Ask Your Question
0

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

asked 2024-07-04 08:56:56 +0000

mboszko gravatar image

updated 2024-07-04 08:58:49 +0000

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15... …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

  • Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
  • macOS Sonoma 14.5
  • Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
  • Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
  • nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
  • Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko ...
(more)
edit retag flag offensive close merge delete

Comments

(No Mac here. Windows output below)
Does the plugin appear in Wireshark Help:
Help -> About Wireshark:Plugins. Search for nrf or filter for extcap.

nrf_sniffer_ble.bat     4.1.1       extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\nrf_sniffer_ble.bat

Did you make the change/fix to the sniffer script mentioned in the Adafruit article/forum post?

Chuckc gravatar imageChuckc ( 2024-07-04 13:20:29 +0000 )edit

Thank you! I somehow missed that Mac-specific instruction. I changed the Python script in the plugin, and I seem to get the same exact output (I threw the output into a diff viewer, and they were exactly the same), and it still does not how up in Wireshark. Looking in Wireshark > About Wireshark > Plugins, a seach for nrf gives no result, and if I filter by extcap, it does not appear there :(

mboszko gravatar imagemboszko ( 2024-07-04 18:13:56 +0000 )edit

If you don't mind a small detour, there is an example extcap script.
WSDG: 8.2. Adding Capture Interfaces And Log Sources Using Extcap

Script available in the Wireshark source tree or from the Gitlab repository:
https://gitlab.com/wireshark/wireshar...

Getting it working would prove that Python is available and that the scripts are in the correct directory.

extcap_example.bat      1.0     extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\extcap_example.bat
Chuckc gravatar imageChuckc ( 2024-07-04 18:52:54 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2024-07-05 01:19:57 +0000

Chuckc gravatar image

This might help:
16071: extcap on macOS cannot use /usr/bin/env

edit flag offensive delete link more

Comments

Okay!! That's the ticket. I modified nrf_sniffer_ble.sh, which had a very complicated way of determining which python to use, and replaced it with:

#!/bin/zsh --login
exec python3 $(dirname "$0")/nrf_sniffer_ble.py "$@"

And once I did that, and refreshed the interfaces, it loaded right away. I guess it must have been using the wrong Python, or gotten confused by shims that pyenv uses to delineate the global python version for the Mac?

Thank you, Chuckc!! Would you prefer to add that as an answer so I can mark it as correct? (Not sure if we follow the usual Stack Overflow-type protocols for that?) Cheers!

mboszko gravatar imagemboszko ( 2024-07-05 22:31:16 +0000 )edit

Hi all, in a similar vein, for the life of me I can't get my nRF52840 to appear in wireshark on either my mac (Sonoma 14.5, wireshark 4.0.7) or on Linux (Ubuntu lts, wireshark 4.2.6) either. The device appears in the system profile and usb devices, and after adjusting the shell script to find the correct version of python/path to the script so Wireshark runs without complaining about anything.

However, the extcap device just doesn't appear in the list. I've tried adding the test extcap devices and they do appear correctly. I've also tried running as a superuser (while also copying the extcap scripts over to said su account) to no avail.

Looking in my logs I see:

10-Aug-2024 23:45:27 (-0700) INFO: --------------------------------------------------------
10-Aug-2024 23:45:27 (-0700) INFO: Software version: 4.1.1
10-Aug-2024 23:45:27 (-0700 ...
(more)
gjbieoaj gravatar imagegjbieoaj ( 2024-08-11 15:38:27 +0000 )edit

In the original question at top, they ran: ./nrf_sniffer_ble.sh --extcap-interfaces
(Step 3 here: Installing the nRF Sniffer capture tool)
What output do you get when running the plugin script manually?

Chuckc gravatar imageChuckc ( 2024-08-11 17:00:20 +0000 )edit

I see a similar output with no errors which is why it’s so confusing, the script seems to run properly. Out of curiosity what do you see in your /tmp/logs/logs.txt when starting wireshark?

Is it also opening and closing the TTY?

gjbieoaj gravatar imagegjbieoaj ( 2024-08-11 17:17:50 +0000 )edit

My nrf setup is on Windows so no access to that log.

Chuckc gravatar imageChuckc ( 2024-08-11 17:28:31 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-07-04 08:56:56 +0000

Seen: 475 times

Last updated: Aug 11

Related questions

Problems decoding BLE capture from another Wireshark program

Wireless controls are not supported in this version of wireshark

How to switch Mac OS NIC to monitor mode during use internet

How to fix "The capture session could not be initiated on interface" (You don't have permission to capture on that device)

Forcing Mac OS X to reconnect in monitor mode

Why is wireshark 2.6.1 forcing a specific keyboard layout on macOS when started with sudo? [closed]

Capture file appears to be damaged or corrupt

Is there a way to differentiate between aptx and aptx hd codec

How is interface "XHC20" created on macOS?

What is a good solution to capture Bluetooth traffic?