LINKTYPE_BLUETOOTH_BREDR_BB

(orig)

Packet structure

+---------------------------+
|         RF Channel        |
|         (1 Octet)         |
+---------------------------+
|        Signal Power       |
|         (1 Octet)         |
+---------------------------+
|        Noise Power        |
|         (1 Octet)         |
+---------------------------+
|    Access Code Offenses   |
|         (1 Octet)         |
+---------------------------+
|   Payload Transport Rate  |
|         (1 Octet)         |
+---------------------------+
|   Corrected Header Bits   |
|         (1 Octet)         |
+---------------------------+
|  Corrected Payload Bits   |
|        (2 Octets)         |
+---------------------------+
|    Lower Address Part     |
|        (4 Octets)         |
+---------------------------+
|       Reference LAP       |
|        (3 Octets)         |
+---------------------------+
|       Reference UAP       |
|         (1 Octet)         |
+---------------------------+
|     BT Packet Header      |
|        (4 Octets)         |
+---------------------------+
|          Flags            |
|        (2 Octets)         |
+---------------------------+
|    BR or EDR Payload      |
.                           .
.                           .
.                           .

Description

All multi-octet fields are expressed in little-endian format. Fields with a corresponding Flags bit are only considered valid when the bit is set.

The RF Channel field ranges 0 to 78. It reflects the value described in the Bluetooth specification Volume 2, Part A, Section 2.

The Signal Power and Noise Power fields are signed integers expressing values in dBm.

The Access Code Offenses field is an unsigned integer indicating the number of deviations from the valid access code that led to the packet capture. Access codes are interpreted as described in Bluetooth specification Volume 2, Part B, Section 6.3.

The Payload Transport Rate field represents a column of Bluetooth specification Volume 2, Part B, Section 6.5, Table 6.2, and is interpreted as two nibbles as follows.

  • 0x.0 indicates the BT payload was BR and captured with GFSK demodulation
  • 0x.1 indicates the BT payload was EDR and captured with PI/2-DQPSK demodulation
  • 0x.2 indicates the BT payload was EDR and captured with 8DPSK demodulation
  • 0x0. indicates the packet logical transport is any (link parameters unknown)
  • 0x1. indicates the packet logical transport is SCO
  • 0x2. indicates the packet logical transport is eSCO
  • 0x3. indicates the packet logical transport is ACL
  • 0x4. indicates the packet logical transport is CSB
  • 0xff indicates this is an ID packet so BT Packet Header is ignored and there is no payload

All other values of the Payload Transport Rate field are reserved.

The Corrected Header Bits field is an unsigned integer indicating the number of corrected bits in the 18-bit BT Packet Header. The valid range is 0 to 18.

The Corrected Payload Bits field is a signed integer indicating the number of errored and corrected bits in the captured BT payload. Interpretation of this field corresponds to the Payload Transport Rate. The value ranges from 0 to 80 when the BT payload was captured at R=1/3 as per Bluetooth specification Volume 2, Part B, Section 7.4. The value ranges from -360 to +180 when the BT payload was captured at R=2/3 as per Bluetooth specification Volume 2, Part B, Section 7.5. A negative number indicates the field absolute value is the sum of the number of corrected and uncorrectable bits.

The Lower Address Part field is the 24-bit value recovered from the captured SYNC WORD as defined in Bluetooth specification Volume 2, Part B, Section 6.3.3. The most significant byte of this field is reserved and must be zero.

The Reference LAP field corresponds to the Lower Address Part configured into the capture tool that led to the capture of this packet.

The Reference UAP field corresponds to the Upper Address Part configured into the capture tool and corresponds to the Reference LAP.

The BT Packet Header field is the 18-bit value recovered from the packet capture, and is defined in Bluetooth specification Volume 2, Part B, Section 6.4. The most significant 14 bits are reserved and must be zero.

The Flags field represents packed bits defined as follows.

  • 0x0001 indicates the BT Packet Header and BR or EDR Payload are de-whitened
  • 0x0002 indicates the Signal Power field is valid
  • 0x0004 indicates the Noise Power field is valid
  • 0x0008 indicates the BR or EDR Payload is decrypted
  • 0x0010 indicates the Reference LAP is valid and led to this packet being captured
  • 0x0020 indicates the BR or EDR Payload is present and follows this field
  • 0x0040 indicates the RF Channel field is subject to aliasing
  • 0x0080 indicates the Reference UAP field is valid for HEC and CRC checking
  • 0x0100 indicates the HEC portion of the BT Packet Header was checked
  • 0x0200 indicates the HEC portion of the BT Packet Header passed its check
  • 0x0400 indicates the CRC portion of the BR or EDR Payload was checked
  • 0x0800 indicates the CRC portion of the BR or EDR Payload passed its check
  • 0x1000 indicates the MIC portion of the decrypted BR or EDR Payload was checked
  • 0x2000 indicates the MIC portion of the decrypted BR or EDR Payload passed its check

All other bit positions of the Flags field are reserved and must be zero.

The decoded BR or EDR Payload optionally follows the previous fields, and is formatted as detailed in Bluetooth specification Volume 2, Part B, Section 6. The packet is decoded per Bluetooth specification Volume 2, Part B, Section 7. All multi-octet values in the BR or EDR Payload are always expressed in little-endian format, as is the normal Bluetooth practice.