 | 1 | initial version |
tshark -i <interface> -f "(not btle.length == 0)"Now, I expected that to work for advertisement packets -- but it returns soon with zero packets captured.
not btle.length == 0 is not a valid capture filter, and the -f argument to TShark specifies a capture filter, not a Wireshark filter (display/color/etc. filter). Try doing
tshark -i <interface> -R "(not btle.length == 0)"
instead.
By the way, you do not need a plugin to dissect the packets and, in fact, at least on Windows, Wireshark explicitly ignores the Nordic BTLE plugin, to avoid collisions with the built-in dissection code.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.