This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

YANSSQ: Yet Another nRF Sniffer Setup Question! (Wireshark doesn't see nrf Capture Plugin)mike@Mikes-MacBook-Pro-10-1 extcap % pwd /Applications/Wireshark.app/Contents/MacOS/extcap mike@Mikes-MacBook-Pro-10-1 extcap % ls -al total 760 drwxr-xr-x@ 17 mi

This seems to be a recurring question. I suspect the Wireshark/nrf-Sniffer setup is delicate enough that minor changes/upgrades in any of the components causes a problem.  

Currently I get all the way through the PCA10000 firmware loading, Wireshark installation, nrf Sniffer plugin installation and even the command line test of the nrf Sniffer plugin components (as your instructions direct), but Wireshark refuses to recognize and list the plugin among its available interfaces.

Here's my configuration:

  • MacBook Pro 10,1, running macOS 10.15.4
  • JLink V664
  • Python3, v3.8.2
  • pip3 v20.0.2
  • pyserial 3.4
  • Wireshark 3.2.2
  • nrf_sniffer_for_le_3.0.0_l29d2b3.ziip
  • Installation directory for nrf Sniffer files: /Applications/Wireshark.app/Contents/MacOS/extcap/
  • Directory listing: 

mike@Mikes-MacBook-Pro-10-1 extcap % pwd
/Applications/Wireshark.app/Contents/MacOS/extcap
mike@Mikes-MacBook-Pro-10-1 extcap % ls -al
total 760
drwxr-xr-x@ 17 mike  admin    544 Mar 29 19:56 .
drwxr-xr-x@ 32 mike  admin   1024 Feb 26 12:27 ..
drwxr-xr-x  17 mike  admin    544 Mar 29 20:00 SnifferAPI
-rwxr-xr-x@  1 mike  admin  89824 Feb 26 12:27 androiddump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 androiddump.dSYM
-rwxr-xr-x@  1 mike  admin  71664 Feb 26 12:27 ciscodump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 ciscodump.dSYM
-rwxrwxrwx@  1 mike  admin    557 Dec  5 13:10 nrf_sniffer_ble.bat
-rw-rw-rw-@  1 mike  admin  23200 Dec  5 13:10 nrf_sniffer_ble.py
-rwxrwxrwx@  1 mike  admin    229 Dec  5 13:10 nrf_sniffer_ble.sh
-rwxr-xr-x@  1 mike  admin  67344 Feb 26 12:27 randpktdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 randpktdump.dSYM
-rw-rw-rw-@  1 mike  admin     17 Dec  5 13:10 requirements.txt
-rwxr-xr-x@  1 mike  admin  61328 Feb 26 12:27 sshdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 sshdump.dSYM
-rwxr-xr-x@  1 mike  admin  56000 Feb 26 12:27 udpdump
drwxr-xr-x@  3 mike  admin     96 Feb 26 12:26 udpdump.dSYM
mike@Mikes-MacBook-Pro-10-1 extcap % 

  • Result of running nrf Sniffer components from the command line:
    mike@Mikes-MacBook-Pro-10-1 extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
    extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
    interface {value=/dev/cu.usbmodem0004801043181}{display=nRF Sniffer for Bluetooth LE}
    control {number=0}{type=selector}{display=Device}{tooltip=Device list}
    control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
    control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
    control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
    control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
    control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
    value {control=0}{value= }{display=All advertising devices}{default=true}
    mike@Mikes-MacBook-Pro-10-1 extcap % 
    
  • Running an nRF51 Dongle (PCA10000)

RESULT: Wireshark doesn't show the nRF Sniffer interface.

Anybody have suggestions for how to fix this?

TIA,

Mike

  • We tested the sniffer on Catalina before releasing 3.0.0. The issue might be related to the fact that Catalina (surprisingly) comes with its own Python *3* installation built-in. So if you are using the homebrew Python 3 (/usr/local/bin/python3) to install pyserial it might well be that nrf_sniffer_ble.sh is actually instead invoking the macOS buil-tin /usr/bin/python3 Python 3 and in that case the built-in one might not have pyserial installed. You can try to install pyserial with /usr/bin/pip3 see if that fixes it:

    $ /usr/bin/pip3 install -U pyserial

    Then try running nrf_sniffer_ble.sh again and see if the interface is listed.

    1. Will check that out.  Thanks for the suggestion.
    2. Have been checking this out from the Wireshark side as well, on their forum, and have lots of interaction there, but no fix for my Catalina system yet.  Check the thread out here.
    3. I did succeed in getting it running on a non-Catalina older Mac, so have a partial solution for my immediate needs. Feel free to reduce the priority of this ticket to non-urgent.
    4. From the Wireshark interactions I'm suspecting the new file security provisions in Catalina are getting the way of access to the nRF Sniffer files.
  • BINGO! You got it right!  I installed a full Python 3.8.2, which duplicated the copy already in Catalina.  The pyserial I installed went to my copy.  And my ./nrf_sniffer_ble.sh --extcap-interfaces test ran against that version as well. But Wireshark used the Catalina version.

    Any hints on how I can uninstall my duplicate copy of Python3 without disturbing the system version? :-)

    Thanks for all the help!

    Mike

  • Here's some info from Guy Harris on the Wireshark forum:

    NOTE: that works only if you have Xcode installed; apparently, /usr/bin/python3 is a small program that tries to find Xcode and run the python3 in Xcode (/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python).

    I tried it on a machine running 10.15.4 and without Xcode, and it complained about not being able to find scrub.

    Earlier releases didn't offer Python 3 at all, so, if Nordic's nRF Sniffer depends on Python 3, 1) it won't work on pre-Catalina systems if you don't install Python 3 but 2) if you do install Python 3, you don't have a collision between the OS's Python 3 and an installed Python 3.

    So:

    • pre-Catalina: you must install Python 3 - and , but that's enough;
    • Catalina, without Xcode: you must install Python 3 - and pyserial, and probably pip3 to use to install pyserial - and may have to make sure that running Python doesn't get you the non-working /usr/bin/pyhon3
    • Catalina, with Xcode: if you don't install Python 3, and do install pyserial using, for example, /usr/bin/pip3 - that may be sufficient, and if you do install a third-party Python 3, you will probably have to make sure that running Python doesn't get you /usr/bin/python3 unless you've installed pyserial for it.

    You might want to notify Nordic Semiconductor about this.

  • I had the very same problem (OS/X 10.14.6), but I had not python3 installed under /usr/bin. So I looked into nrf_sniffer_ble.sh to see that the script will run /usr/local/bin/python3 and I used the corresponding /usr/local/bin/pip3 to install pyserial. Then the plugin showed up in Wireshark.

Related