google string in sniffed BLE packet

Hi,

I've launched wireshark + nRF52 Dongle successfully and I'm also able to select my device (named EWAT AI-No) from the list to sniff. However there's something I don't understand. Where does the Google_08:8f:63 string come from?

The device is a EYSHSNZWZ based on nRF52832 with UART BLE application example.

Here's the screenshot.

gaston

  • Hi Gaston

    That is probably a Google device that is advertising or scanning in your vicinity. Do you, for example, have a Google Home or Google Pixel phone near you?

    Best regards,

    Simon

  • Hi Simon,

    I do not have a Google device but perhaps a neighbor does. Anyway, if I select my device (EWAT AI-No). Shouldn't I just see only this device with its address CE:4A:33:01:8D:B6?

    gaston

  • Hi Gaston

    Yes, most devices only show the full address, but some of the more well-known company identifiers (like Google and Apple for example) are stored by the sniffing device and will show what kind of device that is in the sniffer log.

    Best regards,

    Simon

  • Hi Simon,

    So the device responsible for filtering the google addresses is the sniffer firmware of nRF51 Dongle, correct? If so I consider it quite intrusive.

    gaston

  • Hi gaston

    I'm sorry, I misunderstood this as well. It seems like it is Wireshark that is storing some manufacturer IDs in the "Wireshark manufacturer database", found here. Here you can see that Google, amongst others, is present. Nordic Thread and Zigbee devices are also stored here.

    The reason only the Google address is identified by name is likely because that is the only device in your vicinity using a public address instead of a private resolvable one. I don't see why this matters whether it says a company name or just the full address though.

    Best regards,

    Simon

Related