Here is a small guide on how to build Wireshark with a BLE plugin under linux, with a small example on using this plugin with the Nordic Sniffer API.
Download the Sniffer API and firmware here: nRF Sniffer
Inside the zip-file you will find another zip-file called SnifferAPI.zip. Unzip the content of this file to your workspace. These are the files you need. The "Sniffer API" folder contains the python API, and the "wireshark_dissector_source" folder contains the plugin source.
##Build Wireshark with BLE plugin
sudo apt-get install build-essential automake autoconf libgtk2.0-dev libglib2.0-dev libpcap0.8-dev flex bison
Also check out the Wireshark wiki: https://wiki.wireshark.org/Development
Download the Wireshark plugin: nordic_ble_linux-1.12.0.zip
Download the Wireshark source: wireshark-1.12.0.tar.bz2
Decompress wireshark-1.12.0.tar.bz2 and move into created folder (wireshark-1.12.0)
Decompress nordic_ble_linux-1.12.0.zip in plugins folder
Move Custom files to plugins folder
$ mv plugins/nordic_ble/Custom.m4-1.12.0 plugins/Custom.m4
$ mv plugins/nordic_ble/Custom.make-1.12.0 plugins/Custom.make
$ mv plugins/nordic_ble/Custom.nmake-1.12.0 plugins/Custom.nmake
Add packet-nordic_ble.c from the "wireshark_dissector_source" folder in the Sniffer API to plugins/nordic_ble folder
Then run wireshark to see if it works:
Flash the chip with the firmware included in the "Firmware" folder in the Sniffer API zip file you downloaded (ble-sniffer_nRF51822_1.0.1_1111_Sniffer.hex), using JLinkExe or preferred tool. No need to flash softdevice first.
##Linux example code
Download the example python script here: example_linux.py
Put it in the Sniffer API root folder (Called "SnifferAPIBuild" after the unzip)
install the "pyserial" python 2.7 package:
pip install pyserial
In the example script under def setup() you can set the UART port for the nRF USB dongle. In Ubuntu it should enumerate under "/dev/ttyACM0". Check to see if this is the case:
ls -l /dev/ttyACM0
Also set the address of the device you want to sniff (tls_dev_addr)
Run the example script:
sudo python linux_example.py
(You might need to run as sudo to access the UART port)
If the device is found, run Wireshark (from the Wireshark root folder) using:
./wireshark -Y btle -k -i /home/username/snifferAPI_directory/SnifferAPIBuild/logs/nordic_ble.pipe
(This command will also be output from the script when the sniffer successfully finds the device. So you can copy/paste it to get the right path for the nordic_ble.pipe file)
Wireshark should start to show the packets now.
I was trying to get this setup and running on 18.04 and was running into a problem where the QT on the system was compiled with PIE and it needed PIC. I have seen this issue on my last job and the way I resolved it was to build the entire QT and use it rather than the system default. I hope that's not the case here.Also seems to be some possible issues as the code is looking for qt4, but on 18.04 qt5 is the default. I tried to set the default to be qt4, but the code is still looking for qt5 in the configure as well as compile. I can compile QT if I need to, but I have BTDT and not preferable for me as I have other stuff I need QT for.
Getting fallowing error with wireshark1.12.0 source. I tried the above mentioned steps
Making all in nordic_ble
make: Entering directory /home/kiran/wireshark-1.12.0/plugins/nordic_ble' make: *** No rule to make targetall'. Stop.
make: Leaving directory /home/kiran/wireshark-1.12.0/plugins/nordic_ble' make: *** [all-recursive] Error 1 make: Leaving directory/home/kiran/wireshark-1.12.0/plugins'
make: *** [all-recursive] Error 1
make: Leaving directory `/home/kiran/wireshark-1.12.0'
make: *** [all] Error 2