sultanqasim/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html

## LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html
<html>
	<head>
		<meta http-equiv="content-type" content="text/html; charset=windows-1252">
		<title>LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR</title>
		<link href="tcpdump-style.css" rel="stylesheet" type="text/css" media="screen">
	</head>

	<body>
		<div id="page">
			<div class="post">
				<h2 class="title">
					<a name="intro">LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR</a>
				</h2>

				<div class="entry">

					<h3>Packet structure</h3>
					<pre>+---------------------------+
|         RF Channel        |
|         (1 Octet)         |
+---------------------------+
|        Signal Power       |
|         (1 Octet)         |
+---------------------------+
|        Noise Power        |
|         (1 Octet)         |
+---------------------------+
|  Access Address Offenses  |
|         (1 Octet)         |
+---------------------------+
| Reference Access Address  |
|        (4 Octets)         |
+---------------------------+
|          Flags            |
|        (2 Octets)         |
+---------------------------+
|  LE Packet (no preamble)  |
.                           .
.                           .
.                           .
</pre>

					<h3>Description</h3>

					<p>All multi-octet fields are expressed in little-endian format. Fields with a corresponding Flags
					bit are only considered valid when the bit is set.</p>

					<p>The RF Channel field ranges 0 to 39. It reflects the value described in the Bluetooth Core
					Specification v5.2, Volume 6, Part A, Section 2.</p>

					<p>The Signal Power and Noise Power fields are signed integers expressing values in dBm.</p>

					<p>The Access Address Offenses field is an unsigned integer indicating the number of deviations
					from the valid access address that led to the packet capture. Access addresses are interpreted as
					described in the Bluetooth Core Specification v5.2, Volume 6, Part B, Section 2.1.2.</p>

					<p>The Reference Access Address field corresponds to the Access Address configured into the capture
					tool that led to the capture of this packet.</p>

					<p>The Flags field represents packed bits defined as follows:</p>
					<ul>
						<li>0x0001 indicates the LE Packet is de-whitened</li>
						<li>0x0002 indicates the Signal Power field is valid</li>
						<li>0x0004 indicates the Noise Power field is valid</li>
						<li>0x0008 indicates the LE Packet is decrypted</li>
						<li>0x0010 indicates the Reference Access Address is valid and led to this packet being captured</li>
						<li>0x0020 indicates the Access Address Offenses field contains valid data</li>
						<li>0x0040 indicates the RF Channel field is subject to aliasing</li>
						<li>0x0380 is an integer bit field indicating the LE Packet PDU type</li>
						<li>0x0400 indicates the CRC portion of the LE Packet was checked</li>
						<li>0x0800 indicates the CRC portion of the LE Packet passed its check</li>
						<li>0x3000 is a PDU type dependent field</li>
						<li>0xC000 is an integer bit field indicating the LE PHY mode</li>
					</ul>

					<p>The PDU types indicated by flag bit field 0x0380 are defined as follows:</p>
					<ol start="0">
						<li>Advertising or Data (Unspecified Direction)</li>
						<li>Auxiliary Advertising</li>
						<li>Data, Master to Slave</li>
						<li>Data, Slave to Master</li>
						<li>Connected Isochronous, Master to Slave</li>
						<li>Connected Isochronous, Slave to Master</li>
						<li>Broadcast Isochronous</li>
						<li>Reserved for Future Use</li>
					</ol>

					<p>For PDU types other than type 1 (auxiliary advertising), the PDU type dependent field
					(using flag bits 0x3000) indicates the checked status of the MIC portion of the decrypted
					packet:</p>
					<ul>
						<li>0x1000 indicates the MIC portion of the decrypted LE Packet was checked</li>
						<li>0x2000 indicates the MIC portion of the decrypted LE Packet passed its check</li>
					</ul>

					<p>For PDU type 1 (auxiliary advertising), the PDU type dependent field (using flag bits
					0x3000) is an integer bit field indicating the auxiliary advertisement type:</p>
					<ol start="0">
						<li>AUX_ADV_IND</li>
						<li>AUX_CHAIN_IND</li>
						<li>AUX_SYNC_IND</li>
						<li>AUX_SCAN_RSP</li>
					</ol>

