Revision history [back]

How to troubleshoot extcap when no error?

Attempting to enable BLE capture, I've downloaded and installed the latest nrf_sniffer (3.1.0) from Nordic Semiconductor and copied the nrf_sniffer_ble.py and SnifferAPI files to the extcap path (both system and user) and confirmed they work from the command-line, yet still the interface doesn't appear in Wireshark 3.4.4.

Here's the output from extcap:

extcap $ pwd
/Users/jaraco/.config/wireshark/extcap
extcap $ ./nrf_sniffer_ble.py --extcap-interfaces
extcap {version=3.1.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-0213648D}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}

So clearly, interfaces are recognized. Yet, when I restart Wireshark or refresh the interfaces, a relevant interface does not appear in Wireshark.

If I delete one of the provided extcap plugins and refresh, it disappears from the list, and if I restore the plugin and refresh, the interface once again appears. It's only the nrf sniffer ble that fails to appear.

I've made the file executable (ugo+x). I've tried renaming the file with and without and extension. I've tried troubleshooting by replacing the script with something that emits output to the file system, but the output never appears. It's as if anything but the standard plugins are never run. I've tried enabling the "console" to "ALWAYS" open, but I don't see any console.

What other options do I have to troubleshoot an extcap that's silently failing but working in the terminal?

How to troubleshoot extcap when no error?

Here's the output from extcap:

extcap $ pwd
/Users/jaraco/.config/wireshark/extcap
extcap $ ./nrf_sniffer_ble.py --extcap-interfaces
extcap {version=3.1.0}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-0213648D}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=string}{display=Passkey / OOB key}{tooltip=6 digit temporary key or 16 byte Out-of-band (OOB) key in hexadecimal starting with '0x', big endian format. If the entered key is shorter than 16 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,32}))$\b}
control {number=2}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the siffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=3}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=4}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=5}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}

So clearly, interfaces are recognized. Yet, when I restart Wireshark or refresh the interfaces, a relevant interface does not appear in Wireshark.

What other options do I have to troubleshoot an extcap that's silently failing but working in the terminal?

Edit: Folders config:

~ $ tshark -G folders
env: python3\r: No such file or directory
env: python3\r: No such file or directory
Temp:                   /var/folders/c6/v7hnmq453xb6p2dbz1gqc6rr0000gn/T/
Personal configuration: /Users/jaraco/.config/wireshark
Global configuration:   /Applications/Wireshark.app/Contents/Resources/share/wireshark
System:                 /etc
Program:                /Applications/Wireshark.app/Contents/MacOS
Personal Plugins:       /Users/jaraco/.local/lib/wireshark/plugins/3-4
Global Plugins:         /Applications/Wireshark.app/Contents/PlugIns/wireshark/3-4
Personal Lua Plugins:   /Users/jaraco/.local/lib/wireshark/plugins
Global Lua Plugins:     /Applications/Wireshark.app/Contents/PlugIns/wireshark
Extcap path:            /Applications/Wireshark.app/Contents/MacOS/extcap
MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP

I've tried putting the executable in both Extcap path and Personal Extcap path, the latter of which isn't listed by tshark for some reason, but it is listed in the Folders config in the UI. I would have added a screenshot in the original post, but I don't yet have the reputation for that.