ComProbe BPA low energy User Manual
Contents
1. 2 52 Figure 32 Searh Find Dialog mmemme meme mm mm mwm meme eee me 53 Figure 33 Frame Display File menu Byte Export eee cece eee 56 Figure 34 Byte EXport dialog III 56 Figure 35 Save As dialog _ 0 220 oi adanada ec cece cc eee ee eee eee eee aaan aaao aai 57 Figure 36 Sample Exported Frames Text File 57 Figure 37 Example Protocol Tags 2 2 22 cece cece ec cc cece ee cece aLaaa anana aaan 58 Figure 38 Summay pane right with Decoder pane left 59 Figure 39 Frame Display Protocol Layer Color Selector 65 Figure 40 Frame Display Quick Filtering and Hiding Protocols Dialog 65 Figure 41 Bluetooth low energy Timeline u 20 22 lee cece eee aaa aaa aoaaa anaana 68 Figure 42 Bluetooth low energy Timeline Throughput Graph 0 70 Figure 43 Creating Encrypted MIC in Frame Display Summary pane 72 Figure 44 Bluetoothlow energy Timeline 20 2 cece eee ee cece cece eee cece eee ceeeeeeeces 73 Figure 45 Diagram of low energy Timeline Flow with Segment and Row Relationship 74 Figure 46 Device Address ROWS2. 103 Sa WEN maaamo ee a gee te ae EG ee a ee te ee 103 5 1 1 Searching within Decodes ei oaaao oaaao oaao DLLD LLa Loa oonan 103 5 1 2 Searching by Pattern __ 0 200 ole ec ec ec ee eee eee cece aaan 106 5 1 3 Searching by Time cece ec cee ee eee eee ence eee ne 107 SLA USNE GO TO es eae es oe ee ee ea el oe ek ee ee 109 fte com rontline Debug Communications Faster 5 1 5 Searching for Special Events cece ee cece eee eee eeceeeee 111 5 1 6 Searching by Signal nunueni eeeeeeee 112 5 1 7 Searching for Data Errors _ 1 22 22 oi eee cece eee eee eee eee namu 115 5 1 8 Find Bookmarks www mwm eee eeeeeeeeeeeeee 118 5 1 9 Changing Where the Search Lands 2 22 22 eee ee cece ce eee eee cece eeeees 119 5 1 10 Subtleties of Timestamp Searching 222 oe ee cece eee aandaa adanan 119 Fm ec AA 119 5 2 1 Adding Modifying or Deleting a Bookmark 2 22 2 cece eee eee eee cee eee eee eeee 120 5 2 2 Displaying All and Moving Between Bookmarks 121 SA FRENE AA 122 5 3 1 About Display Filters eee cc eee mumu mumu eee anaa 122 5 3 1 1 Creating a Display Filter lee cece eee aaa 122 5 3 1 2 Including and Excluding Radio Buttons mmmm
3. eee ccc cece cece cece cee cece cece ec ceccececcecceceececeece 74 Figure 47 Radio ROWS _ 2 22 2 eee cece eee ec eee ee eee cece eee eee cece eee eeeeeeeeeeeeeeeeees 75 Figure 48 low energy Timeline and Frame Display Packet Synchronization 76 Figure 49 Timeline Markers Shown Snapped to End of Packet 76 Figure 50 Bluetooth le Timeline Segment Timestamp and Zoom Value 76 Figure 51 Bluetooth le Timeline Packet Info Line 00000000000 oo00aaoan nn 77 Figure 52 Bluetooth le Timeline Packet Info Line for Multiple Selected Packets 77 Figure 53 Bluetooth low energy Packet Discontinuity aada aa aana aaa2aaa2aa22a 78 Figure 54 low energy Timeline Zoom menu 2 2 a 80 Figure 55 Message Sequence Chart Window 2 22 22 cece eee aaa 222a e eee cece eee meme 83 Figure 56 Classic and LE tabs II kana NS NONG RT AA akan Kok KaNuNaeks 84 Figure 57 Frame and Time Display inside red box _ 2 22 ee eee eee cece eee eee eee 85 fte com rontline Debug Communications Faster Figure 58 MSC Synchronization with Frame Display 22 eee eee aaao oaaao naano 85 Figure 59 Control and Signaling Frames SummMay 22 22 2 eee eee eee eee cece cece eee ceeeeeeees 86 Figure 60 Packet Layers Shown in Different Co
4. Abort Broken Frame The frame did not end when the analyzer expected it to This occurs most often with protocols where the framing is indicated by a specific character control signal change or other data related event Buffer Overflow Indicates a buffer overflow error A buffer overflow always causes a broken frame Control Signal Change One or more control signals changed state Click on the symbol and the analyzer displays which signal s changed at the bottom of the Event Display window Data Capture Paused The Pause icon was clicked pausing data capture No data is recorded while capture is paused Data Capture Resumed The Pause icon was clicked again resuming data capture Dropped Frames Some number of frames were lost Click on the symbol and the analyzer dis plays many frames were lost at the bottom of the Event Display window End of Frame Marks the end of a frame Flow Control Active An event occurred which caused flow control to become active i e caused the analyzer to stop transmitting data Events which activate flow control are signal changes or the receipt of an XON character Flow Control Inactive An event occurred which caused flow control to become inactive i e caused the analyzer to transmit data Events which deactivate flow control are signal changes or the receipt of an XOFF character Frame Recognizer Change A lowest layer protocol was selected or removed here causing the fr
5. Debug Communications Faster the packet sent by the master but do capture the packet sent by the slave we label the slave as side 1 since it is the first device we heard in the connection event Because there is potential clock drift since the last con nection event we cannot use the absolute timing to correct this error there would still be cases where we get it wrong Therefore we always assign 1 to the first packet in a connection event So even though it is rare there are connection events where packets sent by the slave device are labeled 1 and packets sent by the mas ter are labeled 2 Finally in a noisy environment it is also possible that the sniffer does not capture packets in the middle of a con nection event If this occurs and the sniffer cannot determine the side for the remaining packets in that con nection event the side is labeled U for unknown 4 4 1 11 2 Customizing Fields in the Summary Pane You can modify the Summary Pane in Frame Display Summary pane columns can be reordered by dragging any column to a different position Fields from the Decode pane can be added to the summary pane by dragging any Decodepane field to the desired location in the Summary pane header If the new field is from a different layer than the summary pane a plus sign is prepended to the field name and the layer name is added in parentheses The same field can be added more than once if desired th
6. Event Display and Frame Display windows The analyzer can capture data with no windows other than the Control window open e If you are still experiencing buffer overflows after trying all of the above options then you need to use a faster PC 7 2 2 Progress Bars The analyzer uses progress bars to indicate the progress of anumber of different processes Some progress bars such as the filtering progress bar remain visible while others are hidden The title on the progress bar indicates the process underway 7 2 3 Event Numbering This section provides information about how events are numbered when they are first captured and how this affects the display windows in the analyzer The information in this section applies to frame numbering as well When the analyzer captures an event it gives the event a number If the event is a data byte event it receives a byte number in addition to an event number There are usually more events than bytes with the result is that a byte might be listed as Event 10 of 16 when viewing all events and Byte 8 of 11 when viewing only the data bytes The numbers assigned to events that are wrapped out of the buffer are not reassigned In other words when event number 1 is wrapped out of the buffer event number 2 is not renumbered to event 1 This means that the first event in the buffer may be listed as event 11520 of 16334 because events 1 11519 have been wrapped out of the buffer Since row numbers r
7. 145 fte com rontline Debug Communications Faster Chapter 7 General Information 7 1 System Settings and Progam Options 7 1 1 System Settings Open the System Settings window by choosing System Settings from the Options menu on the Control win dow To enable a setting click in the box next to the setting to place a checkmark in the box To disable a set ting click in the box to remove the checkmark When viewing a capture file settings related to data capture are grayed out There are two ways you can capture data Series of files or Single File 7 1 1 1 Series of files System Settings Capbae Mode Atom es e 7 Restart Captunng Alte Saang oi Clesang Capdure Fie Wrap Sents of Fies File Size ink 81373 Min Mad Default Capbune 4yeeferedd_hammess_O01 cts Append Senes Stat Date Time 5 Fie Mumbai C Append Fie Stat Date Time Masamaim mumba ol Hex 10 C Start new iie after Figure 103 System Settings for defining how to capture data This option lets you capture to more than one file based on file size or time e Restart Capturing After Saving or Clearing Capture File the analyzer restarts capture to the file imme diately after the file 1s closed e Wrap Series of Files When enabled the analyzer wraps the file when it becomes full The oldest events are moved out of the file to make room for new events Any events moved out of the file are lost When disabled the analyzer st
8. Slave Len 19 QO gt I Find v Be A C Summary A Baseband L2CAP figured BT low energy devices SCO link Supported Errors a AVDTP onnection FHS Bluetooth FHS L2CAP SDP RFCOMM A oe Slave eadset Non Captured Info Address 5 o file P Type Signal B Frame AVDTP Type A Role Frame Size De Timestamp a ia 92 Signal 5 Maser 15 5 3 2011 1 47 26 596810 Addes 5 93 Signal 5 Slave 19 00 54342011 1 47 26 811181 aaa abel a 94 Signal 5 Master 16 00 5 3 2011 1 47 26 833056 Packet Type Single Packet 95 Signal 5 Slave 25 00 5 3 2011 1 47 26 952430 Message Tuner Antndnes Actoni 96 Signal 5 Master 16 00 5 3 2011 1 47 26 974303 Signaling Identifier AVDTP_DISCOVER 99 Signal 5 Slave 29 00 5 3 2011 1 47 27 389922 7 ACP Stream Endpoint ID 1 101 Signal 5 Master 27 00 5 3 2011 1 47 27 413047 In use No 103 Signal 5 Slave 15 00 5 3 2011 1 47 27 601168 104 Signal 5 Master 16 00 5 3 2011 1 47 27 605543 TSEP SNK 105 Signal 5 Slave 15 00 5 3 2011 1 47 27 731166 ACP Stream Endpoint ID 6 In use No at Media Type Audio 800011000 00001010 00101011 00011111 00001011 TSEP SNE N10011101 01011010 00000001 00000001 00000110 RO0000000 00000001 01110100 11100010 00000001 Yoooo0100 WEEE 0 90011000 0000100 P Figure 13 Look in Decoder pane for profile hints 3 2 3 3 AVDTP Override Decode Information The Set Subsequent Decoder Parameters dialog allows
9. 5 7 5 2012 6 05 23 995066 PM 18 ff ae 00 15 aa d be 89 Be 00 13 7b 96 bi eb d7 90 6 7 5 2012 6 05 23 995691 PM 4e ff b7 00 15 aa d be 89 8e 00 13 7b 96 bi eb d7 90 DD O OO QO rj Pm mm s Figure 36 Sample Exported Frames Text File 4 4 1 11 Panes in the Frame Display 4 4 1 11 1 Summary Pane The Summary pane La displays a one line summary of every frame in a capture buffer or file including frame number timestamp length and basic protocol information The protocol information included for each 57 fte com rontline Debug Communications Faster frame depends on the protocol selected in the summary layer box located directly below the main toolbar On a two channel circuit the background color of the one line summary indicates whether the frame came from the DTE or the DCE device Frames with a white background come from the DTE device frames with a gray background come from the DCE device Frame numbers in red indicate errors either physical byte level or frame errors If the error is a frame error in the displayed protocol layer the bytes where the error occurred is displayed in red The Decode Pane gives precise information as to the type of error and where it occurred The Summary pane is synchronized with the other panes in this window Click on a frame in the Summary pane and the bytes for that frame is highlighted in the Event pane while the Decode pane displays the full decode for that f
10. C9ph Lab Stock Icons ma Backgrounds Graphics Ef CO Basic Air Sniffing How To CO Netvoek Wew 5 15 07 Ef Dii FTS4Control camtasia videso Ef Camtasia Blue with Filmstrip Print User Guides CCarita Blue no himetrip RoboHelp graphics C2 Davis Video a gt Sawe ws type Capture Files cha Cancel Figure 96 Windows Save dialog 4 Type a file name in the File name box at the bottom of the screen 5 Browse to select a specific directory Otherwise your file is saved in the default capture file dir ectory 6 When you are finished click OK 6 1 2 Saving the Entire Capture File with Save Selection 1 If you are capturing data click on the Stop icon 7 to stop data capture You cannot save data to file while it is being captured 2 Open the Event Display or Frame Display window 3 Right click in the data 4 Select Save Selection or Save As from the right click menu 5 Click on the radio button labeled Entire File Save 19 Entire File 6 Choose to save Events or Frames Choosing to Selection Da save Events saves the entire contents of the capture CiEvert Frames file Choosing to save Frames does not save all 1 to 1 events in the capture file a 7 Type a file name in the As box at the bottom of the As Type tile name herd screen Click the Browse icon to browse to a spe f Note No captunng wil be done wide the cific directory Otherwise your file 1s saved in the
11. Click on the Find icon aa or choose Find from the Edit menu 4 Click on the Bookmarks tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content of the cap ture file you are viewing Find Ethernet Sniffer Decode Patten Time GoTo Special Events Bookmark Frama d Book 44 First enor 12 6 2010 11 25 48 18062 Frame 105 Source incomect 12 6 2010 11 25 56 72502 F E 103 The imej I Fan this TZ rene 109 The bmeg seme to be off on thes frome 12 Move Back Cis Figure 85 Find Bookmark tab There are several ways to locate bookmarks e Select the bookmark you want to move to and click the Go To button e Simply double click on the bookmark e Click the Move Forward and Move Back buttons to move through the frames to the bookmarks shown in the window When the bookmark is found it is highlighted in the window There are three ways to modify bookmarks 1 Click on Delete to remove the selected bookmark 2 Click on Modify to change the selected Bookmark name 3 Remove All will delete all bookmarks in the window 118 fte com rontline Debug Communications Faster The Find window Bookmark tab will also appear when using functions other than Find such as when clicking on the Display All Bookmarks icon 5 1 9 Changing Where the Search Lands When doing a search in the analyzer the byte or bytes matching the search criteria are highli
12. Mixed Sides Mode 42 Modem Lead Names 153 180 fte com ontline Debug Communications Faster Modify Display Filters 129 130 Multiple Event Displays 38 Multiple Frame Displays 55 N NK 159 Node Filters 126 Nonprintables 145 Notes 136 NU 159 Number Set 40 Numbers 157 Octal 40 Open 38 Open Capture File 136 Options 146 149 150 153 Override Decode Information 20 23 26 Overriding Frame Information 35 Overrun Errors 116 p Packet Error Rate PER Stats 91 Packet Error Rate 91 PER Stats Scroll Bar 96 Panes 55 Pattern 106 Pause 28 Performance Notes 156 Printing 141 Printing from the Frame Display 137 Progress Bars 157 Protocol Protocol Layer Colors 64 Protocol Layer Filtering 65 131 Protocol Stack 31 32 34 Q Quick Filtering 65 67 131 132 R Radix 40 62 Reframe 33 Reframing 33 Relative Time 108 155 Remove Bookmarks 120 121 Columns 60 Custom Stack 31 Filters 127 Framing Markers 34 Renaming 130 Reset Panes 55 Resolution 154 Resumed 43 Revealing Display Filters 127 Revealing Protocol Layers 51 RFCOMM 24 26 RFCOMM Missing Decode Information 26 RFCOMM Override Decode Information 26 RS 159 Save 123 133 135 Save As 133 181 fte com rontline Debug Communications Faster Saving 134 135 146 Display Filter 122 Imported Capture Files 146 Saving the Capture File using File amp gt Save or the Save icon 133 Search 103 106 107 109 111 115 119 121 bin
13. 137 6 3 1 Printing from the Frame Display HTML Export m 137 6 3 2 Printing from the Event Display _ 0 2 22 ei ee eee ee eee cece eee eeeee 141 BO XD ONE IAA IIIA 142 6 4 1 Frame Display Export eee cece eee LaaLa aLaaa anaana 142 6 4 2 Exporting a File with Event Display Export 2 22 lee ec cece eee eee 142 6 4 2 1 Export Filter WA 145 6 4 2 2 Exporting Baudot eee ce cece DLLD DLL 222a a222 2222 145 Chapter 7 General Information AA 146 7 1 System Settings and Progam Options 22 2 eee eee cece eee cece cece cece eeeeeeees 146 ZAA System Se CURIOS pete ee ek ee i oe eee ete 146 7 Ueda Seres OF ES canteen eee ead eae ee eee eee eee 146 741 2 Single File ge EIA aa ANGAS NGANGA SS aah Pa 148 ZAA COMMON OD U ONS Ia 148 7 1 1 4 System Settings Disabled Enabled Options 149 7 1 1 5 Advanced System Options _ 2 222 2 eee ee cc cece cece aaa aaan 149 7 1 1 6 Selecting Start Up Options lec ec eee cece ee eeeee 150 7 1 2 Changing Default File Locations _ 2 22 22 2 ele ee eee cece eee ee eee ee eeeeeeees 151 KIS de NIMES AA III 153 7 1 4 Timestamping mumu e nunu mumu m umu eee nni 153 7 1 4 1 Timestamping Options mum em mene m munene 153 7 2 Technical Information emem umeme mm cece eee cece cece cec
14. Bt Saang Pies Ho j POU Tupe h Command Ho Dana alis Fleur K Tabe AISI L Aira Hare HO ee Tupe bio Level let Lien ded Levee lel ee Ne ee oS ke AA Be a ee ai A riii Foe Help Pegs FI Figure 124 Decrypted Data Example Frame 39 723 A 1 8 Technical Support Technical support is available in several ways The online help system provides answers to many user related questions Frontline s website has documentation on common problems as well as software upgrades and util ities to use with our products Web http www fte com click Support Email tech support fte com If you need to talk to a technical support representative support is available between 9am and 5pm U S Eastern time Monday through Friday Technical support is not available on U S national holidays Phone 1 434 984 4500 Fax 1 434 984 4505 170 fte com contline Debug Communications Faster Author John Trinkle Publish Date 9 April 2014 171 fte com rontline Debug Communications Faster A 2 Bluetooth Virtual Sniffing A 2 1 Introduction The ComProbe software Virtual sniffing function simplifies Bluetooth development and is easy to use Front line s Virtual sniffing with Live Import provides the developer with an open interface from any application to ComProbe software so that data can be analyzed and processed independent of sniffing hardware Virtual sniff ing can also add value to other Bluetoo
15. Classic LE All Layers Ctrl Summary fNon Msg Summary BB L2CAP TCS LMP z Setup a 13 45 10 214603 Setup 13 45 10 219603 z LT_ADDR 0 LLID L2CAP s nf SEQN 0 ARQN 0 LT_ADDR 0 LLID L2CAP s nf SEQN 1 ARQN 0 L2CAP_Data Connectionless Length 5 CID 0x0002 PS 13 45 10 534608 Setup Setup Consecutive Broadcast Packet 1 185 13 45 10 539608 LT ADDR 0 LLID L2CAP sfnf SEQN 1 ARQN 0 lv Figure 57 Frame and Time Display inside red box If you click on the description of the message interaction the corresponding information is highlighted in Frame Display 10 O00 00 0 4 7 2004 347 15 137108 11 OOOOOD0 47 204 34715145233 TAN Bisa JI Tran ID Initiated by master Original Opcode LMP max slot req LMP timing accuracy res Tran ID Initiated by slave 110 00000000 10001100 00110000 00000010 10011002 1 00000001 01001110 11111111 11111111 00001111 00000000 00000000 00000000 000000 TUT TATA TA Hin 250 ppm Jitter 1 Tran ID Initiated by master LMP features res i Trem ani ka mearitarl 30 02 99 3d 01 4e ff ff Of OO OO OO OO OO EONS AG Figure 58 MSC Synchronization with Frame Display How do navigate in the dialog You can use the navigation arrows at the bottom and the right side of the dialog to move vertically and hori zontally You can also click and hold while moving the pointer within dialog that brings up a
16. Click ona box to check or un check it If you want to search only for overrun errors e check the box if shown e un check the other boxes To search for all types of errors e check all boxes The most common search is looking for a few scattered errors in otherwise clean data To do this type of search e choose to Search for an event where one or more error conditions occurred e choose which errors to look for e By default the analyzer looks for all types of errors 116 fte com frontline Debug Communications Faster In contrast searching for an event where one or more error conditions were off means that the analyzer looks for an event where the errors were not present For example if you have data that is full of framing errors and you know that somewhere in your 20 megabyte capture file the framing got straightened out you could choose to search for an event where one or more error conditions were off and choose to search only for framing The analyzer searches the file and finds the point at which framing errors stopped occurring Searching for an event where the error conditions changed means that the analyzer searches the data and stop at every point where the error condition changed from on to off or off to on For example if you have data where sometimes the framing is wrong and sometimes right you would choose to search framing errors where the error condition changed This first takes you to the point where
17. Communication Control Characters Listed below in alphabetical order are the expanded text meanings for common ANSI communication control characters and two character system abbreviation for each one Some abbreviations have forward slash char acters between the two letters This is to differentiate the abbreviations for a control character from a hex num ber For example the abbreviation for Form Feed is listed as F F to differentiate it from the hex number FF Communications Control Characters Ca mjo eoo ale apa a lo lea CC pa o E B ETB End of Transmission Block 159 fte com rontline Debug Communications Faster Communications Control Characters continued Abbreviation Control Character Shift Out 7 2 5 The Frontline Serial Driver ComProbe software uses custom versions of the standard Windows serial drivers in order to capture data These drivers are usually installed during the routine product installation However if you need to install the serial driver after ComProbe software has already been installed please refer to the instructions available in the Setup folder installed under Start Programs Product Name and version Setup How to Install the FTS Serial Driver 7 3 Contacting Technical Support Technical support is available in several ways The online help system provides answers to many user related questions Frontline s website has documentation on common problems as well
18. Control Inactive Frame Recognze Changed UA Settings Changed Figure 81 Find Special Events tab 5 Check the event or events you want to look for in the list of special events Use Check All or Uncheck All buttons to make your selections more efficient 6 Click Find Next and Find Previous to move to the next instance of the event Not all special events are relevant to all types of data For example control signal changes are relevant only to serial data and not to Ethernet data For a list of all special events and their meanings see List of All Event Symbols on page 42 5 1 6 Searching by Signal Searching with Signal allows you to search for changes in control signal states for one or more control signals You can also search for a specific state involving one or more control signals with the option to ignore those control signals whose states you don t care about The analyzer takes the current selected byte as its initial condition when running searches that rely on finding events where control signals changed To access the search by time function 1 Open a capture file to search 2 Open the Event Display or Frame Display e window 3 Click on the Find icon aa or choose Find from the Edit menu 4 Click on the Signal tab of the Find dialog 112 fte com rontline Debug Communications Faster Note The tabs displayed on the Find dialog depend on the product you are running and the
19. Decoder Parameters dialog takes effect from the specified frame onward or until redefined in this dialog on a later frame e The Remove Override button will remove the selected decode parameter override e The Remove All button will remove all decoder overrides If you do not have decoders loaded that require parameters the menu item does not appear and you don t need to worry about this feature 15 fte com rontline Debug Communications Faster 3 2 1 Decoder Parameter Templates 3 2 1 1 Select and Apply a Decoder Template 1 Select Set Initial Decoder Parameters from the Options menu on the Control A window or fa the Frame Display window 2 Click the Open Template Ba icon in the toolbar and select Ca HK 7 F emplate the desired template from the pop up list The system displays the content of the selected template in the Initial Connections P Frontlinel list at the top of the dialog Frontline 3 Click the OK button to apply the selected template and P Frontline 1 decoders settings and exit the Set Initial Decoder Parameters Frontline dialog the NG Frontline5 3 2 1 2 Adding a New or Saving an Existing Tem plate Add a Template A template is a collection of parameters required to completely decode communications between multiple devices This procedure adds a template to the system and saves it for later use y nag Template Manager 1 Click the Save button at the top of the Set Init
20. Event Display 2 opens This Event Display is labeled 2 even though there is no original Event Display to indicate that it is syn chronized with Frame Display 2 54 fte com rontline Debug Communications Faster 4 Click on a frame in Frame Display 2 The corresponding bytes are highlighted in Event Display 2 5 Click on a frame in the original Frame Display Event Display 2 does not change 4 4 1 8 Working with Multiple Frame Displays Multiple Frame Displays are useful for comparing two frames side by side They are also useful for comparing all frames against a filtered subset or two filtered subsets against each other e To create a second Frame Display click the Duplicate View icon E on the Frame Display toolbar This creates another Frame Display window You can have as many Frame Displays open as you wish Each Frame Display is given a number in the title bar to distinguish it from the others e To navigate between multiple Frame Displays click on the Frame Display icon in the Control window toolbar A drop down list appears listing all the currently open Frame Displays e Select the one you want from the list and it comes to the front Note When you create a filter in one Frame Display that filter does not automatically appear in other Frame Display windows You must use the Hide Reveal feature to display a filter cre ated in one Frame Display in different Frame Display window Note W
21. Example ComProbeFrame Display BPA 600 low energy capture 163 fte com frontline Debug Communications Faster SMP Code Pairing Contin Confirm Value Oxfic25bSe1 3092125795345264256208a Responder Pairing Confirm Example ComProbeFrame Display BPA 600 low energy capture SMP Pairing Request The initiating device will generate a 128 bit random num ber that is combined with TK the Pairing Request com mand the Pairing Response command the initiating device address and the responding device address The resulting value is a random number Mconfirm that is sent to the responding device by the Pairing Confirm SMP Pairing Response command The responding device will validate the responding device data in the Pairing Confirm command and if it is correct will generate a Sconfirm value using SMP Pairing Confirm i the same methods as used to generate Mconfirm only 7 with different 128 bit random number and TK The MIP Pasang DORSATA responding device will send a Pairing Confirm command to the initiator and if accepted the authentication pro cess is complete The random number in the Mconfirm and Sconfirm data is Mrand and Srand respectively Mrand and Srand have a key role in setting encrypting the link Figure 111 Message Sequence Chart SMP Pairing A 1 4 Encrypting the Link The Short Term Key STK is used for encrypting the link the first time the two devices pair STK remains in each device o
22. Insert the other end of the USB cable into the PC mini USB port Figure 1 BPA low energy Hardware USB PortComProbe 802 11 QSG frontline 2 2 Data Capture Methods This section describes how to load Frontline Test Equipment Inc ComProbe Protocol Analysis System software and how to select the data capture method for your specific application 2 2 1 Opening ComProbe Data Capture Method On product installation the installer creates a folder on the windows desktop labeled Frontline ComProbe Pro tocol Analysis System lt version gt 1 Double click the Frontline ComProbe Protocol Analysis System desktop folder This opens a standard Windows file folder window fte com frontline Debug Communications Faster m gt Frontline ComProbe Protocol Analysis System 12 11 662 0 Include in library Share with Burn New folder paa Name sktop E J Development Tools wnloads J Documentation cent Places JP Maintenance Tools ogle Drive i Capture File Viewer ail ComProbe 802 11 with Wireshark za Serer ren re reer te U Mme nts dy Docurmerts Select to open Capture Methods Figure 2 Desktop Folder Link 2 Double click on Frontline ComProbe Protocol Analysis System and the system displays the Select Data Capture Method dialog Note You can also access this dialog by selecting Start gt All Programs gt Frontline ComProbe Protocol Analysis System Version gt Front
