This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Device popup menu in Wireshark not working

I've got Wireshark running with nRF Sniffer, but it is not really working for me.

I'm using a PCA10040 board as the sniffer hardware.

I'm running on a Mac with MacOS 10.14.4.

I'm running Python 2.7.10 and I installed PySerial 2.7.

I downloaded nrfsniffer200beta312oct20181c2a221.zip.

I installed the hex file for PCA10040 onto the board.

I installed the nRF profile into Wireshark and installed the python scripts into the extcap folder.

Note that I first installed Wireshark 3.0.2 and then downgraded to 2.6.9, which did not affect my issue.

When I run Wireshark, I can select the nRF sniffer profile and I can select the interface to my sniffer board. I see all of the advertising data for all devices, but when I select a specific device from the Device popup menu, it does not affect the output. I still see all of the advertising data. If I select my device and connect to it from my iPad then I see the advertising stop for my device, but I continue to see the advertising packet for all of the other devices in my area. Also, I only see advertising data. It does not show any other packet types from my device.

Here is the log window contents after selecting my device.

INFO: Log started at Fri May 31 15:37:30 2019

INFO: args: ()

INFO: kwargs: {'callbacks': [('*', <bound method Sniffer.passOnNotification of <Sniffer(Thread-2, initial)>>)]}

INFO: board ID (random): 156

INFO: starting scan

INFO: starting scan

INFO: Sent key value to sniffer: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

INFO: Sent key value to sniffer: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

INFO: Sniffing device 13 - ""Sm""

INFO: Following "Sm" f7:73:bf:4a:a6:c3 random

It says it is following my device, but it is still following all devices.

Any help is appreciated.

  • Hi.

    I have to look a bit more at this, can you provide me with some log files?

    Best regards,

    Andreas

  • Log files? There are log file? There's a button named Log in Wireshark. That's where I got that snippet I posted in my OP. What other log files are available?

  • If you meant a capture log, here's a screen shot showing advertising data. You can see the selected device "Sm" is my device, but the advertising packets are still all devices. I have one of my device packets selected, so you can see its data in the details pane. I never see any connect packets, which I guess is because the device selection just isn't working.

    Advertising data

  • Hi.

    Yes I was thinking about the capture log, would be nice if you could provide the whole log.

    You say you don't see any connection packets. How are you connecting the device? What is your device running? Are you connecting it to the phone?

    "but when I select a specific device from the Device popup menu, it does not affect the output."

    What is this device popup menu?

    Best regards,

    Andreas

  • Sorry, the documentation calls it the "Device drop-down list". As per section 5.2 of the version 2.2 User Guide, I select my device from the list, expecting that the capture window will only show the advertising packets from my selected device. Instead, it continues to display advertising packets from all devices, which includes my own.

    I'll also note that I can see an Eve BLE outlet I have in my house. When I select it from the list Wireshark does not focus on it either.

    If ignore that the Device list is not affecting the advertising packet display and connect to my development PCA10040 with my iPad as per section 5.3, the advertising packets disappear because it is no longer advertising, but all of the other advertising packets from other devices are still displayed.

    Here's my testing procedure:

    1. Connect and power on PCA10040 sniffer board.
    2. Eject mass storage from MacOS Desktop. (Note that this doesn't seem to matter.)
    3. Turn on second PCA10040 with custom app under development configured with fast advertising (not connected to any computer).
    4. Launch Wireshark.
    5. Device menu is set to “All advertising devices”
    6. Double-click the nrf Sniffer interface from the Capture list.
    7. Advertising packets appear for all device in the area.
    8. Export capture to AllAdvertisingDevices.pcapng

    1. Quit and relaunch Wireshark.
    2. Device menu is set to “All advertising devices”
    3. Double-click the nrf Sniffer interface from the Capture list.
    4. Advertising packets appear for all device in the area.
    5. Selected my device “Sm f7:73:bf:4a:a6:c3” from Device popup menu.
    6. No change to the packet display. Still displaying advertising for all devices.
    7. Stop capture.
    8. Restart capture with device already selected. Still no change

    I have attached the capture file.

    Again, my peripheral device is my custom app running on a PCA10040. If you look at the advertising packet, which is not expanded in my OP, but you will see in the capture file, it includes a standard battery service, a standard device information service and my custom service with its 128-bit UUID. There is no security. I connect to it with my custom iPad app or with the nRF Connect app. The device works fine. In fact, I was trying to use the sniffer because I was having a long read/write problem, but I have actually solved that problem already. My original need for the tool is gone, but I would like to get this working. A working sniffer is a good tool to have.

    Note that the OP included Wireshark log data. I'm not a Python programmer, but I did spelunk the Python scripts and I can see where those log records are generated. That makes me think the Python code is being accessed properly. And, of course, the Profile appears in Wireshark and that is also the Python scripts at work.

    I just don't have any idea where to go from here.

    AllAdvertisingDevices.pcapng.zip

Related