The Nordic Semiconductor nRF Sniffer (a Bluetooth Low Energy sniffer [1]) uses the attached packet format between the host and a sniffer, and the packet EVENT_PACKET is currently dissected in Wireshark in packet-nordic_ble.c. A future version of the sniffer will also allow dissection of the other (control) packets.
The attached packet format will also be added to the Wireshark source code file packet-nordic_ble.c. Proposed name: LINKTYPE_NORDIC_BLE / DLT_NORDIC_BLE [1] http://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF-Sniffer -- Stig Bjørlykke R&D Engineer @ Nordic Semiconductor
Nordic BLE Sniffer packet format: BoardID + Header + Payload +--------+--------+--------+--------+--------+--------+--------+--------+ | BoardID (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ Header: +--------+--------+--------+--------+--------+--------+--------+--------+ | Length of header (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Length of payload (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Protocol version (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Packet counter (LSB) | | (2 bytes) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Packet ID (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ Packet ID: 0x00 = REQ_FOLLOW Host tells the Sniffer to only send packets recieved from a specific address. 0x01 = EVENT_FOLLOW Sniffer tells the Host that it has entered the FOLLOW state. 0x05 = EVENT_CONNECT Sniffer tells the Host that someone has connected to the unit we are following. 0x06 = EVENT_PACKET Sniffer tells the Host that it has received a packet. 0x07 = REQ_SCAN_CONT Host tells the Sniffer to scan continuously and hand over the packets ASAP. 0x09 = EVENT_DISCONNECT Sniffer tells the Host that the connected address we were following has received a disconnect packet. 0x0C = SET_TEMPORARY_KEY Specify a temporary key to use on encryption (for OOB and passkey). 0x0D = PING_REQ 0x0E = PING_RESP 0x13 = SWITCH_BAUD_RATE_REQ 0x14 = SWITCH_BAUD_RATE_RESP 0x17 = SET_ADV_CHANNEL_HOP_SEQ Host tells the Sniffer which order to cycle through the channels when following an advertiser. 0xFE = GO_IDLE Host tell the Sniffer to stop sending UART traffic and listen for new commands. Payload: EVENT_PACKET (ID 0x06): +--------+--------+--------+--------+--------+--------+--------+--------+ | Length of payload data (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Flags (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Channel (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | RSSI (dBm) (1 byte) | +--------+--------+--------+--------+--------+--------+--------+--------+ | Event counter | | (2 bytes) | +--------+--------+--------+--------+--------+--------+--------+--------+ | | | Delta time (us end to start) | | (4 bytes) | | | +--------+--------+--------+--------+--------+--------+--------+--------+ +--------+--------+--------+--------+--------+--------+--------+--------+ | | | Bluetooth Low Energy Link Layer Packet | | ... | | | +--------+--------+--------+--------+--------+--------+--------+--------+ Flags: 00000001 = CRC (0 = Incorrect, 1 = OK) 00000010 = Direction (0 = Slave -> Master, 1 = Master -> Slave) 00000100 = Encrypted (0 = No, 1 = Yes) Channel: The channel index being used. Delta time: This is the time in micro seconds from the end of the previous received packet to the beginning of this packet.
_______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers