Ask Your Question
0

Can I use tshark with Nordic BLE Sniffer plugin to capture from command line?

asked 2018-02-27 07:59:29 +0000

nik gravatar image

updated 2018-02-27 08:04:54 +0000

I have a functional Wireshark 2.4.4 windows 10 installation that can capture BLE communications of a selected device.

Is it possible to use the same plugin (with some command line arguments to select the BLE device) and capture from the command line (tshark)?

A basic command would look like this, 

tshark -i <interface> -f "(not btle.length == 0)"

Now, I expected that to work for advertisement packets -- but it returns soon with zero packets captured.

If that can be made to work I am trying to figure out how I can specify a BLE device to capture its communications once paired.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-02-27 18:21:18 +0000

Guy Harris gravatar image 
tshark -i <interface> -f "(not btle.length == 0)"

Now, I expected that to work for advertisement packets -- but it returns soon with zero packets captured.

not btle.length == 0 is not a valid capture filter, and the -f argument to TShark specifies a capture filter, not a Wireshark filter (display/color/etc. filter). Try doing

 tshark -i <interface> -R "(not btle.length == 0)"

instead.

By the way, you do not need a plugin to dissect the packets and, in fact, at least on Windows, Wireshark explicitly ignores the Nordic BTLE plugin, to avoid collisions with the built-in dissection code.

edit flag offensive delete link more

Comments

Good point on -f I was distracted there. The dissect-without-plugin part was not known to me. I'll recheck and get back. Thanks. (Can't even upvote yet on Wireshark stack -- just out of the egg here).

nik gravatar imagenik ( 2018-02-28 05:23:31 +0000 )edit

You can "accept" the answer though, by clicking on the checkmark icon next to it.

grahamb gravatar imagegrahamb ( 2018-02-28 10:25:44 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-02-27 07:59:29 +0000

Seen: 685 times

Last updated: Feb 27 '18

Related questions

where do I find a version of Wireshark that works with the Nordic BLE sniffer plugin

How do i use multiple pipes for live capturing?

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Problems decoding BLE capture from another Wireshark program

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?