nrf sniffer 3.0 doesn't show in list of external capture modules. Why?

asked 2020-04-03 23:36:16 +0000

mikew67
1 ●1 ●2 ●1

Kind folks, This seems to be a recurring question. I suspect the Wireshark/nrf-Sniffer setup is delicate enough that minor changes/upgrades in any of the components causes a problem.

(Following Nordic's installation instructions) Currently I get all the way through the Nordic dev kit firmware loading, Wireshark installation, nrf Sniffer plugin installation and even the command line test of the nrf Sniffer plugin components (as Nordic's instructions direct), but Wireshark refuses to recognize and list the plugin among its available interfaces.

Here's my configuration:

MacBook Pro 10,1, running macOS 10.15.4 JLink V664 Python3, v3.8.2 pip3 v20.0.2 pyserial 3.4 Wireshark 3.2.2 nrf_sniffer_for_le_3.0.0_l29d2b3.ziip Installation directory for nrf Sniffer files: /Applications/Wireshark.app/Contents/MacOS/extcap/

Does anyone have any advice on how to fix this (or even to start the diagnostic process)?

TIA,

Mike

PS: I'm a bit desperate to be able to be able to sniff Bluetooth LE packets. Trying to help an international team working on iPhone and Android apps for Contact Tracing for fighting COVID-19!

edit retag flag offensive close merge delete

Comments

So if you open Wireshark > About Wireshark and go to the "Plugins" tab, there's no "extcap" entry for the Nordic's plugin?

Step 3 of the instructions for installing the Wireshark plugin are to "Make sure that the nRF Sniffer files can be run correctly:". Did you do that? Did nrf_sniffer_ble.sh --extcap-interfaces produce output similar to what they describe?

Guy Harris ( 2020-04-04 02:49:31 +0000 )edit

Yes, indeed. Tried two Macs with different macOS versions: Catalina and earlier, tried both global and personal extcap folders, tried nrf Sniffer 3 and 2, all to no avail.

mikew67 ( 2020-04-04 03:45:27 +0000 )edit

So by "Yes, indeed", the test worked, but Wireshark didn't see it?

If so, what's the exact output when you ran the test program?

(And you didn't try to run nrf_sniffer_ble.sh by doing sh nrf_sniffer_ble.sh, right - you ran it with nrf_sniffer_ble.sh as the command name?)

Guy Harris ( 2020-04-04 04:47:45 +0000 )edit

Guy,

Here's the log. Note that the Nordic instructions are incomplete; you need to put "./" in front of the command.

   mike@Mikes-MacBook-Pro-10-1 extcap % nrf_sniffer_ble.sh --extcap-interfaces
zsh: command not found: nrf_sniffer_ble.sh
mike@Mikes-MacBook-Pro-10-1 extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are ...

(more)

mikew67 ( 2020-04-04 04:58:27 +0000 )edit

add a comment

3 Answers

Sort by » oldest newest most voted

answered 2021-03-23 14:52:08 +0000

roman.lapii
1 ●1

updated 2021-03-24 11:02:41 +0000

I'm running on MasOS Big Sur 11.2.3, WireShark 3.4.4, and had a similar issue. I've tried all advice mentioned above but nothing helped me. This is what I understood. If you don't have installed Xcode - you won't have such troubles, simply install python 3 using brew, then install pip3 and install pyserial using pip3 and that's it. But If you have installed Xcode on the machine - the WireShark will use python3 from the Xcode's framework and this will cause such problems, and neither reinstalling python3 nor specifying the correct PATH in the profile (bash_profile, zprofile, etc) won't help you to resolve the problem. What helped me:

Using the terminal go to the Python's folder within Xcode Framework - in my case: /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/Resources/Python.app/Contents
execute the following commands using Python from Xcode Framework:

MacOs/Python -m ensurepip --default-pip - this will install pip if it is needed.

sudo -H MacOs/Python -m pip install pyserial - this will install pyserial for Python from Xcode Framework.

Then if you have performed everything from nordic tutorial right - you'll see the nRF Sniffer for Bluetooth LE in the WireShark's Interfaces list.

edit flag offensive delete link

Comments

Thank you so much for posting this, that was exactly my issue. I sometimes do Python development so I have pyenv installed, which changed my global Python, preventing pyserial from being recognized by Wireshark.

clgnyc666 ( 2021-03-25 01:22:40 +0000 )edit

Thank you ! This fixed it for me too !

mininao ( 2021-08-19 16:11:31 +0000 )edit

Thanks! This fixed my issues getting a different extcap plugin that also depends on pyserial to work (for Sniffle, my Bluetooth LE sniffer).

sultanqasim ( 2022-08-19 01:25:13 +0000 )edit

add a comment

answered 2020-04-04 20:14:55 +0000

Jaap

13742 ●711 ●115

You have to hook up an interface before it's shown in the capture interfaces list. In View | Interface Toolsbars the tool is shown.

edit flag offensive delete link

Comments

I.e., the output from the script doesn't have any "interface" lines listing any interfaces on which to capture; it just has an entry for the extcap itself (the "extcap" line), lines for the controls it offers (the "control" lines), and a line giving values for the selector ("choose one of these options") control 0 (the "value" line).

This means that the software didn't find any device running the nRF Sniffer software; see the "Running nRF Sniffer" page.