					<p>The LE PHY modes indicated by flag bit field 0xC000 are defined as follows:</p>
					<ol start="0">
						<li>LE 1M</li>
						<li>LE 2M</li>
						<li>LE Coded</li>
						<li>Reserved for Future Use</li>
					</ol>

					<p>The LE Packet field follows the previous fields. All multi-octet values in the LE Packet are
					always expressed in little-endian format, as is the normal Bluetooth practice.</p>

					<p>For packets using the LE Uncoded PHYs (LE 1M PHY and LE 2M PHY) as defined in the Bluetooth
					Core Specification v5.2, Volume 6, Part B, Section 2.1, the LE Packet is represented as the four-octet
					access address, immediately followed by the PDU and CRC; it does not include the preamble.</p>

					<p>For packets using the LE Coded PHY as defined in the Bluetooth Core Specification v5.2, Volume 6,
					Part B, Section 2.2, the LE Packet is represented as the four-octet access address, followed by the
					Coding Indicator (CI), stored in a one-octet field with the lower 2 bits containing the CI value,
					immediately followed by the PDU and the CRC; it does not include the preamble. Packets using the
					LE Coded PHY are represented in an uncoded form, so the TERM1 and TERM2 coding terminators are not
					included in the LE packet field.</p>
				</div>
			</div>
		</div>
	</body>
</html>

## tcpdump-style.css
/*
Design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

body {
	margin: 0;
	padding: 0;
	background: #FFFFFF url(images/img01.gif) repeat-x;
	font-family: Arial, Helvetica, sans-serif;
	font-size: 13px;
	color: #737373;
}

form {
	margin: 0;
	padding: 0;
}

input, textarea {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 1em;
	color: #000000;
}

h1, h2, h3 {
	font-family: Arial, Helvetica, sans-serif;
}

h1 {
	font-size: 3em;
}

h2 {
	font-size: 2em;
}

h3 {
	font-size: 1em;
}

p, ul, ol {
	margin-bottom: 1.8em;
	line-height: 160%;
}

ul, ol {
}
/* Don't have extra leading in paragraphs in table entries. */
td p {
	margin-bottom: 0;
	line-height: normal;
}

blockquote {
}

a {
	color: #414141;
}

a:hover {
	text-decoration: none;
}

hr {
	display: none;
}

/* Menu */

#menu {
	width: 960px;
	height: 45px;
	margin: 0 auto;
	padding: 0px 0;
	background: url(images/img02.jpg) no-repeat center top;
}

#menu ul {
	height: 45px;
	margin: 0;
	padding: 0;
	background: url(images/img03.gif) no-repeat;
	list-style: none;
}

#menu li {
	float: left;
	height: 45px;
	background: url(images/img03.gif) no-repeat right top;
}

#menu a {
	float: left;
	height: 20px;
	margin: 0px;
	padding: 10px 15px;
	text-decoration: none;
	text-transform: uppercase;
	font-size: smaller;
	font-weight: bold;
	color: #000000;
}

#menu a:hover {
	background: url(images/img02.gif) repeat-x;
	color: #FFFFFF;
	height: 45px;
}

#menu .current_page_item a {
	height: 45px;
	color: #FFFFFF;
}

/* Splash */

#splash {
	width: 956px;
	height: 103px;
	margin: 0 auto;
}


/* Logo */

#logo {
	width: 960px;
	height: 15px;
	margin: 0 auto;
    padding-top: 10px;
    padding-bottom: 10px;
	border-bottom: 2px solid #3F3F3F;
	color: #414141;
}

#logo h1, #logo h2 {
	margin: 0;
	padding: 0 20px;
}

#logo h1 {
	float: left;
	padding-top: 30px;
	letter-spacing: -3px;
	text-transform: uppercase;
	font-size: 3em;
}

#logo h2 {
	float: right;
	padding-top: 49px;
	letter-spacing: -1px;
	text-transform: uppercase;
	font-weight: bold;
	font-size: 16px;
}

#logo a {
	text-decoration: none;
	color: #414141;
}

/* Page */

#page {
	width: 960px;
	margin: 0 auto;
	padding: 30px;
}

/* Content */

#content {
	float: right;
	width: 680px;
}

.post {
	padding-bottom: 20px;
}

.post .title {
	margin: 0;
	padding: 5px 20px;
	letter-spacing: -2px;
	border-bottom: 1px dashed #B9B9B9;
	text-transform: uppercase;
	font-size: 24px;
}

