Maybe you could build the firmware for other devkits, like PCA10100. Thanks.

I've flashed my nRF52840dk board with JFlashLite on macOS Mojave.
After copying nrf802154_sniffer.py in extcap directory of Wireshark 2.6.4, and modifying its first line with #!/usr/local/bin/python the "nRF 802.15.4 sniffer" interface appears in Wireshark.
Under interface options, I've selected Device=/dev/cu.usbmodem and let Channel=11.

Unfortunately, Wireshark crashes when starting the capture.

Is the source from which the hex files available? Is the code based on Connect SDK? Zephyr?

When you start the sniffer you can click the gear icon to the left of the source selector and set a channel number. This will remember the channel selected from one run of Wireshark to another but if you simply reset the trace using the toolbar icon 'Restart Current Capture' the channel will change to channel 11 and there does not appear to be a way to change it back without exiting the entire program and starting again.

Hello world :-)

I have problem running Wireshark Sniffer using nRF52840 DONGLE on FreeBSD. It seems that umodem kernel driver only accepts given set of baudrates here. This results in UART.find_sniffer(write_data=False) returning empty port list and so no device is visible in WireShark.

I have managed to flash HEX into the DONGLE using nrftool and some blind DFU ZIP conversion. Can this be the cause of problem?

Is there any way I can talk to the DONGLE Sniffer over MiniCom (serial terminal application) in order to verify its operations?

Is there any python script that could veryfy operations of a Sniffer on a given port (/dev/cuaU0 in my case)?

Any hints welcome :-)
Tomek

Hi, thanks for this helpful project!

Maybe this is a stupid question and it is mentioned somewhere in the datasheet of the nRF dongle, but what parts of the 802.15.4 standard are supported? Is it a specific version? Like 2011? What baud rates? What transmission methods (DSSS vs CSS)? Using nRF52840 I guess it's 2.4GHz only, or is it?

Would be great to have some additional information in the readme. ;)

Hello world :-)

Can you please provide instructions on how to convert HEX into DFU ZIP so I can use nrfutil python utility?

Can you please provide a DFU ZIP package along the HEX file for a DONGLE just to quickly flash it using nrfutil?

I am using FreeBSD and only Open-Source stuff works here :-)

Thank you :-)
Tomek

I'm using the latest version of this repo with Wireshark 4.0.4 on macOS.

When I start a capture, it populates Wireshark with 802.15 packets (as expected). But when I click Stop, it waits about 30 seconds and then pops up this error:

During the 30 second lag, I'm not able to start a new capture and I can see in ps that the sniffer script hasn't been terminated.

If I add os._exit(0) at the top of the sig_stop_handler() function, it makes this error go away. I verified that sig_stop_handler() is being called from MainThread.

I don't understand the mechanism through which the control_reader loop is supposed to exit when Wireshark terminates the capture. Don't we need to signal it somehow to tell it to exit, before calling join() on that thread?

During setup of the sniffer on Linux, i found that ModemManager tries to write AT commands on the serial
of the sniffer device, which caused the initialization fault. README.md could mentioned about this potential problem and potentially providing e.g. command to disable ModemMenager.

I select 2 hardware interfaces in the Capture Screen in Wireshark and click Start Capturing Packets. But then Wireshark error that "Data Written to the pipe is neither in a supported format not in pcapng format. Please report this to the developers of the program writing to the pipe."
It can use when only select 1 interface on Windows.
And it also can capture from multiple hardware interfaces on macOS and Linux.

I am using the nRF52840 dongle to watch the configuration information being passed from an Osram coordinator to an Osram 4 button switch. I am finding that there are a lot of missed packets where one of more attributes are being set in the switch but the nRF52840 dongle does not see the packet at all. Occasionally I see repeat transmissions of packets where, presumably, the switch did not acknowledge and the coordinator resent.
Is this to be expected using the dongle due to lack of radio reception sensitivity or is there a possibility that there is some USB failure getting the information from the dongle into Wireshark? I have tried two dongles and they both behave in a similar manner. Would the nRF52840DK board give me any better results?
I am using Wireshark 3.0.3 on a MacBook Pro running Mohave and the dongle is about 1.3 metres from the coordinator.
Any suggestions would be most welcome.

