Ask Your Question
0

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

asked 2024-07-04 08:56:56 +0000

mboszko gravatar image

updated 2024-07-04 08:58:49 +0000

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15... …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

  • Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
  • macOS Sonoma 14.5
  • Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
  • Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
  • nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
  • Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko ...
(more)
edit retag flag offensive close merge delete

Comments

(No Mac here. Windows output below)
Does the plugin appear in Wireshark Help:
Help -> About Wireshark:Plugins. Search for nrf or filter for extcap.

nrf_sniffer_ble.bat     4.1.1       extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\nrf_sniffer_ble.bat

Did you make the change/fix to the sniffer script mentioned in the Adafruit article/forum post?

Chuckc gravatar imageChuckc ( 2024-07-04 13:20:29 +0000 )edit

Thank you! I somehow missed that Mac-specific instruction. I changed the Python script in the plugin, and I seem to get the same exact output (I threw the output into a diff viewer, and they were exactly the same), and it still does not how up in Wireshark. Looking in Wireshark > About Wireshark > Plugins, a seach for nrf gives no result, and if I filter by extcap, it does not appear there :(

mboszko gravatar imagemboszko ( 2024-07-04 18:13:56 +0000 )edit

If you don't mind a small detour, there is an example extcap script.
WSDG: 8.2. Adding Capture Interfaces And Log Sources Using Extcap

Script available in the Wireshark source tree or from the Gitlab repository:
https://gitlab.com/wireshark/wireshar...

Getting it working would prove that Python is available and that the scripts are in the correct directory.

extcap_example.bat      1.0     extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\extcap_example.bat
Chuckc gravatar imageChuckc ( 2024-07-04 18:52:54 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2024-07-05 01:19:57 +0000

Chuckc gravatar image
edit flag offensive delete link more

Comments

Okay!! That's the ticket. I modified nrf_sniffer_ble.sh, which had a very complicated way of determining which python to use, and replaced it with:

#!/bin/zsh --login
exec python3 $(dirname "$0")/nrf_sniffer_ble.py "$@"

And once I did that, and refreshed the interfaces, it loaded right away. I guess it must have been using the wrong Python, or gotten confused by shims that pyenv uses to delineate the global python version for the Mac?

Thank you, Chuckc!! Would you prefer to add that as an answer so I can mark it as correct? (Not sure if we follow the usual Stack Overflow-type protocols for that?) Cheers!

mboszko gravatar imagemboszko ( 2024-07-05 22:31:16 +0000 )edit

Hi all, in a similar vein, for the life of me I can't get my nRF52840 to appear in wireshark on either my mac (Sonoma 14.5, wireshark 4.0.7) or on Linux (Ubuntu lts, wireshark 4.2.6) either. The device appears in the system profile and usb devices, and after adjusting the shell script to find the correct version of python/path to the script so Wireshark runs without complaining about anything.

However, the extcap device just doesn't appear in the list. I've tried adding the test extcap devices and they do appear correctly. I've also tried running as a superuser (while also copying the extcap scripts over to said su account) to no avail.

Looking in my logs I see:

10-Aug-2024 23:45:27 (-0700) INFO: --------------------------------------------------------
10-Aug-2024 23:45:27 (-0700) INFO: Software version: 4.1.1
10-Aug-2024 23:45:27 (-0700 ...
(more)
gjbieoaj gravatar imagegjbieoaj ( 2024-08-11 15:38:27 +0000 )edit

In the original question at top, they ran: ./nrf_sniffer_ble.sh --extcap-interfaces
(Step 3 here: Installing the nRF Sniffer capture tool)
What output do you get when running the plugin script manually?

Chuckc gravatar imageChuckc ( 2024-08-11 17:00:20 +0000 )edit

I see a similar output with no errors which is why it’s so confusing, the script seems to run properly. Out of curiosity what do you see in your /tmp/logs/logs.txt when starting wireshark?

Is it also opening and closing the TTY?

gjbieoaj gravatar imagegjbieoaj ( 2024-08-11 17:17:50 +0000 )edit

My nrf setup is on Windows so no access to that log.

Chuckc gravatar imageChuckc ( 2024-08-11 17:28:31 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-07-04 08:56:56 +0000

Seen: 553 times

Last updated: Aug 11