23. Item From List button becomes active 2 Click the Remove Selected Item From Listbutton to remove the stack from the list You cannot remove stacks provided with the analyzer If you remove a custom stack you need to define it again in order to get it back If you are changing the protocol stack for a capture file you may need to reframe See Reframing on page 33 for more information You cannot select a stack or change an existing one for a capture file loaded into the Capture File Viewer the Capture File Viewer is used only for viewing capture files and cannot capture data Protocol Stack changes can only be made from a live session 31 fte com frontline Debug Communications Faster 4 2 2 Creating and Removing a Custom Stack To create a custom stack Select a Protocol Stack 1 Choose Protocol Stack from the Options menu on the Con a ere oe trol window or click the Pro Build Your Own 802 11 MAC l 802 11 Radio tocol Stack icon on the Air Sniffer BlueCore Serial Protocol BCSP from Cambridge Silicon Radio with autotraverse Frame Display toolbar Bluetooth HCI UART H4 with autotraverse Bluetooth HC USB with autotraverse Bluetooth virtual transport with autotraverse 2 Select Build Your Own from Fictitious Protocol with autotraverse H4D5 with autotraverse the list and click Next int Protocol LE BB 3 The system displays an inform Wireless Cosdstence Interface 2 ation screen that may he
24. Override Decode Information 2 0 0 e ee eee eee eee ee ee ee ee eee eee ee 26 Chapter 4 Capturing and Analyzing Data 22 22e222mmmmmemue 28 Wet CA UGS DO os ods eek bo ek he ee el AA AA 28 4 1 1 Capturing Data to Disk _ 0 222 ene cc eee eee aLaaa amen 28 4 1 2 Extended Inquiry Response U 2 22 cece cece ee eee cee LLALL aLaaa aoaaa aana 29 OD Protocol SACI Se es ss ee ee eee 30 4 2 1 Protocol Stack Wizard lt 2 a ccccocssoreatccqaucckdeoebdeqosmetcehapeusesgeeddecueteecedacsenteededass 31 4 2 2 Creating and Removing a Custom Stack eee eee oaaao aaao aoaaa oann 32 A23 TREMOR IAA 33 424 UM ii AA Wa daw E kee hands ese a ai pan nga 34 4 2 5 How the Analyzer Auto traverses the Protocol Stack 34 4 2 6 Providing Context For Decoding When Frame Information Is Missing _ 35 4 3 Analyzing Byte Level Data lei eee ee ce eee eee eee eee aana 35 4 3 1 Event Display i cece ec cece ce eee e cee eee cece cence eeeeeees 35 fte com rontline Debug Communications Faster 4 3 2 The Event Display Toolbar lee cc cc ee cece anaana anaa 36 4 3 3 Opening Multiple Event Display Windows 22 eee eee eee eee eee cece cece eeeeeee 38 4 3 4 Calculating CRCs or FCSs _ 0 22 eee ce ccc eee eee cece eeeeeees 38 4 3 5 Calculating D
25. Start new file after If you want to start a new file on a periodic basis check the box for Start new file after and put in the num ber of hours after which a new file is started Note that if the currently open file becomes full before the time limit has been reached a new file is opened immediately rather than lose data Capturing stops if the maximum number of files has been used unless Wrap Files has been checked If Wrap Files has been checked the analyzer erases the oldest file in the series and makes a new file Start up Opens the Program Start up Options window Start up options let you choose whether to start data capture immediately on opening the analyzer Advanced Opens the Advanced System Options window The Advanced Settings should only be changed on advice of technical support 147 7 1 1 2 Single File System Settings fte com frontline Debug Communications Faster Capture Mode Single File Restart Capturing After Saving or Clearing Capture File Wrap File File Size in K 81373 Startup Advanced System Settings Jl This option allows Ate ei the ana F Wrap Fie lyzer to capture File Size ink 91973 Hin data to a file Each time you cap ture the file you must provide Capire Mode Single Fie a file name The size of each file cannot larger than the number given in File Size in K The name of each file is the name you give it in the Na
26. System Options Wang Be catebul when changing lhece parameters Please read the onima heip first o contaci Technical Support Selechons do not take effect undi FTS and ary datasources are Hated Diver Receve Buller Size in Kbytes 10000 10000 Dive Achon Queue See in Operating System Pages 100 100 Frame Completion Timeout in Second 2 Figure 104 Advanced System Options dialog e Driver Receive Buffer Size in Kbytes This is the size of the buffer used by the driver to store incoming data This value is expressed in Kbytes e Driver Action Queue Size In Operating System Pages This is the size of the buffer used by the driver to store data to be transmitted This value is expressed in operating system pages e Frame Completion Timeout in Seconds This is the number of seconds that the analyzer waits to receive data on a side while in the midst of receiving a frame on that side If no data comesin on that side for longer than the specified number of seconds an aborted frame event is added to the Event Display and the analyzer resumes decoding incoming data This can occur when cap turing interwoven data DTE and DCE and one side stops transmitting in the middle of a frame The range for this value is from O to 999 999 seconds Setting it to zero disables the timeout feature E Note This option is currently disabled 7 1 1 6 Selecting Start Up Options To open this window KO 1 Choose System Settings from t
27. Toolbar The toolbar contains the following Lock The Lock button only appears in live mode and is automatically depressed when the a user scrolls Unlock First Packet Previous Packet Next Packet Last Packet O O O MP 68 pb Pp v fte com rontline Debug Communications Faster Previous Interframe Spacing IFS Error e Interframe Spacing is considered valid if it is within 150 us or 2us e Ifthe Interframe Spacing is less than 148 us or greater than 152 us but less than or equal to 300 us it is considered an IFS error Next Interframe Spacing IFS Error e Interframe Spacing is considered valid if it is within 150 us or 2us e Ifthe Interframe Spacing is less than 148 us or greater than 152 us but less than or equal to 300 us it is considered an IFS error Previous Error Packet Next Error Packet Zoom In Zoom Out Reset The Reset button appears only in live mode Reset causes all packet data up to that point to be deleted from the Packet Timeline display This does not affect the data in Frame Display Resetting the display may be useful when the most recent throughput val ues are of interest BS O side 1 4 4 2 2 low energy Timeline Legend Siam ak CJ Adv initiator C Master This legend identifies the color coding found in the timeline DJ Adv Unknown sae j 8 Data Start D CRE Error e When you select a packet in the timeline items in the legend that IS
28. View Format Options window Help looks for a pattern coming from one or both sides For example if you choose to search for the pattern ABC and you choose to search without regard for data origin the analyzer finds all three instances of ABC shown here The first pattern with the A and the C coming from the DTE Event 16 to 4a of 405 27 awin device and the B coming from the DCE is a good example of how Rate Deka CRC DTE CRC ICE using a side restriction differs from searching without regard to NG Timestamp No Timestamp 9c 35 data origin While searching without regard for data origin finds For Help Press F1 all three patterns searching using a side restriction never finds the first pattern because it does not come wholly from one side or the other If you choose to search for the pattern ABC and you restrict the Event Display search to just the DTE side the analyzer finds the following pat Fie Edt Yew Format Options Window tern SEE A In this example the analyzer finds only the second pattern high lighted above because we restricted the search to just the DTE side The first pattern doesn t qualify because it is split between the DTE and DCE sides and the third pattern though whole Evert 16 to 42 of 6 425 27 events comes from just the DCE side Rate o Da ORCDTE ORC DCE NG Timestamp No Timestamp 9 35 For Help Press Fl If we choose both the DTE and the DCE si
29. a file name and ae t file type for each profile you select in Step 1 above The file type varies depending on the original profile A separate file for each pro file will be created but only for those pro files with available data 8 Select a location for the file 9 Click Save pon The Data Extraction Status and Audio Extraction Status dialogs appear When the process is complete the dialogs display what files have been created and where they are located AA Aa ma mm a a ne w Data Extraction Status BipBppFipOppProfites cia Bip data extraction started x ai Fie C Documents and Settings iab Desktop date mtrt LAAN EU Aa HA LA EART Bip dats extraction frushed Status Bpp dala extraction started fice Dans Fie C Documents and Selting tab ezktop date extactontg Fle Type One Stereo File Epp data extraction Erushed Path C Documents and Sethngs tab Desktop dats Fip data extraction stared Filename Staus Format Dupu Fie Documents ad Settings tab Desktop viats extracton Ab Fip dats extrecton brushed Fip data extraction started Fie Documents and Seftings tab Desktog data extraction Fip dats edraction brished Fip data eraction started File Documents and Settngs teb i Deskiog dats mirachik Procesting Frame 540 1004 Fip date edracton frushed Files whose extensions ane unkncan CADseuments and Settings tab Decktop data madrain ipi ppf ipl pa Pal EPP Unknown Ka ee el De kaaa Figure 72 D
