Ask Your Question
0

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

asked 2024-07-04 08:56:56 +0000

mboszko gravatar image

updated 2024-07-04 08:58:49 +0000

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15... …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

  • Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
  • macOS Sonoma 14.5
  • Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
  • Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
  • nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
  • Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko ...
(more)
edit retag flag offensive close merge delete

Comments

(No Mac here. Windows output below)
Does the plugin appear in Wireshark Help:
Help -> About Wireshark:Plugins. Search for nrf or filter for extcap.

nrf_sniffer_ble.bat     4.1.1       extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\nrf_sniffer_ble.bat

Did you make the change/fix to the sniffer script mentioned in the Adafruit article/forum post?

Chuckc gravatar imageChuckc ( 2024-07-04 13:20:29 +0000 )edit

Thank you! I somehow missed that Mac-specific instruction. I changed the Python script in the plugin, and I seem to get the same exact output (I threw the output into a diff viewer, and they were exactly the same), and it still does not how up in Wireshark. Looking in Wireshark > About Wireshark > Plugins, a seach for nrf gives no result, and if I filter by extcap, it does not appear there :(

mboszko gravatar imagemboszko ( 2024-07-04 18:13:56 +0000 )edit

If you don't mind a small detour, there is an example extcap script.
WSDG: 8.2. Adding Capture Interfaces And Log Sources Using Extcap

Script available in the Wireshark source tree or from the Gitlab repository:
https://gitlab.com/wireshark/wireshar...

Getting it working would prove that Python is available and that the scripts are in the correct directory.

extcap_example.bat      1.0     extcap      C:\Users\wireshark\AppData\Roaming\Wireshark\extcap\extcap_example.bat
Chuckc gravatar imageChuckc ( 2024-07-04 18:52:54 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2024-07-05 01:19:57 +0000

Chuckc gravatar image
edit flag offensive delete link more

Comments

Okay!! That's the ticket. I modified nrf_sniffer_ble.sh, which had a very complicated way of determining which python to use, and replaced it with:

#!/bin/zsh --login
exec python3 $(dirname "$0")/nrf_sniffer_ble.py "$@"

And once I did that, and refreshed the interfaces, it loaded right away. I guess it must have been using the wrong Python, or gotten confused by shims that pyenv uses to delineate the global python version for the Mac?

Thank you, Chuckc!! Would you prefer to add that as an answer so I can mark it as correct? (Not sure if we follow the usual Stack Overflow-type protocols for that?) Cheers!

mboszko gravatar imagemboszko ( 2024-07-05 22:31:16 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-07-04 08:56:56 +0000

Seen: 81 times

Last updated: Jul 04