Please note: Friday June 18 is a holiday celebrating Juneteenth, please allow extra time for your order to arrive and plan accordingly.
0

BLE Sniffer not showing in Wireshark - OSX
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

BLE Sniffer not showing in Wireshark - OSX

by wirelessfutures on Fri Jun 05, 2020 11:24 am

So after many hours - I finally have this working.

I followed the driver installations as per instructions and nothing showed up in Wireshark for the interface.

I saw a comment that you need to run wireshark in "administrator" mode so I ran sudo Wireshark from the extcap folder and it came up with errors in the terminal - so at least I could see what was happening. My resolution is as follows:
1. Use the latest Python3
2. Run pip3 pyserial to get the serial module
3. Delete the .bat file from the folder - then it will execute only the shell script
4. Edit the shell script to be as follows (change your folder to be your own for the python file)

#!/bin/sh
python3 /Users/username/.config/wireshark/extcap/nrf_sniffer_ble.py "$@"

5. Run Wireshark as admin ..... sudo Wireshark (you can set this up differently if you want to run from the GUI)

This seemed to work for me - at least then you can see any python errors or config issues. I hope this helps everyone - maybe adafruit can test this and put it in your instructions! (or fix it)

wirelessfutures
 
Posts: 1
Joined: Thu Jun 04, 2020 6:25 pm

Re: BLE Sniffer not showing in Wireshark - OSX

by flyfruit on Sat Sep 12, 2020 11:24 am

Hello, I was wondering if I could get some advice on a similar issue. I have the "Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2" and I am trying to get it to work with Wireshark on an iMac running Catalina 10.15.6.

I've used Homebrew to install pyenv, after which I've installed python versions 3.8.5 and 2.7.18 and pyserial for each one.

Unfortunately I am a Python/shell beginner and I am struggling with the configuration of headers and PATH variables.

Before I get into all the details, a few questions
- do you have the same BLE sniffer hardware?
- did you use the Nordic v2 or v3 files in your extcap folder?
- what version of Wireshark worked for you (2.x/3.x)?
- were you able to confirm HW communication in some way independent from Wireshark, e.g. via serial?
- what is going on with the .bat file you deleted? I assume it's meant for Windows only, but it seems to be invoked by Wireshark.

Thanks in advance. Your short, recent post was inspiring, as I've hit the wall trying to get this working!

flyfruit
 
Posts: 1
Joined: Thu Sep 10, 2020 9:18 am

Re: BLE Sniffer not showing in Wireshark - OSX

by andyeb on Mon Oct 05, 2020 2:45 am

@wirelessfutures I'm also struggling to get this working on macOS - the nRF Sniffer capture device is not showing up in Wireshark in the available capture devices, despite running Wireshark via sudo. I can however see it listed under About > Plugins.

A few questions, in addition to flyfruit above:

- do you have the black or blue board?
- did you need to install the corresponding drivers?
- on my black board there is a physical switch with two positions - command and data. What does this do and does this matter? What should I use for BT LE Sniffing?

andyeb
 
Posts: 3
Joined: Mon Oct 05, 2020 2:27 am

Re: BLE Sniffer not showing in Wireshark - OSX

by pbennett45 on Thu Oct 08, 2020 10:14 pm

Not sure if this helps anyone... this was Windows not Mac. My biggest hurdle getting the interface up in wireshark was putting python in the PATH variable. By default, Anaconda tells you to leave it out and just run the Anaconda shell to run Python code. Doesn't work in this case, because wire shark needs the batch file to people to call Python.

My big problem now... I can see the broadcast packets when its set to "all advertising devices" just fine. When I select one device to in the nRF toolbar it crashes the device..... the com port disappears... Need to unplug/replug from the USB to get it alive again. So I can't actually monitor anything useful in wireshark right now, just the "Hey I'm here come talk to me" broadcast messages.

pbennett45
 
Posts: 4
Joined: Thu Oct 08, 2020 10:07 pm

Re: BLE Sniffer not showing in Wireshark - OSX

by andyeb on Sat Oct 10, 2020 11:31 am

Despite another few hours of troubleshooting and looking into this, I still can't get it working. Here's what I've tried so far:

In Wireshark About > Plugins, I can see:

nrf_sniffer_ble.sh 3.0.0 extcap /Applications/Wireshark.app/Contents/MacOS/extcap/nrf_sniffer_ble.sh


if I run the shell script on the terminal:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}



On the terminal if I go looking for the raw devices:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ls -al /dev/cu.*
crw-rw-rw-  1 root  wheel   18,   1 26 Sep 13:49 /dev/cu.Bluetooth-Incoming-Port
crw-rw-rw-  1 root  wheel   18,   5 10 Oct 15:30 /dev/cu.SLAB_USBtoUART
crw-rw-rw-  1 root  wheel   18,   3 10 Oct 15:30 /dev/cu.usbserial-01D113AF


If I repeat this process without the sniffer plugged in:

Code: Select all | TOGGLE FULL SIZE
andrewebling@Andrews-Mac-mini extcap % ls -al /dev/cu.*
crw-rw-rw-  1 root  wheel   18,   1 26 Sep 13:49 /dev/cu.Bluetooth-Incoming-Port


In the macOS System Information app, I see this when the sniffer is plugged in:

USB 3.1 Bus
CP2104 USB to UART Bridge Controller:

Product ID: 0xea60
Vendor ID: 0x10c4 (Silicon Laboratories, Inc.)
Version: 1.00
Serial Number: 01D113AF
Speed: Up to 12 Mb/s
Manufacturer: Silicon Labs
Location ID: 0x14600000 / 14
Current Available (mA): 500
Current Required (mA): 100
Extra Operating Current (mA): 0

andyeb
 
Posts: 3
Joined: Mon Oct 05, 2020 2:27 am

Re: BLE Sniffer not showing in Wireshark - OSX

by jynx78 on Thu Dec 24, 2020 12:36 pm

Hi
i am having the same issue trying everything even installed a fresh osx and still nothing. Did you manage to get it working?

jynx78
 
Posts: 2
Joined: Sun Dec 20, 2020 1:22 pm

Re: BLE Sniffer not showing in Wireshark - OSX

by andyeb on Thu Dec 24, 2020 1:06 pm

jynx78 wrote:Hi
i am having the same issue trying everything even installed a fresh osx and still nothing. Did you manage to get it working?


