nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15587/nrf-sniffer-30-doesnt-show-in-list-of-external-capture-modules-why/ …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

• Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
• macOS Sonoma 14.5
• Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
• Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
• nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
• Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.usbserial-143230-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

I didn't see any obvious errors in that output, so restarting Wireshark and looking at the available interfaces, I expected to see one labeled “nRF Sniffer for Bluetooth LE <port information="">” but no such interface shows up in the list.

Troubleshooting based on the previous question:

• I do not currently have Xcode installed, so that should not be a consideration
• The output of the command above should have a line starting with interface {...} between the extcap line and the first control line, but it doesn't, which likely means that it's not finding the hardware, which is troublesome, as I do see the COM port at /dev/tty.SLAB_USBtoUART.

So… I uninstalled and reinstalled the serial drivers and how I have TWO interface lines but it still doesn’t show up in Wireshark’s interface list. Any ideas?

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-1440-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15587/nrf-sniffer-30-doesnt-show-in-list-of-external-capture-modules-why/ …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

• Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
• macOS Sonoma 14.5
• Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
• Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
• nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
• Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.usbserial-143230-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

I didn't see any obvious errors in that output, so restarting Wireshark and looking at the available interfaces, I expected to see one labeled “nRF Sniffer for Bluetooth LE <port information="">” but no such interface shows up in the list.

Troubleshooting based on the previous question:

• I do not currently have Xcode installed, so that should not be a consideration
• The output of the command above should have a line starting with interface {...} between the extcap line and the first control line, but it doesn't, which likely means that it's not finding the hardware, which is troublesome, as I do see the COM port at /dev/tty.SLAB_USBtoUART.

So… I uninstalled and reinstalled the serial drivers and how now I have TWO interface lines but it still doesn’t show up in Wireshark’s interface list. Any ideas?

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-1440-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

I realize this is very close to the issues reported in this earlier question: https://ask.wireshark.org/question/15587/nrf-sniffer-30-doesnt-show-in-list-of-external-capture-modules-why/ …but since it's been 4 years, and several releases, I thought perhaps it was prudent to make this a new question. I did, however, use a lot of the information I found in that old question to help troubleshoot to the degree I have so far.

The components:

• Hardware: Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822 - Firmware Version 2
• macOS Sonoma 14.5
• Wireshark 4.0.15 (v.4.0.15-0-g10bc5ded73f3) "Old Stable Release" from the downloads page - I realize there is a new version, but I downgraded on suspicion that there was an incompatibility with the nRF Sniffer plugin
• Silicon Labs CP210x VCP Mac OSX Driver, v6.0.2, for the hardware driver
• nRF Sniffer for Bluetooth LE v 4.1.1, installed in /Applications/Wireshark.app/Contents/MacOS/extcap
• Python 3.11.6 with the requirements.txt installed (pyserial 3.5 and psutil 6.0.0)

So far:

Initially following the directions from Adafruit and the Nordic docs, I installed the driver, approved it in macOS Preferences, and rebooted. The sniffer hardware seems to be available when viewing it in a system report, as the “CP2102N USB to UART Bridge Controller”, which seems correct, based on the driver. And it does seem to show up as /dev/tty.SLAB_USBtoUART for the port. I can confirm its existence or not, if I check for ls /dev/tty* | grep SLAB with or without the USB hardware attached.

I initially installed the latest stable Wireshark (4.2.5), but having no success, and seeing an error in the output about a syntax error with a \s token, I downgraded to the previous stable version (4.0.15), since I saw that the release notes for the nRF Sniffer plug-in showed a fix for compatibility with Wireshark 4.0.0, and I didn't want to stray too far off into untested incompatibility.

I installed the nRF Sniffer files in the extcap folder as instructed, and installed the dependencies from the requirements.txt file. I manually ran the command ./nrf_sniffer_ble.sh --extcap-interfaces and got this output:

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.usbserial-143230-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

I didn't see any obvious errors in that output, so restarting Wireshark and looking at the available interfaces, I expected to see one labeled “nRF Sniffer for Bluetooth LE <port information="">” but no such interface shows up in the list.

Troubleshooting based on the previous question:

• I do not currently have Xcode installed, so that should not be a consideration
• The output of the command above should have a line starting with interface {...} between the extcap line and the first control line, but it doesn't, which likely means that it's not finding the hardware, which is troublesome, as I do see the COM port at /dev/tty.SLAB_USBtoUART.

So… I uninstalled and reinstalled the serial drivers and now I have TWO interface lines but it still doesn’t show up in Wireshark’s interface list. Any ideas?

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-1440-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

nRF Sniffer 4.1.1 extcap not showing in interfaces list on macOS Sonoma 14.5

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.usbserial-143230-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}

Running script with: </Users/mboszko/.pyenv/shims/python3> with PATH: </Users/mboszko/Omni Checkouts/mark/dripbot:/Users/mboszko/.rvm/gems/ruby-2.4.1/bin:/Users/mboszko/.rvm/gems/ruby-2.4.1@global/bin:/Users/mboszko/.rvm/rubies/ruby-2.4.1/bin:/Users/mboszko/bin:/Library/Developer/CommandLineTools/Tools:/Users/mboszko/.pyenv/shims:/users/mboszko/Applications:/Users/mboszko/.oh-my-zsh/custom/plugins/git-open:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/GPAC.app/Contents/MacOS/:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Applications/iTerm.app/Contents/Resources/utilities:/opt/local/bin:/opt/local/sbin:/Users/mboszko/.rvm/bin>
extcap {version=4.1.1}{display=nRF Sniffer for Bluetooth LE}{help=https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer-for-Bluetooth-LE}
interface {value=/dev/cu.usbserial-1440-None}{display=nRF Sniffer for Bluetooth LE}
interface {value=/dev/cu.SLAB_USBtoUART-None}{display=nRF Sniffer for Bluetooth LE}
control {number=0}{type=selector}{display=Device}{tooltip=Device list}
control {number=1}{type=selector}{display=Key}{tooltip=}
control {number=2}{type=string}{display=Value}{tooltip=6 digit passkey or 16 or 32 bytes encryption key in hexadecimal starting with '0x', big endian format.If the entered key is shorter than 16 or 32 bytes, it will be zero-padded in front'}{validation=\b^(([0-9]{6})|(0x[0-9a-fA-F]{1,64})|([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) (public|random))$\b}
control {number=3}{type=string}{display=Adv Hop}{default=37,38,39}{tooltip=Advertising channel hop sequence. Change the order in which the sniffer switches advertising channels. Valid channels are 37, 38 and 39 separated by comma.}{validation=^\s*((37|38|39)\s*,\s*){0,2}(37|38|39){1}\s*$}{required=true}
control {number=7}{type=button}{display=Clear}{tooltop=Clear or remove device from Device list}
control {number=4}{type=button}{role=help}{display=Help}{tooltip=Access user guide (launches browser)}
control {number=5}{type=button}{role=restore}{display=Defaults}{tooltip=Resets the user interface and clears the log file}
control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Log per interface}
value {control=0}{value= }{display=All advertising devices}{default=true}
value {control=0}{value=[00,00,00,00,00,00,0]}{display=Follow IRK}
value {control=1}{value=0}{display=Legacy Passkey}{default=true}
value {control=1}{value=1}{display=Legacy OOB data}
value {control=1}{value=2}{display=Legacy LTK}
value {control=1}{value=3}{display=SC LTK}
value {control=1}{value=4}{display=SC Private Key}
value {control=1}{value=5}{display=IRK}
value {control=1}{value=6}{display=Add LE address}
value {control=1}{value=7}{display=Follow LE address}