Wireshark BLE Sniffer missing packet, non-sequential event counter observed

Hi Hung,

The behaviour is quite strange.

I programmed the dongle with the hex you provided. 

For the first capture initially, I see sequentially incrementing event counter, which is correct. But later when I did more subsequent captures after saving the first file, the packets are skipped again judging by the event counter. I have attached both the first capture file and the subsequent capture file for your reference. 

I am unsure why the new hex file behaves this way. I cannot reproduce capturing the first file which has correct sequential event counter anymore. I kept seeing skipped event counter for all captures except the first one I did after flashing the hex file. 

Hung Bui sniffer firmware Wireshark log.zip

Hi Jasper, 

Which DUT you are sniffing  ? Could you try to test with one of our DK (to advertise and get connected) . Which central device do you use ? Could you try to test with another phone if possible ? It could be that the phone has too strict timing causing the problem. 

 I don't have the same issue, the dongle worked for me most of the time (it's the opposite of what you experience, I only got the same even counter skipping once and then it didnt happen again , with the .zip file, quite strange). 

Regarding professional sniffer, most often used AFAIK are Ellisys and Frontline (Teledynelecroy) sniffers. 

I was sniffing the traffic between my phone nRF Connect app (Central) and Onsemi RSL10 (Peripheral). I don't have other Nordic DK on hand. Perhaps I can sniff other BLE devices such as wireless mouse or earphones. 

May I know what's the difference between the hex file you sent me and the official .zip file? Is there a changelog?

Also, is the Wireshark event counter incremented by the NRF BLE Sniffer or the Wireshark software? How is it kept track?

Hi Jasper,
I don't have the detail on how the event counter implemented, but from what I can see I think it's just a counter used in the sniffer firmware and count based on the scheduling of the connection event. 
I don't think it's very important as what we are seeing here is the actual packet missing, not just event counter is skipped. So there is no issue with the event counter, it's simply we don't know why the sniffer couldn't capture all the packet and skip on packet in between. 

Hello Team,

I am experiencing the same issue with the nRF BLE Sniffer running on an nRF52840 Dongle.

A few days ago, I updated the sniffer firmware using nrfutil and updated the Wireshark plugins using the nrfutil ble-sniffer bootstrap command.

The issue:
The sniffer misses every other connection event. After a fresh firmware flash (using the .hex file provided in this topic via nRF Connect for Desktop), the first connection sniffing session works perfectly. However, for the second and all subsequent sessions, it starts skipping every other connection event again.

Steps I’ve taken:

1. Restarted Wireshark and replugged the dongle — no improvement.

2. Re-flashed the firmware (.hex) via nRF Connect for Desktop — the first trace is fine, but subsequent ones fail.

3. Tested the dongle on a MacBook with an older version of Wireshark/plugin — the result is the same (works once after dongle firmware update, then misses events).

It seems like the sniffer works correctly only once after flashing. After first connection trace something likely changes in the internal flash, causing it to skip events.

Could you please give previous nrf dongle firmware?

Best regards,
Andrei.