I switched to a Windows machine and it worked straight away. However I only seem to be able to sniff Bluetooth advertising packets, which makes it almost useless as a tool.

I wish I had more positive news to share.

best regards,

Andrew

andyeb
 
Posts: 3
Joined: Mon Oct 05, 2020 2:27 am

Re: BLE Sniffer not showing in Wireshark - OSX

by alm89 on Wed Jan 06, 2021 8:01 pm

@pbennett45
I have exactly the same issue on Linux (Ubuntu 20.04, though the actual version should not matter much). The install was a breeze, watching the advertising packets seems to be going Ok. But the actual capturing anything useful is a problem with the sniffer crashing (the blue slight stops, the serial's port disappears). It also seems to be very slow in capturing the device names and it is a very inconsistent at that.
For reference : I am trying to watch the traffic between an iPhone11 and an SP110E led controller, but the problem does not seem to be tied to any particular BLE device.

pbennett45 wrote:Not sure if this helps anyone... this was Windows not Mac. My biggest hurdle getting the interface up in wireshark was putting python in the PATH variable. By default, Anaconda tells you to leave it out and just run the Anaconda shell to run Python code. Doesn't work in this case, because wire shark needs the batch file to people to call Python.

My big problem now... I can see the broadcast packets when its set to "all advertising devices" just fine. When I select one device to in the nRF toolbar it crashes the device..... the com port disappears... Need to unplug/replug from the USB to get it alive again. So I can't actually monitor anything useful in wireshark right now, just the "Hey I'm here come talk to me" broadcast messages.

alm89
 
Posts: 3
Joined: Tue Nov 28, 2017 1:53 am

Re: BLE Sniffer not showing in Wireshark - OSX

by BLE_Barkeeper on Thu Feb 11, 2021 12:25 pm

Hi there,

I am trying to get my Adafruit BLE Sniffer v2 (black board) to work on OSX 10.15.

This is what I have done so far:

1. Installed the USB-Driver (SiLabsUSBDriverDisk.dmg/Install CP210x VCP Driver.app) sucessfully (https://www.silabs.com/documents/public ... Driver.zip)
2. Referred to this guide: https://cdn-learn.adafruit.com/assets/a ... 1533935335
2.1. I copied the pyrthon script to the excap folder of Wireshark https://cdn-learn.adafruit.com/assets/a ... 1546518974

Checking the stuff in the terminal gives me the following messages:
Code: Select all | TOGGLE FULL SIZE
Mac:extcap xy$ ls -lisa
total 72
8622528236  0 drwxr-xr-x@  7 cm  staff    224 11 Feb 16:10 .
8622528228  0 drwxr-xr-x@  9 cm  staff    288 11 Feb 16:11 ..
8622528241  0 drwxr-xr-x@ 18 cm  staff    576 11 Feb 16:10 SnifferAPI
8622528237  8 -rwxrwxr-x@  1 cm  staff    557 10 Nov 21:40 nrf_sniffer_ble.bat
8622528238 48 -rwxrwxr-x@  1 cm  staff  22236 10 Nov 21:40 nrf_sniffer_ble.py
8622528239  8 -rwxrwxrwx@  1 cm  staff    229 10 Nov 21:40 nrf_sniffer_ble.sh
8622528240  8 -rw-rw-r--@  1 cm  staff     17 10 Nov 21:40 requirements.txt
Mac:extcap xy$ python nrf_sniffer_ble.py
  File "nrf_sniffer_ble.py", line 506
    print("FIFO does not exist!", file=sys.stderr)
                                      ^
SyntaxError: invalid syntax


(Python 2 and 3 are installed as well.)

And of course the Sniffer is not visible in Wireshark.

Is there any tutorial for usage with OSX?
Or could anybody help me out?

Thank you in advance!

Barkeeper

BLE_Barkeeper
 
Posts: 1
Joined: Thu Feb 11, 2021 11:59 am

Re: BLE Sniffer not showing in Wireshark - OSX

by danjx on Sun Apr 11, 2021 8:07 am

Yup. I'm in the same boat as BLE_Barkeeper.

Gathered and installed all the drivers, python modules, virtual environments, etc. Still no joy. I can see the USB driver in my "About this Mac system report" and I can verify that the python script runs to the "No arguments given!" reply. But there is no nRF device listed in Wireshark (not even listed in the plugins).

One thing I noticed when pouring over the tutorial yet again is the comment: "When downloading the desktop/Wireshark Sniffer tool, make sure to download BETA 1" with a graphic that shows "v2.0.0 Beta 1". So, is this really the only version of Wireshark supported today by this BLE sniffer? And if it is, where can we find this beta version of Wireshark from 5-1/2 years ago? (there are no betas in the list of old revisions)

Has anyone gotten this thing to work on a Mac in the last year or two?

Commentary: Very disappointed with the level of complexity and obscurity. This is not what I expected from Adafruit - a waste of time and money.

danjx
 
Posts: 1
Joined: Sun Apr 11, 2021 7:27 am

Please be positive and constructive with your questions and comments.