Ask Your Question
0

google address appears from Wireshark manufacturer database

asked 2020-05-11 09:43:58 +0000

gschelotto gravatar image

I've launched wireshark + nRF52 Dongle successfully and I'm also able to select my device (named EWAT AI-No) from the list to sniff. However there's something I don't understand. If I've selected my custom device why I ever see a Google device (20:DF:B9:08:8F:63) in my vicinity?

Shouldn't I just see only this device with its address CE:4A:33:01:8D:B6?

Here's a previous post in the Nordic Forum with further information

https://devzone.nordicsemi.com/f/nord...

regards, gaston

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-05-11 10:46:47 +0000

grahamb gravatar image

The selection of the device in the toolbar is the interface to capture from, not a capture filter to limit the traffic captured.

You're using your device to capture traffic, so it will pick up transmissions from other devices. Amongst other information obtained from the capture is the MAC address of the source of the transmission and Wireshark will, if enabled, helpfully translate the manufacturer specific octets to the name.

Capturing and not receiving packets from other devices wouldn't be a very rewarding exercise.

edit flag offensive delete link more

Comments

Sorry but I don't get it. What's the difference then by selecting "All advertising devices" or "myCustomDevice"? In the first case I can see a lot of capture traffic (myCustomDevice, devices from Manufacturer Database and many more devices). For the second selection I see myCustomDevice and devices from Manufacturer Database. In summary, for any of the two options I can see devices from the Manufacturer Database list. Is there something I am not considering? Sorry again but I'm a Wireshark beginner :-)

gaston

gschelotto gravatar imagegschelotto ( 2020-05-11 19:13:48 +0000 )edit

Not really a Wireshark issue, it's the mode of operation of the Nordic sniffer. See the manual for it here and specifically Chapter 3 Using the Sniffer:



The Sniffer has two modes of operation:

  1. Listens on all advertising channels to pick up as many packets as possible from as many devices as possible. This is the default mode.
  2. Follows one particular device and tries to catch all packets sent to or from this particular device. This mode will catch all: • Advertisements and Scan Responses sent from the device • Scan Requests and Connect Requests sent to the device • Packets in the Connection sent between the two devices in the Connection
grahamb gravatar imagegrahamb ( 2020-05-12 08:19:03 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-05-11 09:43:58 +0000

Seen: 332 times

Last updated: May 11 '20

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2