Hi,
I recently bought a nRF51 Dongle (PCA10031) and a nRF52840-DK (PCA10056) and I am now trying to use it for BLE sniffing with Wireshark. I am running OS X 10.14.4.
I use python 2.7.16 and i manage to flash firmware and run the ./nrf_sniffer.py --extcap-interfaces command interface on both cards. With the nRF51 Dongle i get the following output:
extcap {version=2.0.0}{display=nRF Sniffer}{help=www.nordicsemi.com/.../nRF-Sniffer
interface {value=/dev/cu.usbmodem0006802433771}{display=nRF Sniffer}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
I have copied nrf_sniffer.py with the SnifferAPI directory to the Wireshark extcap directory and verified that the nrf_sniffer.py script runs. However, the nrf sniffer does not show in the interface list of Wireshark. I have tried Wireshark versions 2.4.2, 2.4.14, 2.6.8 and 3.0.1. All with the same results.
I also tried your example code example_linux.py and it runs and give the following result (after correcting line 81 which is missing a colon and correcting the hardcoded device path):
args: ()
kwargs: {'callbacks': [('*', <bound method Sniffer.passOnNotification of <Sniffer(Thread-2, initial)>>)]}
board ID (random): 231
starting scan
Sent key value to sniffer: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
gap in packets, between 328 and 339 packet before: [56, 0, 2, 72, 1, 6, 10, 1, 39, 58, 0, 0, 170, 2, 0, 0, 214, 190, 137, 142, 0, 37, 58, 220, 52, 248, 230, 160, 2, 1, 6, 3, 3, 170, 254, 23, 22, 170, 254, 0, 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 170, 187, 204, 221, 238, 2, 0, 0, 209, 152, 98] packet after: [36, 0, 2, 83, 1, 6, 10, 0, 38, 96, 0, 0, 167, 5, 0, 0, 214, 190, 137, 142, 65, 17, 62, 165, 94, 110, 18, 120, 2, 1, 6, 7, 255, 76, 0, 16, 2, 1, 8, 184, 78, 36]
gap in packets, between 339 and 2640 packet before: [36, 0, 2, 83, 1, 6, 10, 0, 38, 96, 0, 0, 167, 5, 0, 0, 214, 190, 137, 142, 65, 17, 62, 165, 94, 110, 18, 120, 2, 1, 6, 7, 255, 76, 0, 16, 2, 1, 8, 184, 78, 36] packet after: [55, 0, 2, 80, 10, 6, 10, 1, 38, 76, 0, 0, 241, 18, 0, 0, 214, 190, 137, 142, 0, 36, 41, 218, 52, 248, 230, 160, 2, 1, 6, 26, 255, 76, 0, 2, 21, 170, 170, 246, 138, 208, 209, 70, 123, 162, 62, 157, 17, 250, 116, 110, 67, 0, 10, 0, 3, 197, 178, 77, 193]
gap in packets, between 2812 and 2835 packet before: [55, 0, 2, 252, 10, 6, 10, 1, 39, 75, 0, 0, 170, 2, 0, 0, 214, 190, 137, 142, 0, 36, 240, 216, 52, 248, 230, 160, 2, 1, 6, 26, 255, 76, 0, 2, 21, 170, 170, 246, 138, 208, 209, 70, 123, 162, 62, 157, 17, 250, 116, 110, 67, 0, 10, 0, 4, 197, 131, 160, 74] packet after: [25, 0, 2, 19, 11, 6, 10, 0, 38, 61, 0, 0, 175, 6, 0, 0, 214, 190, 137, 142, 195, 6, 82, 3, 87, 74, 253, 88, 173, 25, 14]
gap in packets, between 2835 and 63626 packet before: [25, 0, 2, 19, 11, 6, 10, 0, 38, 61, 0, 0, 175, 6, 0, 0, 214, 190, 137, 142, 195, 6, 82, 3, 87, 74, 253, 88, 173, 25, 14] packet after: [39, 0, 2, 138, 248, 6, 10, 1, 39, 53, 0, 0, 225, 2, 0, 0, 214, 190, 137, 142, 64, 20, 224, 145, 207, 247, 13, 67, 2, 1, 26, 10, 255, 76, 0, 16, 5, 3, 24, 212, 142, 21, 226, 76, 254]
gap in packets, between 63626 and 63628 packet before: [39, 0, 2, 138, 248, 6, 10, 1, 39, 53, 0, 0, 225, 2, 0, 0, 214, 190, 137, 142, 64, 20, 224, 145, 207, 247, 13, 67, 2, 1, 26, 10, 255, 76, 0, 16, 5, 3, 24, 212, 142, 21, 226, 76, 254] packet after: [51, 0, 2, 140, 248, 6, 10, 0, 38, 98, 0, 0, 11, 22, 0, 0, 214, 190, 137, 142, 0, 32, 173, 234, 225, 72, 180, 176, 2, 1, 22, 19, 8, 72, 126, 19, 22, 73, 254, 0, 2, 49, 1, 107, 66, 38, 3, 150, 21, 6, 7, 1, 0, 0, 224, 237, 211]
gap in packets, between 65535 and 0 packet before: [51, 0, 2, 255, 255, 6, 10, 1, 37, 81, 0, 0, 170, 2, 0, 0, 214, 190, 137, 142, 0, 32, 219, 233, 225, 72, 180, 176, 2, 1, 6, 3, 2, 73, 254, 18, 22, 73, 254, 0, 2, 49, 1, 107, 66, 33, 3, 146, 21, 6, 7, 1, 0, 0, 9, 134, 0] packet after: [55, 0, 2, 0, 0, 6, 10, 1, 38, 56, 0, 0, 61, 10, 0, 0, 214, 190, 137, 142, 0, 36, 33, 218, 52, 248, 230, 160, 2, 1, 6, 26, 255, 76, 0, 2, 21, 170, 170, 246, 138, 208, 209, 70, 123, 162, 62, 157, 17, 250, 116, 110, 67, 0, 10, 0, 2, 197, 129, 52, 166]
Any ideas what might be wrong?
