🔮Adafruit sale all weekend long – use the code ADATHX for 15% off! 🔮
0

BLE Sniffer not showing in Wireshark - OSX
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

BLE Sniffer not showing in Wireshark - OSX

by wirelessfutures on Fri Jun 05, 2020 11:24 am

So after many hours - I finally have this working.

I followed the driver installations as per instructions and nothing showed up in Wireshark for the interface.

I saw a comment that you need to run wireshark in "administrator" mode so I ran sudo Wireshark from the extcap folder and it came up with errors in the terminal - so at least I could see what was happening. My resolution is as follows:
1. Use the latest Python3
2. Run pip3 pyserial to get the serial module
3. Delete the .bat file from the folder - then it will execute only the shell script
4. Edit the shell script to be as follows (change your folder to be your own for the python file)

#!/bin/sh
python3 /Users/username/.config/wireshark/extcap/nrf_sniffer_ble.py "$@"

5. Run Wireshark as admin ..... sudo Wireshark (you can set this up differently if you want to run from the GUI)

This seemed to work for me - at least then you can see any python errors or config issues. I hope this helps everyone - maybe adafruit can test this and put it in your instructions! (or fix it)

wirelessfutures
 
Posts: 1
Joined: Thu Jun 04, 2020 6:25 pm

Re: BLE Sniffer not showing in Wireshark - OSX

by flyfruit on Sat Sep 12, 2020 11:24 am

Hello, I was wondering if I could get some advice on a similar issue. I have the "Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2" and I am trying to get it to work with Wireshark on an iMac running Catalina 10.15.6.

I've used Homebrew to install pyenv, after which I've installed python versions 3.8.5 and 2.7.18 and pyserial for each one.

Unfortunately I am a Python/shell beginner and I am struggling with the configuration of headers and PATH variables.

Before I get into all the details, a few questions
- do you have the same BLE sniffer hardware?
- did you use the Nordic v2 or v3 files in your extcap folder?
- what version of Wireshark worked for you (2.x/3.x)?
- were you able to confirm HW communication in some way independent from Wireshark, e.g. via serial?
- what is going on with the .bat file you deleted? I assume it's meant for Windows only, but it seems to be invoked by Wireshark.

Thanks in advance. Your short, recent post was inspiring, as I've hit the wall trying to get this working!

flyfruit
 
Posts: 1
Joined: Thu Sep 10, 2020 9:18 am

Re: BLE Sniffer not showing in Wireshark - OSX

by andyeb on Mon Oct 05, 2020 2:45 am

@wirelessfutures I'm also struggling to get this working on macOS - the nRF Sniffer capture device is not showing up in Wireshark in the available capture devices, despite running Wireshark via sudo. I can however see it listed under About > Plugins.

A few questions, in addition to flyfruit above:

- do you have the black or blue board?
- did you need to install the corresponding drivers?
- on my black board there is a physical switch with two positions - command and data. What does this do and does this matter? What should I use for BT LE Sniffing?

andyeb
 
Posts: 2
Joined: Mon Oct 05, 2020 2:27 am

Re: BLE Sniffer not showing in Wireshark - OSX

by pbennett45 on Thu Oct 08, 2020 10:14 pm

Not sure if this helps anyone... this was Windows not Mac. My biggest hurdle getting the interface up in wireshark was putting python in the PATH variable. By default, Anaconda tells you to leave it out and just run the Anaconda shell to run Python code. Doesn't work in this case, because wire shark needs the batch file to people to call Python.

My big problem now... I can see the broadcast packets when its set to "all advertising devices" just fine. When I select one device to in the nRF toolbar it crashes the device..... the com port disappears... Need to unplug/replug from the USB to get it alive again. So I can't actually monitor anything useful in wireshark right now, just the "Hey I'm here come talk to me" broadcast messages.

pbennett45
 
Posts: 4
Joined: Thu Oct 08, 2020 10:07 pm

Re: BLE Sniffer not showing in Wireshark - OSX

by andyeb on Sat Oct 10, 2020 11:31 am

Despite another few hours of troubleshooting and looking into this, I still can't get it working. Here's what I've tried so far:

In Wireshark About > Plugins, I can see:

nrf_sniffer_ble.sh 3.0.0 extcap /Applications/Wireshark.app/Contents/MacOS/extcap/nrf_sniffer_ble.sh


if I run the shell script on the terminal:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}



On the terminal if I go looking for the raw devices:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ls -al /dev/cu.*
crw-rw-rw-  1 root  wheel   18,   1 26 Sep 13:49 /dev/cu.Bluetooth-Incoming-Port
crw-rw-rw-  1 root  wheel   18,   5 10 Oct 15:30 /dev/cu.SLAB_USBtoUART
crw-rw-rw-  1 root  wheel   18,   3 10 Oct 15:30 /dev/cu.usbserial-01D113AF


If I repeat this process without the sniffer plugged in:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ls -al /dev/cu.*
crw-rw-rw-  1 root  wheel   18,   1 26 Sep 13:49 /dev/cu.Bluetooth-Incoming-Port


In the macOS System Information app, I see this when the sniffer is plugged in:

USB 3.1 Bus
CP2104 USB to UART Bridge Controller:

Product ID: 0xea60
Vendor ID: 0x10c4 (Silicon Laboratories, Inc.)
Version: 1.00
Serial Number: 01D113AF
Speed: Up to 12 Mb/s
Manufacturer: Silicon Labs
Location ID: 0x14600000 / 14
Current Available (mA): 500
Current Required (mA): 100
Extra Operating Current (mA): 0

andyeb
 
Posts: 2
Joined: Mon Oct 05, 2020 2:27 am

Please be positive and constructive with your questions and comments.