Inspecting captured data¶

The nRF Sniffer passes all 802.15.4 packets to Wireshark, where they are wrapped in a header containing useful meta-information not present in the packet itself. Wireshark dissects the packets and separates the actual packet from the meta-information.

When you browse captured packets, select a packet in the packet list to show the breakdown of that packet in the packet details pane. The hexadecimal view of the packet is shown in the packet bytes pane. Click a value in the details to highlight it among the bytes, or click on the bytes to highlight it in the details.

Using Display Filter Expression¶

Use display filters to display a chosen packet subset. To open the filter menu and construct a filter:

1. Right-click the filtering bar.

2. Click Display Filter Expression....

   

Most filters are based on the values of the packets, such as length or access address. The filter expressions use Boolean operators (&& || == != !).

See the following table for some filter examples.

Tips and Tricks¶

The following tips can help when inspecting your data:

• Turn any field in the packet details pane into a column. To do so:

  1. Right-click the value in the packet details.
  2. Click Apply as Column.

  

• Apply a value as a filter to, for example, see only operations affecting a particular handle. To filter packets that have a specific value for some field:

  1. Right-click the value in the packet details.
  2. Click Apply as Filter.
  3. Click Selected.

• Save a set of captured packets to be able to look at them later. To do so:

  1. Click the Stop button to stop capturing packets.
  2. Click File > Save As to save all packets, or click File > Export Specified Packets to save a selection of packets.

• Clear the packet list and restart a capture by clicking the Restart button.

See the documentation on the Wireshark website for more information.