Guy Harris ( 2020-04-04 21:42:45 +0000 )edit

Many thanks. This gives me a usable diagnostic. Will chase this down with the collection of Nordic Dev Kits I have.

mikew67 ( 2020-04-04 22:02:53 +0000 )edit

Guy, Double-checked firmware loaded in PCA10000 and PCA10040 Nordic boards. Here's the log of the command line script from the first. I presume the interface line right after the extcap line is what you're looking for. In spite of that, Wireshark still doesn't recognize this capture plugin on the Mac configuration running Catalina listed above. However, Wireshark does recognize the plugin on an older Mac running Mojave. So it looks like the problem is Catalina compatibility.

mike@Mikes-MacBook-Pro-10-1 extcap % ls -al /dev/cu.*
crw-rw-rw-  1 root  wheel   18,   1 Mar 31 12:55 /dev/cu.Bluetooth-Incoming-Port
crw-rw-rw-  1 root  wheel   18,   3 Apr  4 15:31 /dev/cu.usbmodem0004801043181
mike@Mikes-MacBook-Pro-10-1 extcap % ./nrf_sniffer_ble.sh --extcap-interfaces
extcap {version=3.0.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbmodem0004801043181}{display=nRF Sniffer for Bluetooth LE}
control {number ...

(more)

mikew67 ( 2020-04-04 22:50:51 +0000 )edit

Here's the log of the command line script from the first.

So that output, complete with the "interface" line, is from running the script on the Catalina machine?

As an experiment, I wrote a tiny script called toy-sniffer.sh that just catted out that exact text no matter what arguments it was run with, and installed it in ~/.config/wireshark/extcap; when I launched a somewhat recent master branch build of Wireshark, it reported an "nRF Sniffer for Bluetooth LE" extcap interface, named "/dev/cu.usbmodem0004801043181".

And that was on Catalina (10.15.4).

So either 1) there's a bug in the extcap code in your version of Wireshark that's not in the master branch version, 2) there's something else weird, but not Catalina-specific, here, or 3) there's something about the environment in which the script is run that keeps it from finding the Nordic ...(more)

Guy Harris ( 2020-04-05 01:50:48 +0000 )edit

Yes, the output is from a Catalina machine. And confirming proper access on that machine through the identified serial port, nRF Connect works just fine to program the PCA10040, etc., with hex files and debugging from SES (the Segger IDE) works just fine. So as you surmised, the problem doesn't appear to be the serial connection. Responding to your analysis: 1) The Wireshark app used is a fresh download "latest stable", 3.2.2, macOS Intel 64-bit.dmg. I can try newer(beta?) and older releases. (BTW, I did try nRF Sniffer 2, the next to last Nordic plugin, with no change.) 2) Yes, gremlins could be hiding in random places. 3) Quite plausible! Catalina has changed lots of file security processes and hides lots of things to "make the system easier to use". For example, the home disk is now divided into at least two "disks" and the ...(more)

mikew67 ( 2020-04-05 21:29:12 +0000 )edit

see more comments

answered 2020-04-05 22:32:06 +0000

mikew67
1 ●1 ●2 ●1

Guy, et al,

Folks at Nordic figured out the problem. Catalina comes with Python3 preinstalled. When I installed a fresh copy, I now had a duplicate. All my further installation of Wireshark and nRF Sniffer used my copy. The the Wireshark app ran, it used the system copy, which didn't have pyserial! See the Nordic thread here (sorry for the long URL):

https://devzone.nordicsemi.com/f/nord...

Surprised the standard Python installer didn't warn me.

Thanks for all the help,

Mike

edit flag offensive delete link

Comments

NOTE: that works only if you have Xcode installed; apparently, /usr/bin/python3 is a small program that tries to find Xcode and run the python3 in Xcode (/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python).

I tried it on a machine running 10.15.4 and without Xcode, and it complained about not being able to find scrub.

Earlier releases didn't offer Python 3 at all, so, if Nordic's nRF Sniffer depends on Python 3, 1) it won't work on pre-Catalina systems if you don't install Python 3 but 2) if you do install Python 3, you don't have a collision between the OS's Python 3 and an installed Python 3.

So:

pre-Catalina: you must install Python 3 - and , but that's enough;
Catalina, without Xcode: you must install Python 3 - and pyserial ...

(more)

Guy Harris ( 2020-04-06 07:32:52 +0000 )edit

Guy Harris noted in an email:

NOTE: that works only if you have Xcode installed; apparently, /usr/bin/python3 is a small program that tries to find Xcode and run the python3 in Xcode (/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python).
I tried it on a machine running 10.15.4 and without Xcode, and it complained about not being able to find scrub.
Earlier releases didn't offer Python 3 at all, so, if Nordic's nRF Sniffer depends on Python 3, 1) it won't work on pre-Catalina systems if you don't install Python 3 but 2) if you do install Python 3, you don't have a collision between the OS's Python 3 and an installed Python 3.
So:
pre-Catalina: you must install Python 3 - and , but that's enough; Catalina, without Xcode: you ...

(more)

mikew67 ( 2020-04-06 18:36:14 +0000 )edit

(AskBot noted that in an email, telling you about the comment I added.)

Guy Harris ( 2020-04-06 21:05:27 +0000 )edit

add a comment