Due to different problems (bad user experience) with autodetection of correct drivers of DFU trigger in Windows, I suggest to remove it. Flashing of nRF52840 Dongle is anyway usually one-time operation, after which you need to re-plug dongle manually. Thoughts?

As Ubuntu 22.04 LTS is lacking python alias the
#!/usr/bin/env python
line should be replaced with
#!/usr/bin/env python3
Another resoulution would be to add sudo apt install python-is-python3 as a requirement.

Using Wireshark 2.9.0 on Mohave I am able to start a capture but I see these errors thrown from the Python script...

usage: nrf802154_sniffer.py [-h] [--extcap-interfaces]
[--extcap-interface EXTCAP_INTERFACE]
[--extcap-dlts] [--extcap-config]
[--extcap-reload-option EXTCAP_RELOAD_OPTION]
[--capture] [--fifo FIFO]
[--extcap-capture-filter EXTCAP_CAPTURE_FILTER]
[--extcap-control-in EXTCAP_CONTROL_IN]
[--extcap-control-out EXTCAP_CONTROL_OUT]
[--channel CHANNEL] [--dev DEV]
nrf802154_sniffer.py: error: unrecognized arguments: --extcap-version
10:51:27.892 Capture Warn sync_pipe_wait_for_child: waitpid returned EINTR. retrying.

The last 'warning' repeats several times. I am filtering using zbee-zcl and only see broadcast packets even though there is obviously stuff going on within the same channel as i have specified.

As soon as I try to stop capturing Wireshark crashes.

Any ideas anyone? I am new to Wireshark and Zigbee trying to get my head around it all.

The nrf802154_sniffer.py uses is_standalone flag where the intention was to distinguish between using this script in standalone way or by Wireshark. Currently both approaches set is_standalone flag to True.

The following error is given when running the nrf802154_sniffer.py script in Python 3.12.2:

nrf802154_sniffer.py:81: SyntaxWarning: invalid escape sequence '\s'
  RCV_REGEX = 'received:\s+([0-9a-fA-F]+)\s+power:\s+(-?\d+)\s+lqi:\s+(\d+)\s+time:\s+(-?\d+)'

I was able to fix it by escaping all the backslashes, but not sure what the correct fix would be here to maintain version compatibility with the version it was working in previously.

Hello!
nRF52840-DK[v0.9.3] cannot be recognized when connecting to J3 nRF USB port.
So I can't start sniffing even if I finish flashing firmware.

Any plans for supporting nRF5340 DK?

The VID and PID are not recognised from either the DK or the dongle devices.
These appear as VID_1915 and PID_154A but I can't find which USB driver provides these so the the sniffer is not listed by serial.tools.list_ports.comports()

Can you advise on the driver to use?

I have followed all the steps mentioned to sniff zigbee packets using nrf52840 custom board.
Cannot detect nrfsniffer option in Interfaces in Wireshark.

Can anybody help ASAP?

Hi experts,

I followed the instructions the Readme file described. It almost works well. But I still found two issues:

1. the Startup time is too long when pressing the Start capturing packets button, it took me around 15 seconds. my environment setups as below:

• python 3.9.1
• Wireshark 3.4.2
• using the firmware here

For the details pls refer to the following plot:

can you give me some tips to optimize it?

2. Wireshark will exit once I stop capturing packets when there are BLE and 802.15.4 in the extcap folder together even if there is only 802.15.4 sniffer connects to the PC. let me show you more details as below:
   

can you give me a hand?

thanks in advance

my device is nRF52840, i can't capture Xiaomi phone's BLE packet.

First of all, thanks for the great project.

