• State Suggested Answer
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 63 subscribers
  • Views 3877 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 254552
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF Sniffer option not available in Wireshark for Mac

SarthakJ

I am trying to capture sniffer logs for a custom BLE peripheral using nRF51 dongle and Wireshark. I am following this guide here to install the Sniffer tool in Wireshark. 

I have programmed my nRF51 dongle using the Programmer app in nRF Connect app. I programmed it with the hex file sniffer_pca10031_129d2b3.hex because the dongle has a sticker of PCA10031 on it. 

I am currently stuck at Step 4. I successfully completed step 3 and below is the result when I run the command sh nrf_sniffer_ble.sh --extcap-interfaces

usage: dirname path
extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbmodem0006804533651}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}

I installed the latest Wireshark version for Mac and there was no Interface Toolbars option under View. I found this post here which says that the guide was written for older version so I downgraded my Wireshark to v2.4.2 and also tried on v2.4.6 but in vain.

I tried rebooting the Wireshark software and also the laptop but the option did not appear. I also unplugged and plugged back the dongle to see any changes in the list of interfaces (after clicking Refresh) but it did not list nRF Sniffer for Bluetooth LE

I found a similar ticket here, I made sure that my unzipped contents were swimming in the extcap directory directly and were not in a separate folder. When I ran this command 

python nrf_sniffer_ble.py --extcap-interfaces

I got this error:

  File "nrf_sniffer_ble.py", line 245
    header += struct.pack('<L', int((timestamp - int(timestamp)) * 1_000_000))  # Microseconds
                                                                           ^
SyntaxError: invalid syntax

Could you please tell me how do I capture the sniffer logs? Is there an updated guide for that?

Parents Reply Children
  • 0 in reply to Vidar Berg

    Running the command python3 nrf_sniffer_ble.py --extcap-interfaces did not produce any errors on my laptop. 
    I am guessing its the issue of multiple installation of python

  • 0 in reply to SarthakJ

    I feel this is progress. I installed the pyserial for python 3 and now I am able to view the interface and an option to select the nRF sniffer but the sniffer does not populate anything on the wireshark whatsoever. I have verified that the configuration is indeed proper i.e. my nRF51 dongle is between the central (phone) and the BLE peripheral and the peripheral is advertising and I also successfully connected to it in my device. But there were no packets displayed in Wireshark. Am I doing something wrong here?

    I have added a screenshot

  • 0 in reply to SarthakJ

    Yes, this is good progress. Did you try to update the SEGGER J-link SW as suggested in 'Troubleshooting'? I would also suggest you try disabling the USB mass storage class as explained here in the NCS documentation: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.3.0/zephyr/guides/tools/nordic_segger.html#disabling-the-mass-storage-device-functionality. 

  • 0 in reply to Vidar Berg

    I downloaded the latest SEGGER J-Link from that link above and reprogrammed my nRF51 dongle with the appropriate HEX file. I then tried to capture packets but nothing showed up on my screen. I had both the central and peripheral advertising and then connecting in the background

    I then tried to disable USB mass storage as seen from the logs below:

    Last login: Wed Aug 19 16:03:27 on ttys000
sarthajagetia@Sarthaks-Mac-Book ~ % /Applications/SEGGER/JLink_V682d/JLinkExe ; exit;
SEGGER J-Link Commander V6.82d (Compiled Aug 13 2020 17:15:10)
DLL version V6.82d, compiled Aug 13 2020 17:14:54

Connecting to J-Link via USB...O.K.
Firmware: J-Link OB-SAM3U128-V2-NordicSemi compiled Mar 17 2020 14:43:00
Hardware version: V1.00
S/N: 680453365
License(s): RDI, FlashBP, FlashDL, JFlash, GDB
VTref=3.300V


Type "connect" to establish a target connection, '?' for help
J-Link>MSDDisable
Probe configured successfully.

    Then I relaunched the Wireshark application and still nothing showed up on my screen. 
    Are there any logs that I can grab and provide you which can help in debugging this? 

    I am not sure if this is related but if I press the "red" Stop Capturing Packets button it throws me file not found error. 

  • 0 in reply to SarthakJ

    It's probably not a communication issue then. However, the last error you got is interesting, and I think it might be an important clue. As I understand it, the nrf_ble_sniffer.py must be executed by Wireshark on startup for the nRF sniffer interface to even be detected, so it seems strange to me that it's suddenly not found when you try to abort the capture afterward. I will have to contact one of the developers on Monday to get some input on this. Sorry for the inconvenience. 

Related