First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

google address appears from Wireshark manufacturer database

  • retag add tags

I've launched wireshark + nRF52 Dongle successfully and I'm also able to select my device (named EWAT AI-No) from the list to sniff. However there's something I don't understand. If I've selected my custom device why I ever see a Google device (20:DF:B9:08:8F:63) in my vicinity?

Shouldn't I just see only this device with its address CE:4A:33:01:8D:B6?

Here's a previous post in the Nordic Forum with further information

https://devzone.nordicsemi.com/f/nord...

regards, gaston

gschelotto's avatar
1
gschelotto
asked 2020-05-11 09:43:58 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The selection of the device in the toolbar is the interface to capture from, not a capture filter to limit the traffic captured.

You're using your device to capture traffic, so it will pick up transmissions from other devices. Amongst other information obtained from the capture is the MAC address of the source of the transmission and Wireshark will, if enabled, helpfully translate the manufacturer specific octets to the name.

Capturing and not receiving packets from other devices wouldn't be a very rewarding exercise.

grahamb's avatar
23.8k
grahamb
answered 2020-05-11 10:46:47 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Sorry but I don't get it. What's the difference then by selecting "All advertising devices" or "myCustomDevice"? In the first case I can see a lot of capture traffic (myCustomDevice, devices from Manufacturer Database and many more devices). For the second selection I see myCustomDevice and devices from Manufacturer Database. In summary, for any of the two options I can see devices from the Manufacturer Database list. Is there something I am not considering? Sorry again but I'm a Wireshark beginner :-)

gaston

gschelotto's avatar gschelotto (2020-05-11 19:13:48 +0000) edit
more
  • delete

Not really a Wireshark issue, it's the mode of operation of the Nordic sniffer. See the manual for it here and specifically Chapter 3 Using the Sniffer:



The Sniffer has two modes of operation:

  1. Listens on all advertising channels to pick up as many packets as possible from as many devices as possible. This is the default mode.
  2. Follows one particular device and tries to catch all packets sent to or from this particular device. This mode will catch all: • Advertisements and Scan Responses sent from the device • Scan Requests and Connect Requests sent to the device • Packets in the Connection sent between the two devices in the Connection
grahamb's avatar grahamb (2020-05-12 08:19:03 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer