • Usage:

    • Used to decrypt pairing communications for BLE 4.1 and earlier versions (Passkey Entry mode).

    • During the pairing process, the device generates a temporary key using this password.

  • Input Format: Directly input 6 digits (e.g., <span>123456</span>).

2. Legacy OOB (Out-of-Band) Data

  • Meaning: Out-of-band authentication data in traditional pairing mode (e.g., keys exchanged via NFC or QR code).

  • Usage:

    • Used to decrypt communications paired via OOB (e.g., devices exchanging keys via NFC).

  • Input Format: 16-byte hexadecimal string (e.g., <span>00112233445566778899AABBCCDDEEFF</span>).

3. Legacy LTK (Long Term Key)

  • Meaning: A long-term encryption key generated during traditional pairing (16 bytes).

  • Usage:

    • Decrypt encrypted data after device connection (applicable for BLE 4.0-4.1).

    • Derived from the temporary key during the pairing process.

4. SC LTK (Secure Connections Long Term Key)

  • Meaning: A more secure long-term key generated by BLE 4.2+ Secure Connections.

  • Usage:

    • Decrypt data encrypted using secure connections for BLE 4.2+ devices.

    • Generated based on Elliptic Curve Cryptography (ECDH).

  • Input Format: Same as Legacy LTK (16 bytes hexadecimal).

5. SC Private Key

  • Meaning: The elliptic curve private key of the device in secure connections (ECDH private key).

  • Usage:

    • Used for advanced debugging, decrypting the key exchange process of secure connections.

    • Usually generated by the device firmware, generally does not require manual configuration.

  • Input Format: 32-byte hexadecimal string.

6. IRK (Identity Resolving Key)

  • Meaning: The identity resolving key used to track the device’s random private address (Random Private Address).

  • Usage:

    • Resolve the random address used by the device in broadcasting (e.g., <span>A1:B2:C3:D4:E5:F6 (random)</span>).

    • After binding, the device shares the IRK with the peer device.

7. Add LE Address

  • Meaning: Manually add a device address to the sniffing list.

  • Usage:

    • Force the sniffer to listen to devices that are not broadcasting (e.g., if the device is already connected).

8. Follow LE Address

  • Meaning: Continuously track the communication of a specified device.

  • Usage:

    • Maintain tracking even if the device switches channels or encrypts (requires use with LTK/IRK).

  • Input Format: Same as Add LE Address.

Using Wireshark for BLE Packet Sniffing4. ValueIn the Value text box, fill in the key or the address of the device to be tracked based on the options in the Key.Using Wireshark for BLE Packet Sniffing

5. Broadcast Channel Switching Order

Using Wireshark for BLE Packet SniffingAfter detecting broadcast data on channel 37, switch to channel 38 for listening, then switch to channel 39.

Related posts

  1. Why Our Wearable Device Does Not Use Bluetooth (BLE) Protocol
  2. Core Knowledge Points in C++ Programming
  3. How to Write Microcontroller Drivers Similar to C Using C#
  4. Comprehensive Overview of the 18 Major Industry Chains, Including the Latest Aircraft Industry Chain
  5. Introducing Semiconducting-to-Metallic Transitions in 2D PdSe2 Layers
  6. Introduction to Assembly Language Course Now Open!
  7. Comprehensive Overview of 5 Common Embedded Protocols (UART, RS232, RS485, IIC, SPI)
  8. Differences Between OSI and TCP/IP Models
  9. Crane Wheel Pressure Detection Method Using Sensor Array and Neural Network
  10. Btlejack: The Ultimate Toolbox for Low Energy Bluetooth Devices
  11. Bluetooth Low Energy and Tire Pressure Monitoring Testing
  12. Seven Mainstream BT5.0 Low-Power Bluetooth Chips and Their Applications
  13. In-Depth Analysis of BLE Connection Establishment Process
  14. BLE Wall Switch Solution Without Neutral Wire Connection
  15. Indoor Distance Measurement Positioning Method Considering BLE Beacon Geometry Optimization
  16. Efficient! Using This Wireless MCU to Design a BLE 5.3 Health Thermometer Sensor!
  17. Combining BLE, WIFI, Zigbee with NB-IoT and LoRa: A New Trend
  18. Overview of the CCC Digital Key Protocol from Vehicle BLE Perspective
  19. Efficient Design of BLE 5.3 Health Thermometer Sensor Using Wireless MCU

Leave a Comment