Skip to content
mbedded.ninja

How to Sniff Bluetooth Packets

Authors:
Geoffrey Hunter
Geoffrey Hunter
Published On:
Jun 22, 2026
Last Updated:
Jun 22, 2026

You can sniff Bluetooth BLE packets using Wireshark the nrfutil ble-sniffer command, and a supported nRF hardware BLE radio such as the nRF52840 dongle or nRF52 DK.

A photo of the Nordic Semiconductor nRF52840 Dongle and its packaging. The nRF52840 Dongle is a small USB device that can be used for Bluetooth sniffing when programmed with the appropriate firmware.

Install nrfutil and ble-sniffer

Once nrfutil is installed, install the device and ble-sniffer sub-commands:

Terminal window
nrfutil install device
nrfutil install ble-sniffer

Copy Capture Tool Into Wireshark Directory

Run:

Terminal window
nrfutil ble-sniffer bootstrap

This copies the necessary Wireshark plugin into the directory that Wireshark expects.

This command also prints the following information, which will be useful in the following steps:

Program a device with the appropriate sniffer firmware. We recommend using `nrfutil-device` for this.


Find the device you would like to program with the following command:


        nrfutil device list


Then, you can program this device with the sniffer firmware with the following command:


        nrfutil device program --firmware <fw> --serial-number <serial-number>


Supported devices
-----------------
* nRF52840 Dongle (firmware = C:\Users\<user_home_dir>\.nrfutil\share\nrfutil-ble-sniffer\firmware\sniffer_nrf52840dongle_nrf52840_4.1.1.zip)
* nRF52840 DK (firmware = C:\Users\<user_home_dir>\.nrfutil\share\nrfutil-ble-sniffer\firmware\sniffer_nrf52840dk_nrf52840_4.1.1.hex)
* nRF52833 DK (firmware = C:\Users\<user_home_dir>\.nrfutil\share\nrfutil-ble-sniffer\firmware\sniffer_nrf52833dk_nrf52833_4.1.1.hex)
* nRF52 DK (firmware = C:\Users\<user_home_dir>\.nrfutil\share\nrfutil-ble-sniffer\firmware\sniffer_nrf52dk_nrf52832_4.1.1.hex)

Program Sniffer Firmware

First, we need to find the serial number of the plugged in BLE radio. Use nrfutil device list to list compatible devices:

Terminal window
nrfutil device list

In my instance, I had a nRF52840 dongle plugged in. This showed up in Windows as:

Terminal window
FC4FC1966802
Product         nRF52 Connectivity
Ports           COM10
Traits          nordicDfu, nordicUsb, serialPorts, usb

So I need to use serial number FC4FC1966802. You also need to make sure you use the right firmware as per the information printed above from the nrfutil ble-sniffer bootstrap command. Here is what I ran:

Terminal window
nrfutil device program --firmware C:\Users\<user_home_dir>\.nrfutil\share\nrfutil-ble-sniffer\firmware\sniffer_nrf52840dongle_nrf52840_4.1.1.zip --serial-number FC4FC1966802

Open Wireshark and Scan

Open Wireshark.

A screenshot from Wireshark showing captured BLE packets using the nRF52840 dongle and the nrfutil ble-sniffer Wireshark plugin.

More Options

Open the nRF Sniffer interface toolbar in Wireshark as shown below:

How to open the nRF Sniffer interface toolbar in Wireshark to give you more options like following a specific device.