[tcpdump-workers] Fwd: Request for a LINKTYPE/DLT for nordic_ble packet.

Stig Bjørlykke stig at bjorlykke.org
Mon Aug 21 12:43:27 EDT 2017


The Nordic Semiconductor nRF Sniffer (a Bluetooth Low Energy sniffer
[1]) uses the attached packet format between the host and a sniffer,
and the packet EVENT_PACKET is currently dissected in Wireshark in
packet-nordic_ble.c.  A future version of the sniffer will also allow
dissection of the other (control) packets.

The attached packet format will also be added to the Wireshark source
code file packet-nordic_ble.c.

Proposed name: LINKTYPE_NORDIC_BLE / DLT_NORDIC_BLE


[1] http://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF-Sniffer


--
Stig Bjørlykke
R&D Engineer @ Nordic Semiconductor
-------------- next part --------------

Nordic BLE Sniffer packet format: BoardID + Header + Payload

 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                           BoardID  (1 byte)                           |
 +--------+--------+--------+--------+--------+--------+--------+--------+

Header:
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                      Length of header  (1 byte)                       |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                      Length of payload  (1 byte)                      |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                      Protocol version  (1 byte)                       |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                         Packet counter (LSB)                          |
 |                               (2 bytes)                               |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                          Packet ID  (1 byte)                          |
 +--------+--------+--------+--------+--------+--------+--------+--------+

 Packet ID:
  0x00 = REQ_FOLLOW
         Host tells the Sniffer to only send packets recieved from a specific
         address.
  0x01 = EVENT_FOLLOW
         Sniffer tells the Host that it has entered the FOLLOW state.
  0x05 = EVENT_CONNECT
         Sniffer tells the Host that someone has connected to the unit we
         are following.
  0x06 = EVENT_PACKET
         Sniffer tells the Host that it has received a packet.
  0x07 = REQ_SCAN_CONT
         Host tells the Sniffer to scan continuously and hand over the
         packets ASAP.
  0x09 = EVENT_DISCONNECT
         Sniffer tells the Host that the connected address we were following
         has received a disconnect packet.
  0x0C = SET_TEMPORARY_KEY
         Specify a temporary key to use on encryption (for OOB and passkey).
  0x0D = PING_REQ
  0x0E = PING_RESP
  0x13 = SWITCH_BAUD_RATE_REQ
  0x14 = SWITCH_BAUD_RATE_RESP
  0x17 = SET_ADV_CHANNEL_HOP_SEQ
         Host tells the Sniffer which order to cycle through the channels
         when following an advertiser.
  0xFE = GO_IDLE
         Host tell the Sniffer to stop sending UART traffic and listen for
         new commands.

Payload:

 EVENT_PACKET (ID 0x06):
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                   Length of payload data  (1 byte)                    |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                            Flags  (1 byte)                            |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                           Channel  (1 byte)                           |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                          RSSI (dBm)  (1 byte)                         |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                             Event counter                             |
 |                               (2 bytes)                               |
 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                                                                       |
 |                     Delta time (us end to start)                      |
 |                               (4 bytes)                               |
 |                                                                       |
 +--------+--------+--------+--------+--------+--------+--------+--------+

 +--------+--------+--------+--------+--------+--------+--------+--------+
 |                                                                       |
 |                Bluetooth Low Energy Link Layer Packet                 |
 |                                  ...                                  |
 |                                                                       |
 +--------+--------+--------+--------+--------+--------+--------+--------+

 Flags:
  00000001 = CRC       (0 = Incorrect, 1 = OK)
  00000010 = Direction (0 = Slave -> Master, 1 = Master -> Slave)
  00000100 = Encrypted (0 = No, 1 = Yes)

 Channel:
  The channel index being used.

 Delta time:
  This is the time in micro seconds from the end of the previous received
  packet to the beginning of this packet.


More information about the tcpdump-workers mailing list