I just wanted to share this in case someone else runs into this as well. I was running into all of the same things as others where I could run the nrf_sniffer_ble.sh --extcap-interfaces and see things there but nothing would show up in wireshark. Looking at the logs in /tmp/log/log.txt I was seeing the same things as others. No errors in that log and no errors in wireshark with debug enabled.
Sample log from /tmp/log/log.txt
01-Jan-2025 15:47:04 (-0600) INFO: Software version: 4.1.1 01-Jan-2025 15:47:04 (-0600) INFO: Started PID 200395 01-Jan-2025 15:47:04 (-0600) INFO: Namespace(capture=False, extcap_interfaces=True, extcap_interface=None, extcap_dlts=False, extcap_config=False, extcap_capture_filter=None, fifo=None, extcap_control_in=None, extcap_control_out=None, extcap_version=None, device='', baudrate=None, only_advertising=False, only_legacy_advertising=False, scan_follow_rsp=False, scan_follow_aux=False, coded=False) 01-Jan-2025 15:47:04 (-0600) INFO: Opening serial port /dev/ttyS0 01-Jan-2025 15:47:04 (-0600) INFO: Opening serial port /dev/ttyS0 01-Jan-2025 15:47:04 (-0600) INFO: Opening serial port /dev/ttyACM0 01-Jan-2025 15:47:04 (-0600) INFO: Opening serial port /dev/ttyACM0 01-Jan-2025 15:47:04 (-0600) INFO: Exiting PID 200395
So I decided to go a bit lower and turned on strace for the python script and look at what's it's doing. I changed the last line in the .sh to this
exec strace -o /tmp/strace.out $py3 $script_path/nrf_sniffer_ble.py "$@"
Now when launching wireshark or the script looking for interfaces I can see what the script is doing. In there I can see it poking the serial ports, all well and good, no errors. The problem is at the end.
newfstatat(AT_FDCWD, "/var/lock/LCK..ttyACM0", 0x7ffc75407960, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/var/lock/LCK..ttyACM0", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = -1 EACCES (Permission denied) newfstatat(AT_FDCWD, "/var/lock/LCK..ttyACM0", 0x7ffc75407c50, 0) = -1 ENOENT (No such file or directory)
Yep, permission denied trying to create a lock file at /var/lock/LCK..ttyACM0. Double checking the permissions on my system and /var/lock is root:root and permissions are 755, no way my user is going to be able to create a lock file in there. Looking at Filelock.py I don't see any error handling if it can't create a lockfile or a fallback to a different directory. This would explain why it just goes boom and exits. I am not sure what the best option is here, either use a local lock file or trap the error. For now I just did a sudo o+w /var/lock for now and the logs look MUCH different for the plugin.
01-Jan-2025 15:48:38 (-0600) INFO: Software version: 4.1.1 01-Jan-2025 15:48:38 (-0600) INFO: Started PID 202315 01-Jan-2025 15:48:38 (-0600) INFO: Namespace(capture=False, extcap_interfaces=True, extcap_interface=None, extcap_dlts=False, extcap_config=False, extcap_capture_filter=None, fifo=None, extcap_control_in=None, extcap_control_out=None, extcap_version=None, device='', baudrate=None, only_advertising=False, only_legacy_advertising=False, scan_follow_rsp=False, scan_follow_aux=False, coded=False) 01-Jan-2025 15:48:38 (-0600) INFO: Opening serial port /dev/ttyS0 01-Jan-2025 15:48:38 (-0600) INFO: closing UART 01-Jan-2025 15:48:38 (-0600) INFO: Opening serial port /dev/ttyS0 01-Jan-2025 15:48:38 (-0600) INFO: closing UART 01-Jan-2025 15:48:38 (-0600) INFO: Opening serial port /dev/ttyACM0 01-Jan-2025 15:48:38 (-0600) INFO: closing UART 01-Jan-2025 15:48:38 (-0600) INFO: Exiting PID 202315
The biggest difference being "closing UART". After that, all is well in wireshark. I can see the device and start sniffing the airwaves!
