Recommended
Related

Sniffer application for OS X

RK

I've put up on Sourceforge, a Mac OSX application which interfaces with the Nordic BTLE sniffer software and has some of the functionality of the Windows application Nordic ships with that software package. Features include

  • Seeing basic information about plugged-in sniffers
  • Listing advertisers and seeing the name, RSSI and simple details about them
  • Following a specific device
  • Showing the packets in Wireshark, decoded
  • Saving the PCAP (Wireshark format) data for later

The full project is here, and the installation instructions are on the wiki. This is a summary of the things you need in order to get it running.

  1. Nordic Sniffer software, at least version 1.0.1. I recommend that if you have access to a Windows box or one of the virtual machines for OSX that you get the sniffer set up that way first and test it.
  2. A way to get the sniffer software into the device. You can use the nrf studio, nrfjprog or my version for OSX, RKNRFGO (also on Sourceforge)
  3. Wireshark. Wireshark is the protocol analyser which the application sends packets to for decoding. You need version 1.10.x or 1.12.x of Wireshark, 1.12.x is what I recommend. Wireshark itself needs X Windows/X11 to be set up on the Mac, OSX no-longer ships with that pre-installed, but it does point you to the correct place to install it. Setting up Wireshark before you do anything else, ensuring your X11 works, that Wireshark starts and the command line tools are installed is also what I recommend. The ble-sniffer app queries the Wireshark install in order to launch it and send it data, so having it working first, helps.
  4. The application. Download from Sourceforge and double-click to install. Get 1, 2 and 3 working first, you'll save yourself a headache.

Run the app, check the About box (which will tell you if Wireshark has been correctly found) and plug in a sniffer to any of your Mac's USB ports. It should show up in a tab on the main window. There are buttons at the bottom, there are menu items at the top.

The app is built to load all the way back to OSX 10.8 but has only been tested recently on 10.9 Mavericks and 10.10 Yosemite. I would not be surprised if I've used at least one 10.9-or-later feature in there.

Please use Sourceforge tickets if you have problems, or private message me here. If you get repeatable crashes I'd like the crash logs, I can help you find them and send them to me.

I hope you find this useful. I like having a native OSX tool instead of always having to boot up Parallels, which I don't even have room for on every one of my Macs.

Thanks very much to Nordic who made the API available, documented it and gave me some feedback on the versions of the app as it developed.

image description

image description

  • Hi Roland,

    Sniffing the frames of the application nRF51-multi-role-conn-observer-advertiser-master: the advertising app 2 Advertisers nRF51822 (ADV_IND) and Timesolt adv (ADV_SCAN_IND) on the same device If I choose to sniff the device Timeslot adv it works find and I got frames forwarded to wireshark If I choose to sniff the device nRF51822, the sniffer doesn't send any frame to wireshark. if don't choose to sniff a particular advertiser I got the frames from nRF51822 and Timeslot adv.

    To verify if the problem is coming from my dongle PCA 10000, I plug it on a windows machine and with the same sniffer firmware, I use the ble-sniffer_win_1.01_1111. I can select the advertiser nRF51822 and got the frames in wireshark.

    So it seems that for a strange reason ble-sniffer-osx is not forwarding the frames in this particular case.

    Claude

  • Works well for me on Yosemite. However I have preferred 1.10.x for Wireshark as the 1.12.x Wireshark dissector for BTLE seems to have some funny naming on the SN/NESN bits and also for the length field of the packet.

  • Cool - hope it works well for you. As stated in the install notes (somewhere) you can also use my RKNRFGO package (also on Sourceforge) to load the code onto the PCA10000, or any of the other supported Nordic boards, if you prefer to use something graphical.

  • Hi,

    Thanks for sharing. Did the installation without any problem. Use the JLinkExe command from Segger software to load the firmware on a PCA10000. Cheers, Claude

core_v2_widget.Hide()