Ask Your Question
0

Nordic BLE Sniffer Logs Stuck

asked 2023-11-17 17:14:16 +0000

Anviori gravatar image

updated 2023-11-17 17:16:15 +0000

Hello,

So I'm using the Nordic BLE sniffer with the included plugin to capture logs for a specific device. After sometime (sometimes a few minutes, sometimes a few hours) the logs suddenly stop coming in, even though the device is communicating over the air. The only way to start again is to restart the application.

Sometimes it ends with Anonymous as the source. See image: https://ibb.co/tKM0K7C.

I don't suspect it's the sniffer that's malfunctioning since resetting it doesn't fix the problem but restarting the Wireshark application does.

Any insight is appreciated

Another question: Does the Wireshark have a limit to the number of logs it captures/displays?

Thank you

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-11-18 19:54:12 +0000

Guy Harris gravatar image

So I'm using the Nordic BLE sniffer with the included plugin to capture logs for a specific device. After sometime (sometimes a few minutes, sometimes a few hours) the logs suddenly stop coming in, even though the device is communicating over the air. The only way to start again is to restart the application.

...

I don't suspect it's the sniffer that's malfunctioning since resetting it doesn't fix the problem but restarting the Wireshark application does.

If it's not the sniffer, it's a Wireshark bug (even if there's some non-Wireshark-bug underlying problem, the fact that Wireshark just stops showing packets, rather than reporting the underlying problem, is a bug), so please report this as an issue on the Wireshark issues list.

Does the Wireshark have a limit to the number of logs it captures/displays?

Presumably you mean "packets" (a "log" is generally thought of as a capture file with multiple packets). There is a limit imposed by the widget that displays the packet list; Wireshark 3.2 and later impose a limit of 53 million packets to avoid the crash caused by exceeding that limit - instead, Wireshark stops reading the file and pops up a dialog box saying that too many packets are in the file so all additional packet will be discarded.

edit flag offensive delete link more

Comments

Turns out I had a defective sniffer. I have replaced it and seems to be functioning without issue now.

Anviori gravatar imageAnviori ( 2023-11-21 06:37:03 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-11-17 17:14:16 +0000

Seen: 195 times

Last updated: Nov 18 '23