30. a per centage to the right of the channel number The megahertz MHz value is displayed in light blue text if the MHz option is selected in the Addi tional Statistics section The number of packets with no errors is displayed in light green in the bar chart All the values except MHz change dynamically when multiple time periods are selected in the Scroll Bar When you select the in the upper right corner the bar chart is replaced by a pie chart The pie chart applies to all channels not a selected channel To return to the bar chart click on the channel again or click on the in the upper right hand corner 4 4 4 4 Packet Error Rate Legend The Legend displays color coded information about the channel selected Bluetooth low energy For Bluetooth low energy The number of Packets with No Errors and percentage of packets with No Errors in relationship to total packets for the channel is displayed in green The number of Packets with CRC Errors and percentage of packets with CRC Errors in relationship to total packets for the channel is displayed in dark red Total packets and Total percentage is displayed in light blue 94 fte com rontline Debug Communications Faster For a description of the Channel Not Available symbol see PER Stats Channel 4 4 4 5 Packet Error Rate Additional Statistics This Additional Statistics section of PER Stats displays information about selected packets
31. an installation path multiple instances of a personality entry may be detected which causes a failure when trying to launch Frontline For example if an Frontline product is installed at C Users Public Public Documents Frontline Test Equipment My Decoders then My Decoders cannot be set to any of the following e C My Decoders e C Users My Decoders e C Users Public My Decoders e C Users Public Public Documents My Decoders e or to any directory that already exists in the path C Users Public Public Documents Frontline Test Equip ment My Decoders Default Capture File Folder Checkbox If the Use Last Opened Folder for Capture Files checkbox is checked then the system automatically changes the default location for saving capture files each time you open a file from or save a file to a new location For example let s say the default location for saving capture files is Drive A gt Folder A Now you select the Use Last Opened Folder for Capture Files checkbox The next time however you open a capture file from a dif ferent location Folder B gt Removable Flash Drive for example Now when you save the capture file it will be saved to Folder B gt Removable Flash Drive Also all subsequent files will be saved to that location This remains true until you open a file from or save a file to a different location There is one caveat to this scenario however Let s say you have selected Use Last Opened Folder for Cap ture Fi
32. and click the Delete button 5 2 2 Displaying All and Moving Between Bookmarks There are three ways to move between bookmarks 1 Press the F2 key to move to the nezt frame or event with a bookmark 2 Select Go to Nezt Bookmark from the Bookmarks menu 3 Click the Display All Bookmarks icon LI Select the bookmark you want to move to and click the Go To button or simply double click on the bookmark Click the Move Forward and Move Back buttons to cycle through the bookmarks Find dual_mode_capture_01 cfa EBK Decode Paitem Time GoTo Specia Events Emor Bookmark Frame 3 Bockmack 3 7 23 2010 72057 526310 PM ARA rama 7 Bookmark 7 7724201072057 526310 PM KN ka Mova Back GoTo Figure 87 Find Window Bookmark tab Used to Move Around With Bookmarks To delete a bookmark select it and click the Delete button To modify a bookmark select it and click the Modify button Click Remove All to delete all the bookmarks 121 fte com rontline Debug Communications Faster 5 3 Filtering 5 3 1 About Display Filters A display filter looks at frames that have already been captured It looks at every frame in the capture buffer and displays those that match the filter criteria Frames that do not match the filter criteria are not displayed Display filters allow a user to look at a subset of captured data without affecting the capture content There are three general classes of display filters e Proto
33. appears as part of the filter descrip tion displayed to the right of the Toolbar Include A filter constructed with the Include button selected returns a data set that includes frames that meet the conditions defined by the filter and omits frames that do not Exclude A filter constructed with the Exclude button selected returns a data set that excludes frames that meet the conditions defined by the filter and consists of frames that do not 5 3 1 3 Named Display Filters You can create a unique display filter by selecting a data type on the Frame Display and using a right click menu When you create a Name Filter it appears in the Quick Filtering dialog where you can use it do cus tomize the data you see in the Frame Display panes 1 Select a frame in the Frame Display Summary Pane 2 Right click in the one of the data columns in the Summary Pane CRC NESN DS Packet Suc cess Ethertype Source Address etc 3 Select Filter in data type The Filtering Results dialog appears Filtering Results 4 Enter a name for the filter 5 Select OK Filter Name The filter you just created appears in the Named Filters section ASCII 3 of the Quick Filtering dialog OK iisi 5 3 1 4 Using Compound Display Filters Compound filters use boolean logic to create complex and precise filters There are three primary Boolean logic operators AND OR and NOT The AND operator narrows the filter the OR o
34. as software upgrades and util ities to use with our products On the Web http fte com support supportrequest aspx Email tech support fte com If you need to talk to a technical support representative about your ComProbe BPA low energy product sup port is available between 9 am and 5 pm U S Eastern Time zone Monday through Friday Technical support is not available on U S national holidays Phone 1 434 984 4500 Fax 1 434 984 4505 7 3 1 Instructional Videos Frontline provides a series of videos to assist the user and may answer your questions These videos can be accessed at fte com support videos aspx On this web page use the Video Filters sidebar to select instructional videos for your product 160 fte com rontline Debug Communications Faster Appendix A Application Notes 1 Decrypting Encrypted Bluetooth low energy Data 2 Bluetooth Virtual Sniffing 161 fte com rontline Debug Communications Faster A 1 Decrypting Encrypted Bluetooth low energy A 1 1 How Encryption Works in Bluetooth low energy Data encryption is used to prevent passive and active man in the middle MITM eavesdropping attacks on a Bluetooth low energy link Encryption is the means to make the data unintelligible to all but the Bluetooth mas ter and slave devices forming a link Eavesdropping attacks are directed on the over the air transmissions between the Bluetooth low energy devices so data encry
35. be from a configured device if 1 The packet has an LE ADV layer and field Meets Predefined Filter Criteria for BT low energy devices Yes in the LE BB layer 2 or the packet has anLE DATA layer e Selecting All Devices displays data from all available devices The bottom of the graph shows a beginning time and an ending time The beginning time is relative to the start of the session and is initially O When packets start wrapping out it becomes the relative time offset of the first available packet The ending time is always the total time of the session Discontinuities are indicated by vertical dashed lines A purple viewport indicates the time range corresponding to the visible timeline The viewport can be moved by clicking elsewhere in the graph or by dragging it Whenever it is moved the timeline scrolls to match When the timestamp range in the timeline changes the viewport moves and resizes as necessary to match Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time 4 4 2 4 The Timeline The low energy Timeline shows Bluetooth packets within a specific period of time Time is shown as one or more contiguous segments Within each segment are one or more source access address or radio rows 72 fte com rontline Debug Communications Faster Bluetooth low energy Timeline le Sniffer_Capture_GB6900AA 2
36. by the current width of the Viewport Holding down the Shift key will prevent the Viewport from moving if there is not enough room to move by its full width e Pressing the double right arrow button or the PgDn key moves the Viewport to the right by the cur rent width of the Viewport Holding down the Shift key will prevent the Viewport from moving if there is not enough room to move by its full width e Holding the Shift key down and the right or left arrows moves the right side of the Viewport e Holding the Ctrl key down and the right or left arrows moves the left side of the Viewport e The Scroll bar includes inapplicable packets sniffer debug WiFi etc so that the packet range selected in Frame Display can be shown Inapplicable packets are not however included in the statistics reports e Ifthe Viewport is adjusted within PER Stats as opposed to selecting a packet range in Frame Display it uses only whole bars on both sides e Statistics are retained for all packets regardless of whether any of those packets have wrapped out You Reset can select the Reset button which is located above the right portion of the Scroll Bar to discard all stats for packets received up to that point e The Reset button is only available when you are capturing data 4 4 4 9 Packet Error Rate Excluded Packets ID packets and packets that are missing channel numbers such as HCI and BTSnoop will not display data ID packets are exclude
