scapy.contrib.nrf_sniffer module

nRF sniffer

Firmware and documentation related to this module is available at: https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer https://github.com/adafruit/Adafruit_BLESniffer_Python https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-nordic_ble.c

class scapy.contrib.nrf_sniffer.NRF2_Packet_Event(_pkt, /, *, header_len=10, reserved=0, phy=None, mic=None, encrypted=None, direction=None, crc_ok=1, rf_channel=0, rssi=-256, event_counter=0, delta_time=0)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   HEADER LEN  |R| PHY |M|E|D|C|   RF CHANNEL  |      RSSI     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         EVENT COUNTER         |           DELTA TIME          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Fig. NRF2_Packet_Event                      
NRF2_Packet_Event fields

header_len

ByteField

10

reserved

BitField (1 bit)

0

phy

BitEnumField

None

mic

BitField (1 bit)

None

encrypted

BitField (1 bit)

None

direction

BitField (1 bit)

None

crc_ok

BitField (1 bit)

1

rf_channel

ByteField

0

rssi

ScalingField

-256

event_counter

LEShortField

0

delta_time

LEIntField

0

payload_guess

Possible sublayers: BTLE

class scapy.contrib.nrf_sniffer.NRF2_Ping_Request(_pkt, /)[source]

Bases: Packet

aliastypes
class scapy.contrib.nrf_sniffer.NRF2_Ping_Response(_pkt, /, *, version=None)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            VERSION            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Fig. NRF2_Ping_Response                      
NRF2_Ping_Response fields

version

LEShortField

None

class scapy.contrib.nrf_sniffer.NRFS2_PCAP(_pkt, /, *, board_id=0)[source]

Bases: Packet

PCAP headers for DLT_NORDIC_BLE.

Nordic’s capture scripts either stick the COM port number (yep!) or a random number at the start of every packet.

https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-nordic_ble.c

The only “rule” is that we can’t start packets with BE EF, otherwise it becomes a “0.9.7” packet. So we just set “0” here.

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    BOARD ID   |
+-+-+-+-+-+-+-+-+

                         Fig. NRFS2_PCAP                          
NRFS2_PCAP fields

board_id

ByteField

0

payload_guess

Possible sublayers: NRFS2_Packet

class scapy.contrib.nrf_sniffer.NRFS2_Packet(_pkt, /, *, len=None, version=2, counter=None, type=None)[source]

Bases: Packet

nRF Sniffer v2 Packet

aliastypes
answer(other)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              LEN              |    VERSION    |    COUNTER    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |      TYPE     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Fig. NRFS2_Packet                         
NRFS2_Packet fields

len

LenField

None

version

ByteField

2

counter

LEShortField

None

type

ByteEnumField

None

payload_guess

Possible sublayers: NRF2_Packet_Event, NRF2_Ping_Request, NRF2_Ping_Response

post_build(p, pay)[source]