dev-resources.site
for different kinds of informations.
Capturing the perfect (radio) wave
Introduction
When developing and debugging bluetooth solutions, it is often necessary to know exactly what is communicated in the air between connected devices.
For this purpose, a Bluetooth Protocol Analyzer (or Bluetooth Sniffer) is needed and in this post, I’ll show you how to get started, using the RFcreations mini-moreph together with the blueSpy software, available for download on the RCcreations website.
The software is available for Linux, Windows and Mac. A big plus for me, as I am using Linux on my main development machine.
Getting started with Bluetooth sniffers
Even though I have been developing software in general for almost 40 years and wireless related for the last 10, only recently, I’ve been introduced to using Bluetooth protocol analyzers to debug Bluetooth solutions and this has been a great eye-opener for me (comparable to when I got my first oscilloscope after having done electronics “in the blind” for some years).
I am not an expert (yet) but find the blueSpy software very enjoyable to use and even though the RFcreations solution can capture and analyze very advanced stuff, I’m happy to see that the UI is snappy and the UX being very intuitive. This allows me to explore and learn while using the tool and not being required to look through a bunch of documentation at the same time.
Our first capture
I thought about what would be a good first capture, and remembered, I recently made a very simple Bluetooth Low Energy demo using Zephyr and Web, covered in an earlier post.
After powering up the Nordic Semiconductor nRF52840 Dongle, I connected the mini-moreph via USB and started the blueSpy software.
Initially, the screen looks like this:
NOTE: If the device is not automatically found and you are using Linux, remember to add a udev rule to allow userspace access to the device (see the PDF manual included with the software):
SUBSYSTEM=="usb", ATTRS{idVendor}=="2bbd", ATTRS{idProduct}=="00f3", MODE="0666"
Starting the capture
Click the red capture button to start capturing all traffic in the air. You should now see the “Filter devices” tab to the right quickly being filled with devices found around the analyzer. At first it can look a bit chaotic, but clicking the search button in the upper right corner allows you to write a partial name, which should quickly bring the device of interest to the top of the table.
NOTE: I’ve also disabled WiFi capture and a few others in this example (keeping the summary view clean and focused).
Now click the check mark in the “Shown” column for that device and see the filtered traffic starting to flow in the summary panel.
We quickly see a bunch of advertising data, emitted from the ‘Simple Web Zephyr’ dongle.
Connecting from Web
Now, from a phone, I open the test web page for the project and request a connection to the dongle. Then we see the following initial handshake in the capture summary, including discovery of the service requested from the web application.
If I try to press and release the button on the nRF Dongle, I see two notifications being sent from the dongle. The first with the payload value 0x01 (indicating "Pressed")...
...and the second with the payload value 0x00 (indicating "Released") - just as expected:
From the web application, I now select the color red (payload: [0xFF, 0x00, 0x00])…
…followed by blue (payload: [0x00, 0x00, 0xFF])…
Again, the data captured is as expected, but it’s nice to verify :)
Disconnecting the web application from the dongle lets the dongle firmware go back to advertising mode, which we verify in the summary pane.
Storing capture files
Sometimes, capture files can become quite large - especially if the capture was made in an area with a lot of wireless traffic. To help solve this problem, I found a very neat feature in the blueSpy software file menu, called “Save Advanced…”, which allows you to store just the packets shown in the current filtered summary.
In my case, this brought the capture file size down to ~2Mb (compared to ~90Mb for the full capture).
Conclusion
I had great fun, finally being able to see the Bluetooth traffic in the air after developing and debugging Bluetooth solutions “in the blind” for years - and blueSpy made it enjoyable.
In my next post, I’ll try to capture some LE Audio Broadcast sources to see how the analyzer handles those.
Featured ones: