LINKTYPE_NORDIC_BLE

Packet structure

+---------------------------+
|           BoardID         |
|          (1 Octet)        |
+---------------------------+
|      Length of header     |
|          (1 Octet)        |
+---------------------------+
|     Length of payload     |
|          (1 Octet)        |
+---------------------------+
|       Protocol version    |
|          (1 Octet)        |
+---------------------------+
|        Packet counter     |
|          (2 Octets)       |
+---------------------------+
|         Packet type       |
|          (1 Octet)        |
+---------------------------+
|          Payload          |
.                           .
.                           .
.                           .

Description

The board ID field indicates which Sniffer device the message is to or from. Its value is opaque, with different values for different devices.

The length of header field contains the length of the header following the board ID, in octets, including the header length octet.

The length of payload field contains the length of the payload following the header, in octets.

The protocol version field contains the version of this protocol; the current version is 1.

The packet counter field is in little-endian byte order. In messages sent from the Sniffer to the host, it contains a count of messages sent from the Sniffer to the host; in messages sent from the host to the Sniffer, it contains a count of messages sent from the host to the Sniffer. In both cases, the count is modulo 65536. This can be used to detect missing packets.

The packet type field contains a value that is one of:

  • 0x00, for a REQ_FOLLOW message sent from the host to the Sniffer to only send packets recieved from a specific address;
  • 0x01, for an EVENT_FOLLOW message sent from the Sniffer to the host to indicate that it has entered the FOLLOW state;
  • 0x05, for an EVENT_CONNECT message sent from the Sniffer to the host to indicate that someone has connected to the unit we are following;
  • 0x06, for an EVENT_PACKET message sent from the Sniffer to the host, containing a Bluetooth LE packet captured by the Sniffer;
  • 0x07, for a REQ_SCAN_CONT message sent from the host to the Sniffer, telling it to scan continuously and hand over the packets ASAP;
  • 0x09, for a EVENT_DISCONNECT message sent from the Sniffer to the host, telling it that the connected address we were following has received a disconnect packet;
  • 0x0C, for a SET_TEMPORARY_KEY message, specifying a temporary key to use on encryption (for OOB and passkey);
  • 0x0D, for a PING_REQ message;
  • 0x0E, for a PING_RESP message;
  • 0x13, for a SWITCH_BAUD_RATE_REQ message;
  • 0x14, for a SWITCH_BAUD_RATE_RESP message;
  • 0x17, for a SET_ADV_CHANNEL_HOP_SEQ message sent from the host to the Sniffer, telling it which order to cycle through the channels when following an advertiser;
  • 0xFE, for a GO_IDLE sent from the host to the Sniffer, telling it to stop sending UART traffic and listen for new commands.

For an EVENT_PACKET message, the payload has the form:

+---------------------------+
|  Length of payload header |
|          (1 Octet)        |
+---------------------------+
|            Flags          |
|          (1 Octet)        |
+---------------------------+
|           Channel         |
|          (1 Octet)        |
+---------------------------+
|            RSSI           |
|          (1 Octet)        |
+---------------------------+
|        Event counter      |
|          (2 Octets)       |
+---------------------------+
|          Delta time       |
|          (4 Octets)       |
+---------------------------+
|         Bluetooth LE      |
|      Link layer packet    |
.                           .
.                           .
.                           .

The length of payload header field contains the length of the header preceding the Bluetooth LE packet, including the length of payload header field.

The flags field contains the following flag bits:

  • 0x00000001 - the packet checksum is OK;
  • 0x00000010 - the packet is from the master to the slave;
  • 0x00000100 - the packet is encrypted.

The channel field contains the Bluetooth LE channel index of the channel being used.

The RSSI field contains the absolute value of RSSI of the packet, in dBm; the actual RSSI is the negative of that value.

The event counter field is in little-endian byte order. For packets that are part of a connection, it contains the value of a counter of packets within the connection; there are separate counters for each direction of the connection.

The delta time field is in little-endian byte order. It contains the time in microseconds from the end of the previous received packet to the beginning of this packet.

Following the delta time field is a Bluetooth LE link-layer packet.