Problems decoding BLE capture from another Wireshark program

asked 2017-11-27 02:54:48 +0000

updated 2017-12-02 16:00:59 +0000

Stig


I captured a BLE conversation on a PC running Wireshark 1.10. I work on another machine so I copied the capture file to a Mac and opened the file with Wireshark 2.42.

For some reason, the packets are not being decodes but only presented as raw frames.

Am I missing something or is this expected?

Does Wireshark 1.10 decode them correctly as Bluetooth Low Energy?

Guy Harris ( 2017-11-27 10:26:35 +0000 )

Awesome! Thank you!

This was just what was needed.

Now onto the trace analysis!

cswanson ( 2017-11-28 12:42:30 +0000 )

answered 2017-11-27 20:51:23 +0000

Stig

updated 2017-11-27 20:54:43 +0000

Is this captured using the Nordic BLE Sniffer?

If so then you need to go to Preferences -> Protocols -> DLT_USER -> DLT Table and add a new entry for DLT User 10 (DLT=157) with Payload protocol nordic_ble.

The newly released nRF Sniffer 2.0.0-1.beta is updated with improved support for macOS, Linux and Windows, and is designed to work with Wireshark 2.4 and later. This version works without manual configuration.

Stig ( 2017-12-06 08:05:41 +0000 )

