This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problems with BLE captures using Nordic nRF51822 after saving and opening

0

When the Nordic sniffer sends the capture to Wireshark, it adds a very useful extra "header" (Nordic BLE sniffer meta) that includes the direction of the packet, freq channel, etc. Wireshark has no problem parsing this header and everything looks good.

If one saves the capture and then opens it again, the capture gets all messed up because Wireshark does not parse the "Nodic BLE sniffer meta" header and starts analyzing the packet as if the "Nordic meta" header was the beginning of the BLE packet. Is there any way to fix this or force Wireshark to digest the "Nordic meta" header?

Thanks!

asked 06 Nov '15, 08:32

softhandover's gravatar image

softhandover
6112
accept rate: 0%


One Answer:

0

The issue is likely to be with the Nordic BLE Sniffer plugin produced by Nordic, you'll have to ask them for support.

Note that as I can't locate the sources for the plugins on the Nordic site, they *might* be committing a GPL violation by distributing the plugins without a) the GPL licence, b) making an offer to make the sources available. The licence in the plugin [download](https://www.nordicsemi.com/eng/nordic/download_resource/31920/14/87700316) doesn't appear to be GPL compliant, nor mention GPL components.

Update

I've now found the source and the GPL for the plugins in the download, in the sub-zip SnifferAPI.zip.

Apologies to Nordic, they are distributing the sources, under the GPL, but you still need to get support for the plugins from them.

answered 06 Nov '15, 09:09

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 06 Nov '15, 09:22

Thanks a lot for the reply! Adafruit also provides the code for the Nordic BLE dissector: https://github.com/adafruit/Adafruit_BLESniffer_Python/blob/master/wireshark_dissector_source/packet-nordic_ble.c

It is also included in the SnifferAPI.zip file (packet-btle.c and packet-nordic_ble.c). I will try compiling them into Wireshark. In C:\Program Files\Wireshark\plugins\1.12.7 there is a nordic_ble.dll already, but I am not sure if that includes both packet types, though.

Thanks!!!

(06 Nov '15, 10:17) softhandover

The plugin you have in ...\plugins\1.2.7 definitely came from Nordic, as Wireshark does not distribute a plugin with that name.

(06 Nov '15, 10:41) grahamb ♦