Sniffer on OSX - revisited

It looks like the last discussion of Sniffer on Devzone was 2-3 yrs ago.

I’ve ordered the nRF Dongle and will download the Windows-based nRF Sniffer app.

i can run this with WireShark on a Windows VM on my Mac, though I would like a Mac OSX option.

- Any news on that front?

- Any way the Bluetooth hardware built into the MacBook could serve a Mac Sniffer app?

thanks!

Parents Reply Children
  • Well that's nice and fresh!

    I'll start from there and report back. 

    Thanks!

  • OK, not working ...yet

    on Mac OSX 10.13.3, using the DK52 (PCA10040)

    I've followed the nRF_Sniffer_User_Guide_v2.1.pdf:

    1. Downloaded and installed WireShark Ver 2.5.0
                [edit Mar 21st: in my original post, I said pyserial V2.5.0.
                 I have since downgraded to 2.4.5 with no improvement]
    2. Downloaded and installed Python such that "Python --version"  reports "Python 2.7.14"
    3. Installed pyserial 3.4 from https://github.com/pyserial/pyserial 
                 [edit Mar 20th: in my original post, I said pyserial V2.7.  It was indeed the required v3.4]
      As instructed there, I simply used "pip install pyserial" in terminal with no apparent errors.
    4. Downloaded the sniffer software Version 2.0.0-b1 to the Mac from Nordic.  I've played with the location a bit to find the files.
      1. I copied the contents of the sniffer's /extcap directory to Applications/WireShark.app/Contents/MacOS/extcap.  This is the directory reported as the Extcap path in WireShark/About Wireshark
    5. Installed the 6.16c Segger JLink (part of the sniffer download)
      1. Mac Finder now shows a /JLink_V616c folder under Applications/Segger
      2. I removed two other newer versions in the Segger directory by dragging their folders from Finder to the trash
    6. I verified the permissions on nrf_sniffer.py 
      1. ls -l nrf_sniffer.py
        returns 
        -rwxr-xr-x@ 1 davidelvig  admin  20294 Dec 31  1979 nrf_sniffer.py

    7. In Terminal, I launched jlinkexe, then followed these steps
      1. Erase (specifying NRF52832_XXAA, S) SWD, Speed>1000
        --> success ("Erasing done.")
      2. loadfile sniffer_pca10040_51296aa.hex
        -->success ("O.K")
      3. r (reset appears successful)

        Reset delay: 0 ms
        Reset type NORMAL: Resets core & peripherals via SYSRESETREQ & VECTRESET bit.
        Setting AIRCR.SYSRESETREQ

      4. g <enter>... J-Link> prompt returns
        on the PCA10040:
        the power LED is on,
        LED1 is off
        LED3 is blinking variably and slowly
        LED 3&4 are on
    8. I turned on an advertising BLE device (FreeDrum... using an nRF chip, I think), and the LED3 switches to fast consistent blinking (and reverts to slow variable blinking when I turn off the FreeDrum)

    Launching Wireshark does not show an nRF device :

    WireShark Screen

    As Troubleshooting steps, I did the following:

    1. I unplugged, replugged, rebooted, etc.
    2. In the extcap folder in Terminal, I ran python nrf_sniffer.py --extcap-interfaces
      returning
      1. Davids-MacBook-Pro-2:extcap davidelvig$ python nrf_sniffer.py --extcap-interfaces
        extcap {version=2.0.0}{display=nRF Sniffer}{help=http://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF-Sniffer#Downloads}
        interface {value=/dev/cu.usbmodem1431}{display=nRF Sniffer}
        control {number=0}{type=selector}{display=Device}{tooltip=Device list}
        control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
        control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
        control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
        control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
        control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
        value {control=0}{value= }{display=All advertising devices}{default=true}
      2. I see an entry for {display=nRF Sniffer}
    3. I checked the nrf_sniffer.py file mode in step 6 above
    4. in jlinkexe I typed:
      "exec invalidatefw" and followed the other steps (to exit jlinkexe, restart it watch it re-update.)
    5. In WireShark\Preferences\Capture, the Default Interface dropdown includes the same list as in the above graphic, with no nRF entry

    The nRF Dongle arrives today, and I may run the process with that to see if it works where the DK did not.

    ... WAIT... it just arrived.

    Flashed the nRF51 Dongle with sniffer_pca10031_51296aa.hex after choosing nRF51422_xxac as the DEVICE.

    No difference:

    • There is still no nFR Sniffer in the WireShark Interface list.
    • The dongle's purple/green LED has the same slow-flash then fast-flash as noted above for the DK when turning on the FreeDrum BLE advertiser.

    Any suggestions?

    I would be open any time Friday (except 10:00 am US central time) for a screen share.

    Martin, I'll send you my cell number in a private message in the event you have the for that

  • I don't think Wireshark can find the interface. Note that it lists the `ciscodump`, `randpktdump`, `sshdump` and `udpdump` external capture interfaces but it's not showing the nRF Sniffer. The Nordic document does not specify the nRF Sniffer location for OS X. Section 2 of the document includes instructions "for Windows" but not for OS X.

    Maybe someone from Nordic can tell us where/how to install the sniffer python files?

  • In the document, under "Finalize the set up", step 3 says, "Click View>Interface Toolbars>nRF Sniffer to enable the Sniffer interface". This option is not available under the View menu on OS X. I'm running Wireshark 2.4.5.

    Can you please update the document to include specific instructions for Mac users?

  • Agreed, @motion.

    I tried the Windows installer route on a VMWare Windows 7 VM, as well.

    All steps worked without error, but in the end, neither the Dongle nor the nRK52 DK show up in the Windows WireShark Capture list.

    On Win 7: WireShark Version 2.4.5 (v2.4.5-0-g153e867ef1) (I tried V2.5.x as well)
    JLink 6.16c

    None of the WireShark versions I've seen have a View\Interface Toolbars option

    WireShark VIew Menu

    I'm excited about the possibilities...

    I need the magic incantation...

Related