Currently I'm doing some test with a nRF52840 dongle (as sniffer) and a NRF52840-DK as as a peripheral and using tshark with python to analyze the packets from a terminal output (to automate the sniffing instead of using wireshark GUI). Basically I just want to set the first CONNECT_IND frame and once I receive a LL_VERSION_IND, LL_FEATURE_REQ or LL_LENGTH_REQ, extract the time but in my python script. As far I been trying it seems that tshark misses some packets that I try to send (such as CONNECT_IND). In fact I made some modifications to the nrf802154_sniffer.py script that only will listen to my desired advertising channel (39) and forced to only sniff my testing address (3c:61:05:4c:33:6). I modified this function as follows:

def device_added(notification):
    global sniffer
    """A device is added or updated"""
    device = notification.msg
    #logging.info(device)
    # Only add devices matching RSSI filter
    if rssi_filter == 0 or device.RSSI > rssi_filter:
        # Extcap selector uses \0 character to separate value and display value,
        # therefore the display value cannot contain the \0 character as this
        # would lead to truncation of the display value.
        display = (device.name.replace('\0', '\\0') +
                   ("  " + str(device.RSSI) + " dBm  " if device.RSSI != 0 else "  ") +
                   string_address(device.address))

        message = str(device.address) + '\0' + display
        if list(device.address) == [60, 97, 5, 76, 51, 110, 0]:
            logging.info("GOT MATCH ----------------------------")
            follow_address(sniffer, str('3c:61:05:4c:33:6e public'))
        logging.info(device.address)
        control_write(CTRL_ARG_DEVICE, CTRL_CMD_ADD, message)

Basically this line in my script opens tshark : tshark_output = subprocess.Popen(['tshark', '-i', '12', '-f', 'stdout=subprocess.PIPE), that listen to my interface 12. When sniffing with wireshark the packets seems to have a normal behavior. Nevertheless, in tshark I can only see the advertisements and scan requests.

Finally mi question is, does nRF52840 dongle and nRF52840 DK have support for tshark? if not, I would really appreciate any idea to approach this. TIA

Hi,

I am getting a segfault when starting a capture on Wireshark 3.2.0 (tested on Linux and Windows).

Does anyone have an idea on why it crashes?

Thanks

Hi,

Using a simple python script to test packet sniffing:

`import time
import subprocess
from nrf802154_sniffer import Nrf802154Sniffer
sniffer = Nrf802154Sniffer()

for chan in range (1, 26):
print ('reset nrf...')
subprocess.call (['usbreset', 'nRF52 USB Product'])
print ('chan: ' + str(chan))
print ('starting Thread scan...')
sniffer.extcap_capture(fifo="file.pcap", dev="/dev/ttyACM0", channel=chan, metadata="ieee802154-tap")
time.sleep (20)
print ('stopping Thread scan...')
sniffer.stop_sig_handler()
#usbreset "nRF52 USB Product"
#subprocess.call (['usbreset', 'nRF52 USB Product'])
time.sleep (1)
print ('stopped')
`
Generates an exception after the first channel switch. Only a reboot solves the "lock up". Exception generated after the first channel scan:

Exception: Nrf802154Sniffer (/dev/ttyACM0) channel 2 did not reply properly to setup commands. Please re-plug the device and make sure firmware is correct. Recieved: b''

I already tried a reset usb-function in the script, but that does not work. Only a reboot will solve the lock.

Any suggestions for this problem?

Best regards,

Mart

A new LED indication has been introduced in PR #20 but the docs for it are missing.

I found out that in the following setup guide:
https://infocenter.nordicsemi.com/index.jsp?topic=%2Fug_sniffer_802154%2FUG%2Fsniffer_802154%2Fintro_802154.html
the setup of Global Plugins (where the nrf802154_sniffer.py should be located) is missing.
It is not the case for the other readme file:
https://infocenter.nordicsemi.com/pdf/nRF_Sniffer_802154_User_Guide_v0.7.2.pdf

Hello,

Is it possible to get a hex for nRF52840 Dongle?

Thanks!