YANSSQ: Yet Another nRF Sniffer Setup Question! (Wireshark doesn't see nrf Capture Plugin)mike@Mikes-MacBook-Pro-10-1 extcap % pwd /Applications/Wireshark.app/Contents/MacOS/extcap mike@Mikes-MacBook-Pro-10-1 extcap % ls -al total 760 drwxr-xr-x@ 17 mi

This seems to be a recurring question. I suspect the Wireshark/nrf-Sniffer setup is delicate enough that minor changes/upgrades in any of the components causes a problem.  

Currently I get all the way through the PCA10000 firmware loading, Wireshark installation, nrf Sniffer plugin installation and even the command line test of the nrf Sniffer plugin components (as your instructions direct), but Wireshark refuses to recognize and list the plugin among its available interfaces.

Here's my configuration:

  • MacBook Pro 10,1, running macOS 10.15.4
  • JLink V664
  • Python3, v3.8.2
  • pip3 v20.0.2
  • pyserial 3.4
  • Wireshark 3.2.2
  • nrf_sniffer_for_le_3.0.0_l29d2b3.ziip
  • Installation directory for nrf Sniffer files: /Applications/Wireshark.app/Contents/MacOS/extcap/
  • Directory listing: 

mike@Mikes-MacBook-Pro-10-1 extcap % pwd
/Applications/Wireshark.app/Contents/MacOS/extcap
mike@Mikes-MacBook-Pro-10-1 extcap % ls -al
total 760
drwxr-xr-x@ 17 mike  admin    544 Mar 29 19:56 .
drwxr-xr-x@ 32 mike  admin   1024 Feb 26 12:27 ..
drwxr-xr-x  17 mike  admin    544 Mar 29 20:00 SnifferAPI
-rwxr-xr-x@  1 mike  admin  89824 Feb 26 12:27 androiddump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 androiddump.dSYM
-rwxr-xr-x@  1 mike  admin  71664 Feb 26 12:27 ciscodump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 ciscodump.dSYM
-rwxrwxrwx@  1 mike  admin    557 Dec  5 13:10 nrf_sniffer_ble.bat
-rw-rw-rw-@  1 mike  admin  23200 Dec  5 13:10 nrf_sniffer_ble.py
-rwxrwxrwx@  1 mike  admin    229 Dec  5 13:10 nrf_sniffer_ble.sh
-rwxr-xr-x@  1 mike  admin  67344 Feb 26 12:27 randpktdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 randpktdump.dSYM
-rw-rw-rw-@  1 mike  admin     17 Dec  5 13:10 requirements.txt
-rwxr-xr-x@  1 mike  admin  61328 Feb 26 12:27 sshdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 sshdump.dSYM
-rwxr-xr-x@  1 mike  admin  56000 Feb 26 12:27 udpdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 udpdump.dSYM
mike@Mikes-MacBook-Pro-10-1 extcap % 

  • Result of running nrf Sniffer components from the command line:
    mike@Mikes-MacBook-Pro-10-1 extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
    extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
    interface {value=/dev/cu.usbmodem0004801043181}{display=nRF Sniffer for Bluetooth LE}
    control {number=0}{type=selector}{display=Device}{tooltip=Device list}
    control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
    control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
    control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
    control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
    control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
    value {control=0}{value= }{display=All advertising devices}{default=true}
    mike@Mikes-MacBook-Pro-10-1 extcap % 
    
  • Running an nRF51 Dongle (PCA10000)

RESULT: Wireshark doesn't show the nRF Sniffer interface.

Anybody have suggestions for how to fix this?

TIA,

Mike

  • There could be an issue with Wireshark/nrfSniffer interface in latest Mac OSes including Catalina. Haven't tested this myself but have noticed the noise around it. I can create a task for the developers to fix this, but currently I am not aware of any workarounds unfortunately.

  • Would be useful if I can get nRF Sniffer working.  Am trying to diagnose low-level BLE issues with iPhones and Android, part of a volunteer effort to create a Contact Tracker to help fight the current COVID-19 pandemic.  So sooner, is better than later :-)

    TIA,

    Mike

  • I have asked for help from a colleague who might know, but I would suggest you use Windows if things are very urgent as you say they are,

  • I tried installing Wireshark and nrf Sniffer on another Mac, with an earlier version of macOS than Catalina. Same problem.

    I did note, however, that the installation package, Add Wireshark to the system path.pkg, didn't appear to do anything. The PATH environment variable was the same before and after running it.  What pathname should have been added to PATH?

    Thanks,

    Mike

  • Tried installing nrf Sniffer and Wireshark on a Windows 10 VM on my Mac.  Installed fine, but has the same problem -- the nrf Capture plugin doesn't show up in the available list of Capture filters in Wireshark.  That's in spite of passing the "run the filter from a command window in the extcap folder" test.

    Note: "nrf_sniffer_ble.bat 3.0.0 extcap" does show up on the About Wireshark/Plugins tab, and doesn't show up on the same tab on the Mac.

    Go figure.

    Mike

    PS: The Windows install only showed 2 Wired filters 

Related