37. cfa File Format Zoom Navigate Help COND 9 4 IZA Average Packet Throughput Throughput Over Time O O Side1 45 845 bits s E Adv Scanning Side2 Average Payload Throughput ha E Adv Initiator Master 47 bits s y Packet Throughput EC Adv Unkn O Stave Data Start 1 Second Packet Throughput 319 HH 2 Payload Throughput E crc Error P Data Cont A he WA UMA aa a a A Br DAMAY Man 7 AL 7 Piai Data Empty E Unable to Decrypt 1 Second Payload Throughput 546 A l TA T Both Data Ctri D Invalid Fs 0 bits s I Data Unknown eee aes All Devices Discontinuity IV Show Running Average Ox50655d5b Packet 108 370 Ady Advertising Ady Type ADY IND Timestamp 3 14 2013 12 29 29 277668 PM Duration 376 us Prev Next Timestamp Deltas 18 463 ms 768 us Addr Prev Next Gaps 18 087 ms 392 us CP 0 Oxaf9ab45e Channel Index 37 2402 MHz Meets Predefined Filter Criteria for BT low energy devices No Event Status Recieved without errors ears PDU Length 39 1 Advertiser Address Ox727272727272 Access Address 0x8e89bed6 LE ADV AdvA Ox727272727272 AddrT ype pub Type ADV IND Chan 37 Len 37 Help Press F1 Figure 44 Bluetoothlow energy Timeline 4 4 2 4 1 How Packets Are Displayed Bluetooth low energy packets are displayed in the low energy timeline in Segments and Rows e Segments are pieces of the timeline You can zoom in to sho
38. click OK 4 4 1 13 1 Frame Display Right Click Filterin In Frame Display protocols are displayed as tabs in the Summary pane When you select a tab the protocol layers are displayed The layers vary depending on the protocol You can create additional protocol tabs that highlight specific layers in the Summary pane using the Filtering Results dialog Note The Filtering Results dialog is not available for all layers because the information within those layers is not sortable like time To use the Filtering Results dialog Export 1 Right click on a value in the Summary pane For example the S for Slave under Role Filter in Role Slave Filter Dialog field equals 2 On the drop down list select Filter in name value where name is the column name Provide AVDTP Rules and value is the column value to filter For our example Filter in Role Slave appears in the menu The Filtering Results dialog appears 3 Enter a name for the Filter or use the default name 4 Click OK Role Slave A new protocol tab with the Filter Name you just created appears in the Summary pane The new tab displays data specific to the layer you selected 66 fte com rontline Debug Communications Faster 4 4 1 13 1 1 Filtering On the Summary Layer Protocol To filter on the protocol in the Summary in the Frame Display window pane 1 Select the tab of the desired protocol or open the Summary combo b
39. click the Timestamping Options button or click the click the Timestamping Options icon from the O Event Display window 2 Go to the Display Options section at the bottom of the window and find the Display Relative Timestamps checkbox 3 Check the box to switch the display to relative timestamps Remove the check to return to abso lute timestamps _ Note The options in this section affect only how the timestamps are displayed on the screen not how the timestamps are recorded in the capture file e Display Raw Timestamp Value shows the timestamp as the total time in hundred nanoseconds from a specific point in time e Display Relative Timestamps shows the timestamp as the amount of time that has passed since the first byte was captured It works just like a stop watch in that the timestamp for the first byte is 0 00 00 0000 and all subsequent timestamps increment from there The timestamp is recorded as the actual time so you can flip back and forth between relative and actual time as needed e Selecting both values displays the total time in nanoseconds from the start of the capture as opposed to a specific point in time e Selecting neither value displays the actual chronological time When you select Display Relative Timestamp you can set the number of digits to display using the up or down arrows on the numeric list 155 fte com rontline Debug Communications Faster 1 4 1 4 Displaying Fraction
40. eee eee ec eee ce cece cece eeeeeees 22 Figure 17 Parameters Added to Decoder eee eee eee c ec ec eee eee e cee eeceeeeeeees 23 Figure 18 Change the Selected Items to Carry selection list 24 Figure 19 RFCOMM parameters tab ec eee eee cece eee cece eee mmama mumu 25 Figure 20 Set Subsequent Decoder Parameters selection list 27 Figure 21 Packet Transfer Dialog cee ceeeeceeeeeeees 29 Figure 22 Frame Display Extended Inquire Response 22 cece eee eee cece eee eee ceeeeeeeees 30 Figure 23 EVENEDISPIAY AI 36 Figure 24 Delta fieldS mmmmmmmmmmmumwmu mumu numu mum 39 Figure 25 Format MENU AI Aua 41 Figure 26 Header labels right click naandaa aoaaa aaa aaa aaa aaa aaa aoaaa aoaaa 41 fte com rontline Debug Communications Faster Figure 27 Data display right click menu 2 22 2 eee eee cee ee cee cee cece cece eee eeeeeeeees 41 Figure 28 Event Display Options menu eee cee ee ec ceeee ce eee cece cece ornano annan 45 Figure 29 Event Display Font Size Selection ieee eee eee eee cece eee eee eeeeeeees 45 Figure 30 Frame Display with all panes active 22 2 2 e ee eee cece cece cece eeceeeeees 46 Figure 31 Frame Display Find text entry field
41. energy Timeline Flow with Segment and Row Relationship e Rows can display either source device access addresses or the three radios receiving the data You choose with methods by selecting Show Device Address Rows or Show Radio Rows from the Format menu 4 42 42 Format Menu Show Device Address Rows will display rows of packets from sending devices The source device address will appear on the left of each row Show Radio Rows Show Radio Rows will display rows packets received on D EU ng a sx radios 0 1 or 2 The radio number will appear on the left of each row o The Addr rows display packets sent by that access address for all devices or configured devices You select All Devices or Configured Devices using the radio buttons The address shown is the access address for the device Selected Packet 57 120 Adv Type ADV IND Timestamp Addr Figure 46 Device Address Rows o The Radio rows display packets received by that radio 0 1 or 2 74 fte com rontline Debug Communications Faster Selected Packet 30 957 Adv Type SCAN REQ Timestamp 3 14 2013 12 1 150 us Radio Figure 47 Radio Rows The mouse wheel scrolls the timeline horizontally when displaying a single segment and scrolls ver tically when displaying multiple segments You can also zoom by using the right click menu which displays magnification values using the and Zoom buttons on the toolbar or by selecting a valu
42. feature is a simple and easy way to perform HCl sniffing Virtual sniffing is not limited to just HCl sniffing but it is the most common use and this white paper will focus on the HCl sniffing application of Virtual sniffing It is also important to understand that ComProbe software is a multi mode product ComProbe software does support traditional air sniffing It also supports serial HCI sniffing for the H4 HCI UART H5 3 wire UART and BCSP BlueCore Serial Protocol protocols USB HCI H2 sniffing SDIO sniffing and Virtual sniffing So with ComProbe software nothing is sacrificed the product is simply more functional than other Bluetooth protocol analyzers A 2 3 Bluetooth Sniffing History Frontline has a strong appreciation for the importance of HCI sniffing because of the way we got involved with Bluetooth Because of our company history we are uniquely qualified to offer a multi mode analyzer that 172 fte com rontline Debug Communications Faster provides many ways to sniff and supports a wide variety of protocols This brief Bluetooth sniffing history should help you understand our approach to Bluetooth protocol analysis In the early days of Bluetooth there were no commercially available Bluetooth protocol analyzers so developers built their own debug tools and or used protocol analyzers that weren t built for Bluetooth Many developers built homegrown HCI analyzers basically hex dumps and crude traces
43. file to search 2 Open the Event Display or Frame Display window 3 Click on the Find icon aa or choose Find from the Edit menu 4 Click on the Go To tab of the Find dialog 5 The system displays the Find dialog with the Go To tab selected content of the capture file you are viewing P Note The tabs displayed on the Find dialog depend on the product you are running and the Find Decode Pattern Tre GoTo Special Everts Booknerd HF rame Numbwt 3 1 Mere Formard C Data Event Number Al Everts Humber F Te Figure 80 Find Go To tab To go to a particular frame 1 Select the Frame Number radio button 2 Type the frame number in the box 3 Click the Go To button 4 To move forward or backward a set number of frames type in the number of frames you want to move 5 Then click the Move Forward or Move Back button To go to a particular event 1 Select the Data Event Number or All Events Number radio button 2 Type the number of the event in the box 3 Click the Go To button 110 fte com rontline Debug Communications Faster 4 To move forward or backwards through the data type in the number of events that you want to move each time 5 Then click on the Move Forward or Move Backward button 6 For example to move forward 10 events type the number 10 in the box and then click on Move Forward Each time you click on Move Forwa
