Re: [tcpdump-workers] Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR
--- Begin Message --- On Jul 9, 2020, at 1:46 PM, Sultan Khan wrote: > Through discussions with Joakim Anderson (of Nordic) and Mike Ryan (Ubertooth > developer), and going through several iterations of proposed protocol > updates, I/we came up with this: > https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html In the last paragraph, it says: For packets using the LE Coded PHY as defined in the Bluetooth Core Specification v5.2, Volume 6, Part B, Section 2.2, the Coding Indicator (CI) is represented by the two least significant bits of a dedicated coding indicator byte between the Access Address and PDU. Packets received using the LE Coded PHY are represented in an uncoded form, so the TERM1 and TERM2 coding terminators are not included in the LE packet field. Perhaps that's a bit clearer if stated as For packets using the LE Coded PHY as defined in the Bluetooth Core Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is represented as the Coding Indicator (CI), stored in a one-octet field with the lower 2 bits containing the CI value, immediately followed by the PDU and the CRC. Packets received using the LE Coded PHY are represented in an uncoded form, so the TERM1 and TERM2 coding terminators are not included in the LE packet field.--- End Message --- ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Fwd: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR
--- Begin Message --- Thanks for the feedback Guy. I revised the wording based on your suggestion, while also noting there is a four octet access address in the LE packet before the coding indicator. See the updated version here since the GitHack version rendered with a suitable Content-Type is slow to update: https://gist.github.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a New wording: For packets using the LE Coded PHY as defined in the Bluetooth Core Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is represented as the four-octet access address, followed by the Coding Indicator (CI), stored in a one-octet field with the lower 2 bits containing the CI value, immediately followed by the PDU and the CRC. Packets received using the LE Coded PHY are represented in an uncoded form, so the TERM1 and TERM2 coding terminators are not included in the LE packet field. On Thu, Jul 9, 2020 at 5:23 PM Guy Harris via tcpdump-workers < tcpdump-workers@lists.tcpdump.org> wrote: > > > > -- Forwarded message -- > From: Guy Harris > To: Sultan Khan > Cc: tcpdump-workers , Joakim Andersson > , Mike Ryan , > virtual...@gmail.com > Bcc: > Date: Thu, 9 Jul 2020 14:22:49 -0700 > Subject: Re: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR > On Jul 9, 2020, at 1:46 PM, Sultan Khan wrote: > > > Through discussions with Joakim Anderson (of Nordic) and Mike Ryan > (Ubertooth developer), and going through several iterations of proposed > protocol updates, I/we came up with this: > https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html > > In the last paragraph, it says: > > For packets using the LE Coded PHY as defined in the Bluetooth > Core Specification v5.2, Volume 6, Part B, Section 2.2, the Coding > Indicator (CI) is represented by the two least significant bits of a > dedicated coding indicator byte between the Access Address and PDU. Packets > received using the LE Coded PHY are represented in an uncoded form, so the > TERM1 and TERM2 coding terminators are not included in the LE packet field. > > Perhaps that's a bit clearer if stated as > > For packets using the LE Coded PHY as defined in the Bluetooth > Core Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is > represented as the Coding Indicator (CI), stored in a one-octet field with > the lower 2 bits containing the CI value, immediately followed by the PDU > and the CRC. Packets received using the LE Coded PHY are represented in an > uncoded form, so the TERM1 and TERM2 coding terminators are not included in > the LE packet field. > > > -- Forwarded message -- > From: Guy Harris via tcpdump-workers > To: Sultan Khan > Cc: virtual...@gmail.com, Joakim Andersson , > tcpdump-workers > Bcc: > Date: Thu, 9 Jul 2020 14:22:49 -0700 > Subject: Re: [tcpdump-workers] Proposed update to > DLT_BLUETOOTH_LE_LL_WITH_PHDR > ___ > tcpdump-workers mailing list > tcpdump-workers@lists.tcpdump.org > https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers > --- End Message --- ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fwd: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR
