RE: sniffer nRF 802.15.4 paquets live with python-script

kacper.szewenko — Mon, 28 Jun 2021 14:43:33 GMT

Hi,

Unfortunately, I have never used pyshark with LiveCapture API for sniffing packets, but I think you can use the existing implementation of 802.15.4 sniffer: https://github.com/NordicSemiconductor/nRF-Sniffer-for-802.15.4

You can use the extcap_cature API method giving the path to the output pcap file, comport, channel, and metadata to start sniffing. It reads the packets straight from the serial port and creates the .pcap file for logging purposes. Then this file can be opened in python and can be taken into parsing through pyshark - I am using pyshark API:

capture = CaptureFromPipe(pipe=pcap_file_pipe)

Moreover, pyshark is a wrapper for Tshark and Tshark needs to have a configuration file with the master key to properly decode the packets. In case of running it under Linux the file should be in the directory:

~/.config/wireshark/ieee802154_keys

and it should contain the master key, e.g. of the file:

# This file is automatically generated, DO NOT MODIFY.
"00112233445566778899aabbccddeeff","0","Thread hash"