BLE Sniffer not showing in Wireshark - OSX
by wirelessfutures on Fri Jun 05, 2020 11:24 am

So after many hours - I finally have this working.

I followed the driver installations as per instructions and nothing showed up in Wireshark for the interface.

I saw a comment that you need to run wireshark in "administrator" mode so I ran sudo Wireshark from the extcap folder and it came up with errors in the terminal - so at least I could see what was happening. My resolution is as follows:
1. Use the latest Python3
2. Run pip3 pyserial to get the serial module
3. Delete the .bat file from the folder - then it will execute only the shell script
4. Edit the shell script to be as follows (change your folder to be your own for the python file)

python3 /Users/username/.config/wireshark/extcap/ "$@"

5. Run Wireshark as admin ..... sudo Wireshark (you can set this up differently if you want to run from the GUI)

This seemed to work for me - at least then you can see any python errors or config issues. I hope this helps everyone - maybe adafruit can test this and put it in your instructions! (or fix it)

by flyfruit on Sat Sep 12, 2020 11:24 am

Hello, I was wondering if I could get some advice on a similar issue. I have the "Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2" and I am trying to get it to work with Wireshark on an iMac running Catalina 10.15.6.

I've used Homebrew to install pyenv, after which I've installed python versions 3.8.5 and 2.7.18 and pyserial for each one.

Unfortunately I am a Python/shell beginner and I am struggling with the configuration of headers and PATH variables.

Before I get into all the details, a few questions
- do you have the same BLE sniffer hardware?
- did you use the Nordic v2 or v3 files in your extcap folder?
- what version of Wireshark worked for you (2.x/3.x)?
- were you able to confirm HW communication in some way independent from Wireshark, e.g. via serial?
- what is going on with the .bat file you deleted? I assume it's meant for Windows only, but it seems to be invoked by Wireshark.

Thanks in advance. Your short, recent post was inspiring, as I've hit the wall trying to get this working!

