Ask Your Question

# Revision history [back]

tshark -i <interface> -f "(not btle.length == 0)"


Now, I expected that to work for advertisement packets -- but it returns soon with zero packets captured.

not btle.length == 0 is not a valid capture filter, and the -f argument to TShark specifies a capture filter, not a Wireshark filter (display/color/etc. filter). Try doing

 tshark -i <interface> -R "(not btle.length == 0)"


instead.

By the way, you do not need a plugin to dissect the packets and, in fact, at least on Windows, Wireshark explicitly ignores the Nordic BTLE plugin, to avoid collisions with the built-in dissection code.