--- Begin Message --- After rereading it, I made one more slight change to the wording, dropping the word "received" from "Packets received using the LE Coded PHY are represented..." since this DLT can also be used to represent transmitted packets. Here's a browser renderable link to the latest version: https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/c9172a730117c824a1b80add472052220810e538/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html Any comments from anyone else? Thanks, Sultan On Thu, Jul 9, 2020 at 5:55 PM Sultan Khan via tcpdump-workers < tcpdump-workers@lists.tcpdump.org> wrote: > > > > -- Forwarded message -- > From: Sultan Khan > To: tcpdump-workers > Cc: > Bcc: > Date: Thu, 9 Jul 2020 17:57:03 -0400 > Subject: Fwd: [tcpdump-workers] Proposed update to > DLT_BLUETOOTH_LE_LL_WITH_PHDR > Thanks for the feedback Guy. I revised the wording based on your > suggestion, while also noting there is a four octet access address in the > LE packet before the coding indicator. > > See the updated version here since the GitHack version rendered with a > suitable Content-Type is slow to update: > https://gist.github.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a > > New wording: > For packets using the LE Coded PHY as defined in the Bluetooth Core > Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is > represented as the four-octet access address, followed by the Coding > Indicator (CI), stored in a one-octet field with the lower 2 bits > containing the CI value, immediately followed by the PDU and the CRC. > Packets received using the LE Coded PHY are represented in an uncoded form, > so the TERM1 and TERM2 coding terminators are not included in the LE packet > field. > > On Thu, Jul 9, 2020 at 5:23 PM Guy Harris via tcpdump-workers < > tcpdump-workers@lists.tcpdump.org> wrote: > > > > > > > > > -- Forwarded message -- > > From: Guy Harris > > To: Sultan Khan > > Cc: tcpdump-workers , Joakim > Andersson > > , Mike Ryan , > > virtual...@gmail.com > > Bcc: > > Date: Thu, 9 Jul 2020 14:22:49 -0700 > > Subject: Re: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR > > On Jul 9, 2020, at 1:46 PM, Sultan Khan wrote: > > > > > Through discussions with Joakim Anderson (of Nordic) and Mike Ryan > > (Ubertooth developer), and going through several iterations of proposed > > protocol updates, I/we came up with this: > > > https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html > > > > In the last paragraph, it says: > > > > For packets using the LE Coded PHY as defined in the Bluetooth > > Core Specification v5.2, Volume 6, Part B, Section 2.2, the Coding > > Indicator (CI) is represented by the two least significant bits of a > > dedicated coding indicator byte between the Access Address and PDU. > Packets > > received using the LE Coded PHY are represented in an uncoded form, so > the > > TERM1 and TERM2 coding terminators are not included in the LE packet > field. > > > > Perhaps that's a bit clearer if stated as > > > > For packets using the LE Coded PHY as defined in the Bluetooth > > Core Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is > > represented as the Coding Indicator (CI), stored in a one-octet field > with > > the lower 2 bits containing the CI value, immediately followed by the PDU > > and the CRC. Packets received using the LE Coded PHY are represented in > an > > uncoded form, so the TERM1 and TERM2 coding terminators are not included > in > > the LE packet field. > > > > > > -- Forwarded message -- > > From: Guy Harris via tcpdump-workers > > To: Sultan Khan > > Cc: virtual...@gmail.com, Joakim Andersson < > joakim.anders...@nordicsemi.no>, > > tcpdump-workers > > Bcc: > > Date: Thu, 9 Jul 2020 14:22:49 -0700 > > Subject: Re: [tcpdump-workers] Proposed update to > > DLT_BLUETOOTH_LE_LL_WITH_PHDR > > ___ > > tcpdump-workers mailing list > > tcpdump-workers@lists.tcpdump.org > > https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers > > > > > > -- Forwarded message -- > From: Sultan Khan via tcpdump-workers > To: tcpdump-workers > Cc: > Bcc: > Date: Thu, 9 Jul 2020 17:57:03 -0400 > Subject: [tcpdump-workers] Fwd: Proposed update to > DLT_BLUETOOTH_LE_LL_WITH_PHDR > ___ > tcpdump-workers mailing list > tcpdump-workers@lists.tcpdump.org > https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers > --- End Message --- ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
