Device popup menu in Wireshark not working

Hi.

I have to look a bit more at this, can you provide me with some log files?

Best regards,

Andreas

If you meant a capture log, here's a screen shot showing advertising data. You can see the selected device "Sm" is my device, but the advertising packets are still all devices. I have one of my device packets selected, so you can see its data in the details pane. I never see any connect packets, which I guess is because the device selection just isn't working.

If you meant a capture log, here's a screen shot showing advertising data. You can see the selected device "Sm" is my device, but the advertising packets are still all devices. I have one of my device packets selected, so you can see its data in the details pane. I never see any connect packets, which I guess is because the device selection just isn't working.

Hi.

Yes I was thinking about the capture log, would be nice if you could provide the whole log.

You say you don't see any connection packets. How are you connecting the device? What is your device running? Are you connecting it to the phone?

"but when I select a specific device from the Device popup menu, it does not affect the output."

What is this device popup menu?

Best regards,

Andreas

Sorry, the documentation calls it the "Device drop-down list". As per section 5.2 of the version 2.2 User Guide, I select my device from the list, expecting that the capture window will only show the advertising packets from my selected device. Instead, it continues to display advertising packets from all devices, which includes my own.

I'll also note that I can see an Eve BLE outlet I have in my house. When I select it from the list Wireshark does not focus on it either.

If ignore that the Device list is not affecting the advertising packet display and connect to my development PCA10040 with my iPad as per section 5.3, the advertising packets disappear because it is no longer advertising, but all of the other advertising packets from other devices are still displayed.

Here's my testing procedure:

1. Connect and power on PCA10040 sniffer board.
2. Eject mass storage from MacOS Desktop. (Note that this doesn't seem to matter.)
3. Turn on second PCA10040 with custom app under development configured with fast advertising (not connected to any computer).
4. Launch Wireshark.
5. Device menu is set to “All advertising devices”
6. Double-click the nrf Sniffer interface from the Capture list.
7. Advertising packets appear for all device in the area.
8. Export capture to AllAdvertisingDevices.pcapng

1. Quit and relaunch Wireshark.
2. Device menu is set to “All advertising devices”
3. Double-click the nrf Sniffer interface from the Capture list.
4. Advertising packets appear for all device in the area.
5. Selected my device “Sm f7:73:bf:4a:a6:c3” from Device popup menu.
6. No change to the packet display. Still displaying advertising for all devices.
7. Stop capture.
8. Restart capture with device already selected. Still no change

I have attached the capture file.

Again, my peripheral device is my custom app running on a PCA10040. If you look at the advertising packet, which is not expanded in my OP, but you will see in the capture file, it includes a standard battery service, a standard device information service and my custom service with its 128-bit UUID. There is no security. I connect to it with my custom iPad app or with the nRF Connect app. The device works fine. In fact, I was trying to use the sniffer because I was having a long read/write problem, but I have actually solved that problem already. My original need for the tool is gone, but I would like to get this working. A working sniffer is a good tool to have.

Note that the OP included Wireshark log data. I'm not a Python programmer, but I did spelunk the Python scripts and I can see where those log records are generated. That makes me think the Python code is being accessed properly. And, of course, the Profile appears in Wireshark and that is also the Python scripts at work.

I just don't have any idea where to go from here.

AllAdvertisingDevices.pcapng.zip

Hi again.

This is quite strange, it works fine for me:

After I have selected a device:

Could you try to start from scratch? I will have to ask a developer about this issue, please be patient.

Best regards,

Andreas

One big difference, of course, is that you are using the Windows version and I am using the MacOS version.

Another thing I noticed is that you show a dialog I had not seen before. It's titled Interface Options. In searching for that dialog, I see there is actually a small icon next to the nRF Sniffer interface list. I do get that same dialog when I click on it. It has the same choices as in your screen shot. Oddly, I have a number of issues with it that prevent me from doing anything useful with it. For example, I tried clicking on the Restore Defaults and later the Only advertising packets checkbox, just to see if I could jog it into doing something different. Instead, I get weird behavior.

If I click the Start button, it starts the capture just as if I had double-clicked the interface. Neither of the options seems to affect what happens. However, the default Device is All advertising devices. When I try to select my device from this list, which you cannot do until you start capturing advertising packets, I can't interact with any of the controls in the Wireshark interface. If I simply start typing on the keyboard, the text shows up in the filter field, but clicking on anything else anywhere in the Wireshark window produces a "ding" sound, indicating the mouse click is being ignored. It's as if I'm stuck in a modal dialog and the filter field has the UI focus. I can't even access the Quit menu item, so the only thing I can do is quit the app from the OS. Once I do that, I get a save dialog. If I click the Cancel button then I regain control of the UI.

To me, it seems like the Python scripts just aren't doing a good job of talking to the MacOS or to Wireshark in presenting the UI for the tool. The capture itself seems to work fine. I get lots of packets. I just can't seem to get the UI options to affect the output. It really looks like a MacOS related issue.

As far as starting from scratch goes, I have completely uninstalled and re-installed Wireshark and the nRF Sniffer add ons, so no, I'm not just going to keep doing that in an endless loops expecting different results. I'd prefer to do some actual debugging of this problem. For example, there's lots of little references to Nordic scattered throughout the Wireshark application that I assume is there because of the nRF Sniffer installation. Maybe it's worth reviewing.

In Wireshark:Preferences:Protocols:
  NORDIC_BLE
    NORDIC_BLE_UDP port: 0

In Wireshark:Preferences:Advanced:
  NORDIC_BLE: greyed out
  nordic_ble.udp.port: Default, 0

In the Capture Interface dialog there is an entry for the nRF Sniffer, but the only column populated is the Nordic BLE Sniffer name in the Link-layer Header column.

In the Enabled Protocols dialog, I see NORDIC_BLE listed and enabled.

Maybe there are other setting I should see, but you don't know what you don't know.

Thanks.

Hi.

I think that the python script could be the issue, I'm still waiting on response from the developer.

Do you have any chance to run a virtual machine with Windows and try?

Best regards,

Andreas