.post .title a {
	text-decoration: none;
}

.post .entry {
	padding: 10px 20px;
}

.post .meta {
	height: 26px;
	background: #F5F5F5;
	border-top: 1px solid #E9E9E9;
	text-decoration: none;
	text-transform: uppercase;
	font-size: smaller;
}

.post .posted {
	float: left;
	height: 16px;
	padding: 5px 20px;
}

.post .permalink, .post .comments {
	float: right;
	height: 16px;
	padding: 5px 20px;
}

.post .permalink {
}

/* Sidebar */

#sidebar {
	float: left;
	width: 250px;
}

#sidebar ul {
	margin: 0;
	padding: 0;
	list-style: none;
}

#sidebar li {
	margin-bottom: 20px;
}

#sidebar li ul {
	padding: 20px;
}

#sidebar li li {
	margin: 0;
	padding-left: 10px;
	padding-bottom: 5px;
	background: url(images/img04.gif) no-repeat left 50%;
}

#sidebar p {
	padding: 0 20px;
}

#sidebar h2 {
	height: 20px;
	margin: 0;
	padding: 6px 0 0 20px;
	background: url(images/img07.jpg) no-repeat;
	border-bottom: 1px dashed #B9B9B9;
	text-transform: uppercase;
	font-size: 14px;
	font-weight: bold;
	color: #000000;
}

/* Search */

#search form {
	padding: 20px;
}

#search br {
	display: none;
}

#search #s {
	width: 135px;
}

/* Footer */

#footer {
	clear: both;
	width: 960px;
	height: 50px;
	margin: 0 auto;
	padding: 20px 0;
	border-top: 6px solid #3F3F3F;
	font-size: smaller;
}

#footer p {
	margin: 0;
	text-align: center;
	line-height: normal;
}
	<html>
	<head>
	<meta http-equiv="content-type" content="text/html; charset=windows-1252">
	<title>LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR</title>
	<link href="tcpdump-style.css" rel="stylesheet" type="text/css" media="screen">
	</head>

	<body>
	<div id="page">
	<div class="post">
	<h2 class="title">
	<a name="intro">LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR</a>
	</h2>

	<div class="entry">

	<h3>Packet structure</h3>
	<pre>+---------------------------+
	\| RF Channel \|
	\| (1 Octet) \|
	+---------------------------+
	\| Signal Power \|
	\| (1 Octet) \|
	+---------------------------+
	\| Noise Power \|
	\| (1 Octet) \|
	+---------------------------+
	\| Access Address Offenses \|
	\| (1 Octet) \|
	+---------------------------+
	\| Reference Access Address \|
	\| (4 Octets) \|
	+---------------------------+
	\| Flags \|
	\| (2 Octets) \|
	+---------------------------+
	\| LE Packet (no preamble) \|
	. .
	. .
	. .
	</pre>

	<h3>Description</h3>

	<p>All multi-octet fields are expressed in little-endian format. Fields with a corresponding Flags
	bit are only considered valid when the bit is set.</p>

	<p>The RF Channel field ranges 0 to 39. It reflects the value described in the Bluetooth Core
	Specification v5.2, Volume 6, Part A, Section 2.</p>

	<p>The Signal Power and Noise Power fields are signed integers expressing values in dBm.</p>

	<p>The Access Address Offenses field is an unsigned integer indicating the number of deviations
	from the valid access address that led to the packet capture. Access addresses are interpreted as
	described in the Bluetooth Core Specification v5.2, Volume 6, Part B, Section 2.1.2.</p>

	<p>The Reference Access Address field corresponds to the Access Address configured into the capture
	tool that led to the capture of this packet.</p>

