Device popup menu in Wireshark not working

Hi.

I have to look a bit more at this, can you provide me with some log files?

Best regards,

Andreas

If you meant a capture log, here's a screen shot showing advertising data. You can see the selected device "Sm" is my device, but the advertising packets are still all devices. I have one of my device packets selected, so you can see its data in the details pane. I never see any connect packets, which I guess is because the device selection just isn't working.

Hi.

Yes I was thinking about the capture log, would be nice if you could provide the whole log.

You say you don't see any connection packets. How are you connecting the device? What is your device running? Are you connecting it to the phone?

"but when I select a specific device from the Device popup menu, it does not affect the output."

What is this device popup menu?

Best regards,

Andreas

Sorry, the documentation calls it the "Device drop-down list". As per section 5.2 of the version 2.2 User Guide, I select my device from the list, expecting that the capture window will only show the advertising packets from my selected device. Instead, it continues to display advertising packets from all devices, which includes my own.

I'll also note that I can see an Eve BLE outlet I have in my house. When I select it from the list Wireshark does not focus on it either.

If ignore that the Device list is not affecting the advertising packet display and connect to my development PCA10040 with my iPad as per section 5.3, the advertising packets disappear because it is no longer advertising, but all of the other advertising packets from other devices are still displayed.

Here's my testing procedure:

1. Connect and power on PCA10040 sniffer board.
2. Eject mass storage from MacOS Desktop. (Note that this doesn't seem to matter.)
3. Turn on second PCA10040 with custom app under development configured with fast advertising (not connected to any computer).
4. Launch Wireshark.
5. Device menu is set to “All advertising devices”
6. Double-click the nrf Sniffer interface from the Capture list.
7. Advertising packets appear for all device in the area.
8. Export capture to AllAdvertisingDevices.pcapng

1. Quit and relaunch Wireshark.
2. Device menu is set to “All advertising devices”
3. Double-click the nrf Sniffer interface from the Capture list.
4. Advertising packets appear for all device in the area.
5. Selected my device “Sm f7:73:bf:4a:a6:c3” from Device popup menu.
6. No change to the packet display. Still displaying advertising for all devices.
7. Stop capture.
8. Restart capture with device already selected. Still no change

I have attached the capture file.

Again, my peripheral device is my custom app running on a PCA10040. If you look at the advertising packet, which is not expanded in my OP, but you will see in the capture file, it includes a standard battery service, a standard device information service and my custom service with its 128-bit UUID. There is no security. I connect to it with my custom iPad app or with the nRF Connect app. The device works fine. In fact, I was trying to use the sniffer because I was having a long read/write problem, but I have actually solved that problem already. My original need for the tool is gone, but I would like to get this working. A working sniffer is a good tool to have.

Note that the OP included Wireshark log data. I'm not a Python programmer, but I did spelunk the Python scripts and I can see where those log records are generated. That makes me think the Python code is being accessed properly. And, of course, the Profile appears in Wireshark and that is also the Python scripts at work.

I just don't have any idea where to go from here.

AllAdvertisingDevices.pcapng.zip

Hi again.

This is quite strange, it works fine for me:

After I have selected a device:

Could you try to start from scratch? I will have to ask a developer about this issue, please be patient.

Best regards,

Andreas

One big difference, of course, is that you are using the Windows version and I am using the MacOS version.

Another thing I noticed is that you show a dialog I had not seen before. It's titled Interface Options. In searching for that dialog, I see there is actually a small icon next to the nRF Sniffer interface list. I do get that same dialog when I click on it. It has the same choices as in your screen shot. Oddly, I have a number of issues with it that prevent me from doing anything useful with it. For example, I tried clicking on the Restore Defaults and later the Only advertising packets checkbox, just to see if I could jog it into doing something different. Instead, I get weird behavior.

If I click the Start button, it starts the capture just as if I had double-clicked the interface. Neither of the options seems to affect what happens. However, the default Device is All advertising devices. When I try to select my device from this list, which you cannot do until you start capturing advertising packets, I can't interact with any of the controls in the Wireshark interface. If I simply start typing on the keyboard, the text shows up in the filter field, but clicking on anything else anywhere in the Wireshark window produces a "ding" sound, indicating the mouse click is being ignored. It's as if I'm stuck in a modal dialog and the filter field has the UI focus. I can't even access the Quit menu item, so the only thing I can do is quit the app from the OS. Once I do that, I get a save dialog. If I click the Cancel button then I regain control of the UI.

To me, it seems like the Python scripts just aren't doing a good job of talking to the MacOS or to Wireshark in presenting the UI for the tool. The capture itself seems to work fine. I get lots of packets. I just can't seem to get the UI options to affect the output. It really looks like a MacOS related issue.

As far as starting from scratch goes, I have completely uninstalled and re-installed Wireshark and the nRF Sniffer add ons, so no, I'm not just going to keep doing that in an endless loops expecting different results. I'd prefer to do some actual debugging of this problem. For example, there's lots of little references to Nordic scattered throughout the Wireshark application that I assume is there because of the nRF Sniffer installation. Maybe it's worth reviewing.

In Wireshark:Preferences:Protocols:
  NORDIC_BLE
    NORDIC_BLE_UDP port: 0

In Wireshark:Preferences:Advanced:
  NORDIC_BLE: greyed out
  nordic_ble.udp.port: Default, 0

In the Capture Interface dialog there is an entry for the nRF Sniffer, but the only column populated is the Nordic BLE Sniffer name in the Link-layer Header column.

In the Enabled Protocols dialog, I see NORDIC_BLE listed and enabled.