44. from the drop down list Select layer and message Protocol Layer F 4 Once you select the Protocol Mes Protocol Message faa sage click OK AVOTP Signaling B The Search dialog disappears and the first search result is highlight in the Message Sequence Chart JP RFCOMM OBEX BIP FTP OBEX connection for the BIP Basic Imaging Image Push profile created Profile BIP Typesx byimg capabilities Figure 64 Highlighted First Search Result If there is no instance of the search value you see this following dialog Once you have set the search value you can 1 use the Search Previous Bi The message Abort was not Found and Search Next a3 buttons or 2 F2 and F4 to move to the next or previous frame in the chart 4 4 3 2 Message Sequence Chart Go To Frame The Message Sequence Chart has a Go To Frame function that makes it easy to find a specific frame within the layers al In addition to Search you can also locate specific frames by clicking on the Go To Frame 255 toolbar icon 88 fte com frontline Debug Communications Faster Mm l Click Go To Frame mmo in the toolbar Enter frame number fx 2 Enter a frame number in the Enter frame No text box Enter Frame No i 3 Click OK The Go To Frame dialog disappears and the selected frame is high lighted in the chart Once you have identified the frame in Go To you can 1 use the Search Previous ah and Search Nex
45. logical bytes in the BS Ge Se LI frame in ASCII EBCDIC or Baudot The character setcan This is the Character Fane be changed from the Format menu or by right clicking on 7 the pane and choosing the appropriate character set E Copy Selection to Clipboard Because the Character pane displays the logical bytes 2 Select Entire Frame rather than the physical bytes the data in the Character p Change Text Highlight Color pane may be different from that in the Event pane See ap NN Physical vs Logical Byte Display for more information E ASCI 7 bit ASCI Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the EBCDIC Decode pane Baudot 62 fte com rontline Debug Communications Faster The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 7 Binary Pane The Binary pane displays the logical bytes in the frame in binary Because the Binary pane displays the logical bytes rather than the physical bytes the data in the Binary pane may be different from that in the Event pane See Physical vs Logical Byte Display for more information Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the Decode pane The Event Radix Binary Character and Decode panes a
46. looks for SDP Service Attribute Responses or Service Search Attribute Responses carrying protocol descriptor lists If the analyzer sees L2CAP listed with a PSM it stores the PSM and the UUID for the next pro tocol in the list After the SDP session is over the analyzer looks at the PSM in the L2CAP Connect frames that follow If the PSM matches one the analyzer has stored the analyzer stores the source channel ID and destination channel ID and associates those channel IDs with the PSM and UUID for the next protocol Thereafter when the analyzer sees L2CAP frames using those channel IDs it can look them up in its table and know what the next protocol is In order for the analyzer to be able to auto traverse using a dynamically assigned PSM it has to have seen the SDP session giving the Protocol Descriptor Lists and the subsequent L2CAP connection using the PSM and identi fying the source and channel IDs If the analyzer misses any of this process it is not able to auto traverse It stops decoding at the L2CAP layer 34 fte com rontline Debug Communications Faster For L2CAP frames carrying a known PSM 0x0001 for SDP for example or 0x0003 for RFCOMM the analyzer looks for Connect frames and stores the PSM along with the associated source and destination channel IDs In this case the analyzer does not need to see the SDP process but does need to see the L2CAP connection pro cess giving the source and destination chan
47. low energy Information LE Device Di aur LE Encryption Long Term Key PIN OOB data Sniffer Diagnostics Premium Maintenance will expire on July 26 2023 EEE Querying for firmware ids ag g for firmware ids Figure 3 BPA low enegy Datasource Devices Under Test Tab The default value in the LE Device drop down is Sync with First Master To begin sniffing Bluetooth low energy simply click the red Start button on the datasource toolbar 3 1 1 1 1 Specifying the LE Device Address You may specify the LE device you are testing by typing in or choosing its address BD ADDR You can type it dir ectly into the drop down or choose it from the existing previous values list in the drop down To enter the device manually type the address 12 digit hex number 6 octets The Ox is automatically typed in the drop down control 10 fte com rontline Debug Communications Faster To refresh or discover devices click on the BPA low energy Information tab Once you have the devices address identified the next step is to identify the Encryption 3 1 1 1 2 LE Encryption LE Encryption Long Term Key PIN JOOS data Figure 4 BPA low energy Devices Under Test LE Encryption 1 Enter the Long Term Key for the LE Encryption The Long Term Key is similar to the Link key in Classic It is a persistent key that is stored in both devices and used to derive a fresh encryption key each time the de
48. master or slave e Channel ID The channel number 0 through 78 e Address This is the physical connection values for the devices Each link in the net will have an address A piconet can have up to seven links The Frame Display can provide address information ee Frame 35 Slave Len 2 E Baseband e Data Source DS No When only one data source is employed set L2CAP this parameter to O zero otherwise set to the desired data source 3 be Role Slave number i Address 1 POL Length 14 i Channel ID Ox0040 SOF H SDP Carries PSM Select the protocol that L2CAP traverses to from the fol lowing e AMP Manager e AMP Test Manager e SDP e RFCOMM e TCS e LPMP e BNEP e HCRP Control e HCRP Data 22 fte com rontline Debug Communications Faster e HID e AVCTP e AVDTP e CMTP e MCAP Control e IEEE P11073 20601 e Raw Data Adding Deleting and Saving L2CAP Parameters 1 From the Set Initial Decoder Parameters window click on the L2CAP tab 2 Set or select the L2CAP decoder parameters 3 Click ont he ADD button The Intial Connection window displays the added parameters Initial Connections in efect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog On the Slave side with CID 0000 Address 0 and DataSource 1 L CAP is camying AMP Test Manager On the Master side with CID 0000 Address 0 and DataSource 2 LACAP is camyi
49. met These tabs appear only in the General group and apply to all technologies The tabs are e Bookmarks appear when a bookmark is first seen e Errors appear when an error is first seen An error is a physical error in a data byte or an error in the pro tocol decode e Info appears when a frame containing an Information field is first seen The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected Comparing Frames If you need to compare frames you can open additional Frame Display windows by clicking on the Duplicate View icon ig You can have as many Frame Display windows open ata time as you wish Frame Wrapping and Display In order to assure that the data you are seeing in Frame Display are current the following messages appear describing the state of the data as it is being captured e All Frame Display panes except the Summary pane display No frame selected when the selected frame is in the buffer i e not wrapped out but not accessible in the Summary pane This can happen when a tab is selected that doesn t filter in the selected frame e When the selected frame wraps out regardless of whether it was accessible in the Summary pane all Frame Display panes except the Summary pane display Frame wrapped out of buffer 47 fte com rontline Debug Co
50. off e Searching for an Exact State To search for an exact state means that the analyzer finds events that match exactly the state of the control signals that you specify o First choose to search for an event where your choices exactly describe the state o This changes the normal check boxes to a series of radio buttons labeled On Off and Don t Care for each control signal o Choose which state you want each control signal to be in 114 fte com rontline Debug Communications Faster o Choose Don t Care to have the analyzer ignore the state of a control signal o When you click Find Next the analyzer searches for an event that exactly matches the conditions selected beginning from the currently selected event o Ifthe end of the buffer is reached before a match is found the analyzer asks you if you want to con tinue searching from the beginning o Ifyou want to be sure to search the entire buffer place your cursor on the first event in the buffer o Select one of the four radio buttons to choose the condition that must be met in the search o Select one or more of the checkboxes for Pin 1 2 3 or 4 o Click Find Next to locate the next occurrence of the search criteria or Find Previous to locate an earlier occurrence of the search criteria 5 1 7 Searching for Data Errors The analyzer can search for several types of data errors Searching for data error sallows you to choose which errors you want to searc
