Zigbee/BLE packet capture with NXP KW41Z
Quick blog to document the procedure I used to install the software required to packet capture Zigbee and BLE traffic using the NXP KW41Z.
You can find hardware details about the NXP KW41Z on the NXP website. There are a few different hardware models, so be sure to purchase the KW41Z which support both Zigbee and BLE. KW41Z may be purchased on amazon or via other outlets.
For comparison, the table below is provided:
| Hardware Model | Description |
|---|---|
| KW21Z | Kinetis® KW21Z-2.4 GHz 802.15.4 Wireless Radio Microcontroller (MCU) based on Arm® Cortex®-M0+ Core |
| KW21Z | Kinetis® KW41Z-2.4 GHz Dual Mode: Bluetooth® Low Energy and 802.15.4 Wireless Radio Microcontroller (MCU) based on Arm® Cortex®-M0+ Core |
| KW21Z | Kinetis® KW31Z-2.4 GHz Bluetooth Low Energy Wireless Radio Microcontroller (MCU) based on Arm® Cortex®-M0+ Core |
Block Diagram of Kinetis® KW41Z-2.4 GHz Dual Mode
Installing the software.
- Windows 10 (In parallels (v15.1.4) on macOS Catalina 10.15.4)
- Kinetis® Protocol Analyzer Adapter (v1.2.8.0) Development Software (Windows only)
- Wireshark for Windows x64 v3.2.5
The Windows setup should be straight forward. Kinetis® and Wireshark will install any additional requirements needed during their installation.
Kinetis® Protocol Analyzer Adapter development software can be found on the NXP website. You will need to register an account with NXP prior to downloading the software and agree to their terms and conditions. Once downloaded install and follow the wizard to install default settings. WinPCAP will be installed during this process.
After downloading Wireshark, follow the installation wizard using default settings being sure to check the box to install support for USB adapters is it is not already installed on your system.
Once these two applications have been installed, insert the USB NXP KW41Z and direct it to you Windows 10 host. The USB adapter should be automatically recognized; however, you may need to grant security permissions in macOS to allow Windows 10 to interact with the hardware.
You should see a windows popup in Windows to indicate the USB adapter has been detected and the firmware is loaded correctly:
Launch the Kinetis® Protocol Adapter in Windows:
When running, you should see an interface screen like what is shown below:
The top row allows you to specify 802.15 channels 15 through 26. You can select one channel at a time and must click on the channel number to deactivate that channel prior to selecting another channel number. For example, to scan 802.15 (Zigbee) channel 15, click on channel 15 as shown below:
The second row allows you to select one or any combination of the BLE advertising channels – 37, 38, or 39. As you click on the channel number you may have to wait a brief moment and the USB adapter is updated to reflect the selection. The bottom line identifies the status of the KW41Z and which channel is being sniffed. For example, to scan all BLE advertising channels, click on channels 37, 38, and 39 as shown below, you may have to wait a brief moment in between each channel to see the status updated on the bottom line:
Notice the interface defined in the ‘Virtual PCAP IF’ field. This will be needed to select the correct interface in Wireshark. Also, note that no channels will be sniffed in the example below.
Launch Wireshark and select the interface identified above. In my case, it was ‘Ethernet 2’. Interface selection can be done from the initial screen in Wireshark or by clicking Capture > Options and selecting ‘Ethernet 2’ or the Virtual PCAP IF identified in the Protocol Analyzer Adapter.
Then click the capture start button and watch frames appear in you trace.
Happy sniffing!
Slàinte