Maybe there are other setting I should see, but you don't know what you don't know.

Thanks.

Hi.

I think that the python script could be the issue, I'm still waiting on response from the developer.

Do you have any chance to run a virtual machine with Windows and try?

Best regards,

Andreas

Hi.

I think that the python script could be the issue, I'm still waiting on response from the developer.

Do you have any chance to run a virtual machine with Windows and try?

Best regards,

Andreas

Sorry this has taken so long, but I do have a Windows 7 VM on my iMac. I just spent the morning doing the installation and the behavior is exactly the same. I get advertising packets for all of the device in the area, but selecting a specific device from the Device list has no effect. It continues to display advertising packets from all of the devices and it does not follow a connection.

If there is anything I can do to help debug this, please let me know.

Hi.

Which J-Link version do you have?

What version is your DK?

Are you able to do a J-Link reset?

It should also be noted that there are issues with odd numbers of Wireshark, that is x.y.<odd number> .

Best regards,

Andreas

Which J-Link version do you have?

Are you able to do a J-Link reset?

[iMaci9:/Applications/SEGGER/JLink_V634b] john% JLinkExe 

SEGGER J-Link Commander V6.34b (Compiled Aug 13 2018 16:38:25)

DLL version V6.34b, compiled Aug 13 2018 16:38:14

Connecting to J-Link via USB...FAILED: Cannot connect to J-Link via USB.

J-Link>connect

J-Link connection not established yet but required for command.

Connecting to J-Link via USB...O.K.

Firmware: J-Link OB-SAM3U128-V2-NordicSemi compiled Jul 12 2018 11:44:41

Hardware version: V1.00

S/N: 682485235

VTref=3.300V

Please specify device / core. <Default>: NRF52

Type '?' for selection dialog

Device>nRF52832_XXAA

Please specify target interface:

  J) JTAG (Default)

  S) SWD

  T) cJTAG

TIF>s

Specify target interface speed [kHz]. <Default>: 4000 kHz

Speed>1000

Device "NRF52832_XXAA" selected.

Connecting to target via SWD

Found SW-DP with ID 0x2BA01477

Found SW-DP with ID 0x2BA01477

Scanning AP map to find all available APs

AP[2]: Stopped AP scan as end of AP map has been reached

AP[0]: AHB-AP (IDR: 0x24770011)

AP[1]: JTAG-AP (IDR: 0x02880000)

Iterating through AP map to find AHB-AP to use

AP[0]: Core found

AP[0]: AHB-AP ROM base: 0xE00FF000

CPUID register: 0x410FC241. Implementer code: 0x41 (ARM)

Found Cortex-M4 r0p1, Little endian.

FPUnit: 6 code (BP) slots and 2 literal slots

CoreSight components:

ROMTbl[0] @ E00FF000

ROMTbl[0][0]: E000E000, CID: B105E00D, PID: 000BB00C SCS-M7

ROMTbl[0][1]: E0001000, CID: B105E00D, PID: 003BB002 DWT

ROMTbl[0][2]: E0002000, CID: B105E00D, PID: 002BB003 FPB

ROMTbl[0][3]: E0000000, CID: B105E00D, PID: 003BB001 ITM

ROMTbl[0][4]: E0040000, CID: B105900D, PID: 000BB9A1 TPIU

ROMTbl[0][5]: E0041000, CID: B105900D, PID: 000BB925 ETM

Cortex-M4 identified.

J-Link>loadfile /Applications/Wireshark.app/Contents/MacOS/extcap/nrfsniffer200beta312oct20181c2a221/hex/sniffer_pca10040_1c2a221.hex 

Downloading file [/Applications/Wireshark.app/Contents/MacOS/extcap/nrfsniffer200beta312oct20181c2a221/hex/sniffer_pca10040_1c2a221.hex]...

Comparing flash   [100%] Done.

Verifying flash   [100%] Done.

J-Link: Flash download: Bank 0 @ 0x00000000: Skipped. Contents already match

O.K.

J-Link>r

Reset delay: 0 ms

Reset type NORMAL: Resets core & peripherals via SYSRESETREQ & VECTRESET bit.

Reset: Halt core after reset via DEMCR.VC_CORERESET.

Reset: Reset device via AIRCR.SYSRESETREQ.

What version is your DK?

I'm confused. Do you mean my application? Does that matter? Does the sniffer only work with devices running Nordic chips or softdevices? This is the softdevice hex file I have installed on my board:

s132_nrf52_3.0.0_softdevice.hex

It should also be noted that there are issues with odd numbers of Wireshark, that is x.y.<odd number> .

Maybe you could elaborate?

From my OP, on my Mac:

Note that I first installed Wireshark 3.0.2 and then downgraded to 2.6.9, which did not affect my issue.

The Windows version I just installed this week is 3.0.2.

Hi again.

jsheaney said:

What version is your DK?

I'm confused. Do you mean my application? Does that matter? Does the sniffer only work with devices running Nordic chips or softdevices? This is the softdevice hex file I have installed on my board:

s132_nrf52_3.0.0_softdevice.hex

 I was thinking about the version number printed on the development kit (DK), looks like you have v1.0.0 from the logs above (Hardware version: V1.00).

jsheaney said:

It should also be noted that there are issues with odd numbers of Wireshark, that is x.y.<odd number> .

Maybe you could elaborate?

I was told by our developer that version of Wireshark that are odd number releases tend to have some stability issues.

Can you try this version of the nRF Sniffer:

nrf_sniffer_2.0.0_5june2019_c87e17d.zip

Best regards,

Andreas