• State Not Answered
  • Replies 10 replies
  • Subscribers 63 subscribers
  • Views 1304 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 299453
Options

nRF52840 DK sniffer fails to display Data messages after Connect_Ind, only advertisements

Aeneas

//nRF52840 DK//PCA10056//central=apple-smartphone//Wireshark Version 4.0.1 (v4.0.1-0-ge9f3970b1527) sniffer.//

Wireshark is working perfectly on Advertising packets, but once a CONNECT_IND comes in

from the smartphone, no more messages from this Source are displayed

(since this source is programmed to stop Advertising on a Connect).

The smartphone does indicate that a series of messages are

being received from this source.

So the question is what in Wireshark/nRF-Sniffer installation/troubleshooting affects

ability to display Data messages in Connect mode ?

(No encryption or privacy is enabled, at this point).

In the Wireshark Device options, I see 2:

All advertising devices  and  Follow IRK., preceding a list of devices and dBm observed.

  • 0 in reply to Hung Bui

    I was already well familiar with the limitations of your nrf Sniffer tool,

    which explain why your tool is much less expensive, but still very useful.

    They have nothing to do with my recommendations, which pertain

    to the usability of the product the way it is.

    When do you plan an update to the nrf.wireshark software ?

  • 0 in reply to Aeneas

    Hi Aeneas, 
    Unfortunately I don't have a timeline for it. 

  • 0 in reply to Hung Bui

    The Wireshark right-click filter menu generates excellent boolean compound

    statements when several addresses are filtered in or out, so it is a

    powerful feature which is hampered by this eth.src  text replace oversight.

    So, to which part of the nrf project have you moved ?

    Maybe I will add some more recs by the time you are back on Wireshark..

  • 0 in reply to Aeneas

    Hi Aeneas, 

    Could you please explain a little bit more on the eth.src thing ? I'm not very familiar with that. 

    Please note that you can use right click filter and filter out empty packet, address etc as explained here.

    And for advertising packet, all packets from any boardcaster have the same physical address of 0x8e89bed6 address and the broadcaster address is only provided in the payload. You need to filter it the same way as you filter the payload data. 

  • 0 in reply to Hung Bui

    Right-click on the Source field in a particular line in the nrf/Wireshark display

    yields something line "eth.src == xx:xx:xx:xx:xx:xx " .

    When nrf BLE is active, nrf/Wireshark should generate:

    "btle.advertising_address == xx:xx:xx:xx:xx:xx " .

    This is especially useful in the Advertising Only realm, inclduing groups of addresses

    using the built-in right-click filter  boolean operations.

    The point of the Filter All, is to filter out all currently air-detected addresses,

    so that when the user presses Go on his debugger, that new advertiser random address

    will be the only one who appears on the display.

    Filtering all advertisers through 0x8e89bed6 would also filter this new advertiser.

    There was an update for Wireshark yesterday, but I did not see a list of

    updated features.

    btle.length != 0 does seem to work for Empty PDU -- well done.

Related