	<p>The Flags field represents packed bits defined as follows:</p>
	<ul>
	<li>0x0001 indicates the LE Packet is de-whitened</li>
	<li>0x0002 indicates the Signal Power field is valid</li>
	<li>0x0004 indicates the Noise Power field is valid</li>
	<li>0x0008 indicates the LE Packet is decrypted</li>
	<li>0x0010 indicates the Reference Access Address is valid and led to this packet being captured</li>
	<li>0x0020 indicates the Access Address Offenses field contains valid data</li>
	<li>0x0040 indicates the RF Channel field is subject to aliasing</li>
	<li>0x0380 is an integer bit field indicating the LE Packet PDU type</li>
	<li>0x0400 indicates the CRC portion of the LE Packet was checked</li>
	<li>0x0800 indicates the CRC portion of the LE Packet passed its check</li>
	<li>0x3000 is a PDU type dependent field</li>
	<li>0xC000 is an integer bit field indicating the LE PHY mode</li>
	</ul>

	<p>The PDU types indicated by flag bit field 0x0380 are defined as follows:</p>
	<ol start="0">
	<li>Advertising or Data (Unspecified Direction)</li>
	<li>Auxiliary Advertising</li>
	<li>Data, Master to Slave</li>
	<li>Data, Slave to Master</li>
	<li>Connected Isochronous, Master to Slave</li>
	<li>Connected Isochronous, Slave to Master</li>
	<li>Broadcast Isochronous</li>
	<li>Reserved for Future Use</li>
	</ol>

	<p>For PDU types other than type 1 (auxiliary advertising), the PDU type dependent field
	(using flag bits 0x3000) indicates the checked status of the MIC portion of the decrypted
	packet:</p>
	<ul>
	<li>0x1000 indicates the MIC portion of the decrypted LE Packet was checked</li>
	<li>0x2000 indicates the MIC portion of the decrypted LE Packet passed its check</li>
	</ul>

	<p>For PDU type 1 (auxiliary advertising), the PDU type dependent field (using flag bits
	0x3000) is an integer bit field indicating the auxiliary advertisement type:</p>
	<ol start="0">
	<li>AUX_ADV_IND</li>
	<li>AUX_CHAIN_IND</li>
	<li>AUX_SYNC_IND</li>
	<li>AUX_SCAN_RSP</li>
	</ol>

	<p>The LE PHY modes indicated by flag bit field 0xC000 are defined as follows:</p>
	<ol start="0">
	<li>LE 1M</li>
	<li>LE 2M</li>
	<li>LE Coded</li>
	<li>Reserved for Future Use</li>
	</ol>

	<p>The LE Packet field follows the previous fields. All multi-octet values in the LE Packet are
	always expressed in little-endian format, as is the normal Bluetooth practice.</p>

	<p>For packets using the LE Uncoded PHYs (LE 1M PHY and LE 2M PHY) as defined in the Bluetooth
	Core Specification v5.2, Volume 6, Part B, Section 2.1, the LE Packet is represented as the four-octet
	access address, immediately followed by the PDU and CRC; it does not include the preamble.</p>

	<p>For packets using the LE Coded PHY as defined in the Bluetooth Core Specification v5.2, Volume 6,
	Part B, Section 2.2, the LE Packet is represented as the four-octet access address, followed by the
	Coding Indicator (CI), stored in a one-octet field with the lower 2 bits containing the CI value,
	immediately followed by the PDU and the CRC; it does not include the preamble. Packets using the
	LE Coded PHY are represented in an uncoded form, so the TERM1 and TERM2 coding terminators are not
	included in the LE packet field.</p>
	</div>
	</div>
	</div>
	</body>
	</html>
	/*
	Design by Free CSS Templates
	http://www.freecsstemplates.org
	Released for free under a Creative Commons Attribution 2.5 License
	*/

	body {
	margin: 0;
	padding: 0;
	background: #FFFFFF url(images/img01.gif) repeat-x;
	font-family: Arial, Helvetica, sans-serif;
	font-size: 13px;
	color: #737373;
	}

	form {
	margin: 0;
	padding: 0;
	}

	input, textarea {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 1em;
	color: #000000;
	}

	h1, h2, h3 {
	font-family: Arial, Helvetica, sans-serif;
	}

	h1 {
	font-size: 3em;
	}

	h2 {
	font-size: 2em;
	}

	h3 {
	font-size: 1em;
	}

	p, ul, ol {
	margin-bottom: 1.8em;
	line-height: 160%;
	}

	ul, ol {
	}
	/* Don't have extra leading in paragraphs in table entries. */
	td p {
	margin-bottom: 0;
	line-height: normal;
	}

	blockquote {
	}

	a {
	color: #414141;
	}

	a:hover {
	text-decoration: none;
	}

	hr {
	display: none;
	}

	/* Menu */

	#menu {
	width: 960px;
	height: 45px;
	margin: 0 auto;
	padding: 0px 0;
	background: url(images/img02.jpg) no-repeat center top;
	}

