Ask Your Question

Real-time monitoring BLE advertisements using tshark

asked 2022-05-27 00:58:23 +0000

damian gravatar image

I have a peripheral sensor transmitting data embedded in BLE advertisements and I'd like to plot the sensor data in real time. My idea is to use a Bluefruit LE Sniffer and a combination of tshark and python to plot the advertisement data.

I'm having problems getting the advertisement data from tshark in real-time, which I'm guessing is something to do with buffering (based on the Stack Overflow question Python subprocess does not return real time tshark output and the associated Wireshark question How to pipe tshark output in realtime?)

The only tshark option I am using is -i. I don't think -l is doing anything (but that looks like it is specifically for Wi-Fi). (python code).

Thank you.

Is this something I can do to get around this problem or should I be using a different approach without tshark?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2022-05-28 22:12:59 +0000

André gravatar image

updated 2022-05-28 22:13:36 +0000

In your Python script remove "shell=True," on line 8. Then it should work.

There is no need to have a shell process interpret the tsharkCall array as it is already split up (and not a string). And this way it cannot interfere with the pipeline buffering setup.

edit flag offensive delete link more


Hi Andre,

Thanks for getting back to me so quickly. I removed shell = True, but unfortunately that doesn't work. Both python script and tshark (run from cmd line) are only returning 'bursts' of ~ 5 advertisements in an interval of about one second. I guess I want to stop the buffering occuring within tshark?

Probably related: I can pull dongle out of the USB port while running tshark and, strangely, new advertisements continue to be displayed on the console.


damian gravatar imagedamian ( 2022-05-31 15:28:59 +0000 )edit

In my case your Python script works when capturing from Ethernet NIC, and fails when shell=True is present. What happens if you try another NIC? If that works than the problem is with the Bluefruit LE Sniffer.

I guess I want to stop the buffering occurring within tshark?

That's where the -l option is for.

Probably related: I can pull dongle out of the USB port while running tshark and, strangely, new advertisements continue to be displayed on the console.

In that case the buffering occurs in the sniffer/driver. The -l option controls the output of tshark, not the input.

André gravatar imageAndré ( 2022-05-31 20:42:08 +0000 )edit

I think you are right that is something to do with the sniffer because when I use the Ethernet NIC, the output seems more like real-time (using either wireshark or tshark or tshark via the python script) compared with the sniffer.

Nevertheless, there are a few things I am confused about: When I use the sniffer to capture BLE packets over a given amount of time (e.g. 30 s), there are about 1/5 of the BLE packets in the .pcapng file generated using tshark -i -a duration:30 -l than when generate a file using Wireshark. Additionally, I can use the SnifferAPI python module provided Nordic Semiconductor (who make the nRF51822 chip in the sniffer) and I don't encounter the buffering issue - perhaps that indicates that it is caused by a driver issue rather than the hardware.

Thanks for all your help!

damian gravatar imagedamian ( 2022-06-10 00:55:49 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-05-27 00:58:23 +0000

Seen: 140 times

Last updated: May 28 '22