> I've attached a screenshot: you can see the old version of the PPI
> header (lacks CrcInit), the USER0 DLT, and the 18 bytes of data captured
> from the air.
>
> 18 = 4 byte AA + 2 byte header + 9 byte data + 3 byte CRC
Attachment scrubbed, see
http://lacklustre.net/bluetooth/btle_breakdown.png
> >> So do LINKTYPE_BLUETOOTH_LE_LL/DLT_BLUETOOTH_LE_LL packets include the
> >> preamble octet and the CRC?
> >
> > They include the 3 octet CRC, they do not include the preamble.
>
> OK, I'll update the description on the "link-layer header types" page to note
> that.
>
> So the packet in the
On Jun 13, 2013, at 7:24 PM, Mike Ryan wrote:
> Hi, I impelemented most of the BTLE support in Ubertooth.
>
>> So do LINKTYPE_BLUETOOTH_LE_LL/DLT_BLUETOOTH_LE_LL packets include the
>> preamble octet and the CRC?
>
> They include the 3 octet CRC, they do not include the preamble.
OK, I'll upd
Hi, I impelemented most of the BTLE support in Ubertooth.
> So do LINKTYPE_BLUETOOTH_LE_LL/DLT_BLUETOOTH_LE_LL packets include the
> preamble octet and the CRC?
They include the 3 octet CRC, they do not include the preamble.
To validate the CRC you must know a per-connection CrcInit. This value
On Jun 13, 2013, at 12:07 PM, Guy Harris wrote:
> It's not a show-stopper - we can just document them as containing a time
> stamp but note that it's redundant with the time stamp in pcap and pcap-ng
> files, and say that the time stamp from the pcap packet record header or the
> pcap-ng pack
On Jun 13, 2013, at 12:52 PM, "dragorn" wrote:
> On Thu, Jun 13, 2013 at 11:51:41AM -0700, Guy Harris wrote:
>>
>> On Jun 13, 2013, at 11:13 AM, "dragorn" wrote:
>>
>>> On Thu, Jun 13, 2013 at 11:10:02AM -0700, Guy Harris wrote:
Do LINKTYPE_BLUETOOTH_LE_LL/DLT_BLUETOOTH_LE_LL
On May 21, 2013, at 1:06 PM, chris_bon...@selinc.com wrote:
> Looking at the format again, you are correct - I guess those 8 header bytes
> *are* redundant as to what the pcap file has been assigned for the packet
> timestamps; I have a feeling they are part of a per-packet direct data dump
>
On Jun 13, 2013, at 11:13 AM, "dragorn" wrote:
> On Thu, Jun 13, 2013 at 11:10:02AM -0700, Guy Harris wrote:
>>
>>
>> Do LINKTYPE_BLUETOOTH_LE_LL/DLT_BLUETOOTH_LE_LL sound like reasonable names?
>
> Yep, those sound fine!
OK, I've assigned 251 for them.
__
On May 16, 2013, at 7:12 AM, dragorn wrote:
> - Forwarded message from Mike Ryan -
>
> Date: Mon, 29 Apr 2013 13:09:32 -0700
> From: Mike Ryan
> To: drag...@kismetwireless.net
> Subject: request: DLT for Bluetooth Low Energy
>
> [sent this as-is to tcpdump-workers@lists.tcpdump.org]