	#menu ul {
	height: 45px;
	margin: 0;
	padding: 0;
	background: url(images/img03.gif) no-repeat;
	list-style: none;
	}

	#menu li {
	float: left;
	height: 45px;
	background: url(images/img03.gif) no-repeat right top;
	}

	#menu a {
	float: left;
	height: 20px;
	margin: 0px;
	padding: 10px 15px;
	text-decoration: none;
	text-transform: uppercase;
	font-size: smaller;
	font-weight: bold;
	color: #000000;
	}

	#menu a:hover {
	background: url(images/img02.gif) repeat-x;
	color: #FFFFFF;
	height: 45px;
	}

	#menu .current_page_item a {
	height: 45px;
	color: #FFFFFF;
	}

	/* Splash */

	#splash {
	width: 956px;
	height: 103px;
	margin: 0 auto;
	}


	/* Logo */

	#logo {
	width: 960px;
	height: 15px;
	margin: 0 auto;
	padding-top: 10px;
	padding-bottom: 10px;
	border-bottom: 2px solid #3F3F3F;
	color: #414141;
	}

	#logo h1, #logo h2 {
	margin: 0;
	padding: 0 20px;
	}

	#logo h1 {
	float: left;
	padding-top: 30px;
	letter-spacing: -3px;
	text-transform: uppercase;
	font-size: 3em;
	}

	#logo h2 {
	float: right;
	padding-top: 49px;
	letter-spacing: -1px;
	text-transform: uppercase;
	font-weight: bold;
	font-size: 16px;
	}

	#logo a {
	text-decoration: none;
	color: #414141;
	}

	/* Page */

	#page {
	width: 960px;
	margin: 0 auto;
	padding: 30px;
	}

	/* Content */

	#content {
	float: right;
	width: 680px;
	}

	.post {
	padding-bottom: 20px;
	}

	.post .title {
	margin: 0;
	padding: 5px 20px;
	letter-spacing: -2px;
	border-bottom: 1px dashed #B9B9B9;
	text-transform: uppercase;
	font-size: 24px;
	}

	.post .title a {
	text-decoration: none;
	}

	.post .entry {
	padding: 10px 20px;
	}

	.post .meta {
	height: 26px;
	background: #F5F5F5;
	border-top: 1px solid #E9E9E9;
	text-decoration: none;
	text-transform: uppercase;
	font-size: smaller;
	}

	.post .posted {
	float: left;
	height: 16px;
	padding: 5px 20px;
	}

	.post .permalink, .post .comments {
	float: right;
	height: 16px;
	padding: 5px 20px;
	}

	.post .permalink {
	}

	/* Sidebar */

	#sidebar {
	float: left;
	width: 250px;
	}

	#sidebar ul {
	margin: 0;
	padding: 0;
	list-style: none;
	}

	#sidebar li {
	margin-bottom: 20px;
	}

	#sidebar li ul {
	padding: 20px;
	}

	#sidebar li li {
	margin: 0;
	padding-left: 10px;
	padding-bottom: 5px;
	background: url(images/img04.gif) no-repeat left 50%;
	}

	#sidebar p {
	padding: 0 20px;
	}

	#sidebar h2 {
	height: 20px;
	margin: 0;
	padding: 6px 0 0 20px;
	background: url(images/img07.jpg) no-repeat;
	border-bottom: 1px dashed #B9B9B9;
	text-transform: uppercase;
	font-size: 14px;
	font-weight: bold;
	color: #000000;
	}

	/* Search */

	#search form {
	padding: 20px;
	}

	#search br {
	display: none;
	}

	#search #s {
	width: 135px;
	}

	/* Footer */

	#footer {
	clear: both;
	width: 960px;
	height: 50px;
	margin: 0 auto;
	padding: 20px 0;
	border-top: 6px solid #3F3F3F;
	font-size: smaller;
	}

	#footer p {
	margin: 0;
	text-align: center;
	line-height: normal;
	}