51. or new data appears within the Viewport e The Channel Not Available symbol is displayed if the channel is not available in the most recent channel map that is in or before the last selected packet even if that channel map comes before the first selected packet Bluetooth Adaptive Frequency Hopping processes will block channels determined to be unreliable These channels are not available because the Bluetooth devices have decided not to use them e s changes the size of the entire dialog e c changes the contrast of the dialog e The Reset button is only available in live mode The button will appear in the lower right hand corner of the Channels section Clicking on the Reset button will clear all prior data from PER Stats 4 4 4 3 Packet Error Rate Pie Chart and Expanded Chart The Expanded PER Stats Chart in the upper right displays detailed information about the channel selected from the main channel dialog Expanded Chart Pie Chart 93 fte com rontline Debug Communications Faster When PER Stats is first opened Channel 0 1s displayed in the expanded chart The top orange number on the Y Axis displays the maximum number of packets in Snap Mode If Snap Mode is turned off the number will display in light blue The number of the selected channel is displayed in the upper left comer of the expanded chart The combined value of Header and Payload CRC errors for the channel is displayed in red as
52. selecting 33 75 ms 1x27 will display 33 75 ms of the throughput graph in 1 segment with 27 markers The scroll bar at the bottom of the segment will scroll the throughput graph view port 81 fte com rontline Debug Communications Faster 4 4 2 8 1 2 Multiple Segments Timeline view displayed Numberof segments Markers per segment 7 5 ms 6 1 25 ms time intervals Bx2 f 22 5 mg 18 1 25 ms time intervals 6 31 90 ms 72 1 25 ms time intervals 12x61 202 5 ms 162 1 25 ms time intervals 1391 360 ms 288 1 25 ms time intervals 2412 562 5 ms 450 1 25 ms time intervals 30x157 B10 ms 648 1 25 ms time intervals 36x18 1 1025 s 882 1 25 ms time intervals 42x211 1 44 s 1152 1 25 ms time intervals 48241 1 8225 s 1458 1 75 ms time intervals 544271 2 255 1800 1 25 ms time intervals 60x307 2 1225 5 2178 1 75 ms time intervals 66x33 3 24 s 2592 1 25 ms time intervals 2x36 3 8025 s 3042 1 25 ms time intervals 78x39 4 41 s 3528 1 25 ms time intervals 4042 5 0625 s 4050 1 25 ms time intervals 900451 Zoom Menu Multiple Segment Each selection defines the timeline view port the number of segments and number of 1 25 ms markers withing the segment For example selecting 7 5 ms 6 1 25 ms time intervals 3x2 will display 7 5 ms of the total timeline in 3 segments of with 2 markers per segment for a total of 6 markers The scroll bar at the left
53. the option to print either the entire capture buffer or the current selection When Print Preview is selected the output displays in a browser print preview window where the user can select from the standard print options The output file format is in html and uses the Microsoft Web Browser Control print options for background colors and images see below Print Background Colors Using Internet Explorer l 2 3 4 5 Open the Tools menu on the browser menu bar Select Internet Options menu entry Click Advanced tab Check Print background colors and images under the Printing section Click the Apply button then click OK The Event Display Print feature uses the current format of the Event Display as specified by the user See About Event Display for an explanation on formatting the Event Display prior to initiating the print feature Configure the Print File Range in the Event Display Print dialog Selecting more than one event in the Event Display window defaults the radio button in the Event Display Print dialog to Selection and allows the user to choose the All radio button When only one event is selected the All radio button in the Event Display Print dialog is selected How to Print Event Display Data to a Browser l Select Print or Print Preview from the File menu on the Event Display window to display the Event Display Print dialog Select Print if you just want to print your data to your default prin
54. the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 1 Select the frame where the change should take effect 2 Select Set Subsequent Decoder Parameters from the Options menu or by selecting a frame in the frame display and choosing from the right click pop up menu and make the needed changes 3 Select the rule you wish to modify from the list of rules 4 Choose the protocol the selected item carries from the drop down list and click OK If you do not have any previously overridden parameters you may set parameters for the current frame and onwards by right clicking the desired frame and choosing Provide AVDTP Rules from the right click pop up menu This is the Summary Pane Copy Selection to Clipboard Save Selection If you have a parameter in effect and wish to change it there are Go To two parameters that may be overridden for AVDTP Change the Show Frame Size Column Selected Item to Carry and if AVDTP Media is selected the codec Show Timestamp Column type Because there are times when vital AVDTP configuration 1 Show Delta Column information may not be transferred over the air we give usersthe Add New Column Help ability to choose between the four AVDTP channel types for each Kamana Naa nana L2CAP channel carrying AVDTP as well as codec type We attempt to _ e sagasaan make our best guess
55. to save a new template 5 Click the OK button to apply the selection and exit the Set Initial Decoder Parameters window 3 2 3 AVDTP Decoder Parameters 3 2 3 1 About AVDTP Decoder Parameters Each entry in the Set Initial Decoder Parameters window takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters window AVDTP Security L2CAP RFCOMM A2DP use iPx TCP UDP Initial Connections in effect from beginning of capture onward until redefined Piconet DataSource DS No enter Ofor single DS 0 X Role Slave Z L2CAP channel 4 L2CAP channel is Multiplexed Remote side TSID AVDTP is canying AVDTP Signaling Z Add Figure 12 AVDTP parameters tab The AVDTP tab requires the following user inputs to complete a parameter e Piconet Data Source DS No When only one data source is employed set this parameter to 0 zero otherwise set to the desired number of data sources e Role This identifies the role of the device initiating the frame Master or Slave e L2CAP Channel The channel number O through 78 o L2CAP channel is Multiplexed when checked indicates that L2CAP is multiplexed with upper layer protocols e AVDTP is carrying Select the protocol that AVDTP traverses to from the following o AVDTP Signaling o AVDTP Media o AVDTP Reporting o AVDTP Recovery o Raw Data Adding Deleting and Sav
56. used only for viewing capture files To reframe your data load your capture file select a protocol stack and then select Reframe from the File menu on the Control window Reframe is only available if the frame recognizer used to capture the data is dif ferent from the current frame recognizer In addition to choosing to Reframe you can also be prompted to Reframe by the Protocol Stack Wizard 1 Load your capture file by choosing Open from the File menu on the Control window and select the file to load 2 Select the protocol stack by choosing Protocol Stack from the Options menu on the Control win dow select the desired stack and click Finish 3 Ifyou selected a protocol stack that includes a frame recognizer different from the one used to cap ture your data the Protocol Stack Wizard asks you if you want to reframe your data Choose Yes 4 The analyzer adds frame markers to your data puts the framed data into a new file and opens the new file The original capture file is not altered See Unframing on page 34 for instructions on removing framing from data 33 fte com rontline Debug Communications Faster 4 2 4 Unframing This function removes start of frame and end of frame markers from your data The original capture file is not altered during this process You cannot unframe from the Capture File Viewer accessed by selecting Capture File Viewer or Load Capture File to start the software and used onl
57. useful to keep or include notes to another person detailing which frames to look at and why Bookmarks are another useful way to record information about individual frames To open the Notes window 1 Click the Show Notes icon La This icon is present on the toolbars of the Frame Display e as well as the Event Display P Notes can be selected from the Edit menu on one of these windows 2 Type your comments in the large edit box on the Notes window The Cut Copy Paste features K Ba BR features are all supported from Edit menu and the toolbar KA at the current cursor location are supported from Edit menu and the toolbar when text is selected Undo and Redo 3 Click the thumbtack icon Ba to keep the Notes window on top of any other windows 4 When you re done adding comments close the window 5 When you close the capture file you are asked to confirm the changes to the capture file See Confirming Capture File CFA Changes for more information 6 2 Loading and Importing a Capture File 6 2 1 Loading a Capture File From the Control Window 1 Go to the File menu 2 Choose a file from the recently used file list 3 If the file is not in the File menu list select Open Capture File from the File menu or simply click 2 on the Open icon on the toolbar 4 Capture files have a cfa extension Browse if necessary to find your capture file 5 Click on your file and then click Open 136 fte com ront
58. window or select Apply Modify Dis play Filters from the Filter menu to open the Set Condition dialog box The Set Condition dialog is self configuring which means that when you Select each frame under Conditions the following dis played fields depend on your selection With each subsequent selection the dialog fields will change depending on you selection in that field Set Condition Currently Active Condition lt Untitled gt Include Exclude Condition Select each frame where the protocol LA AVCTP field x Command Response v ls Not Present w V All Fields Advanced Cancel Help Figure 88 Example Set Conditions Self Configuring Based on Protocol Selection Set Condition fe Currently Active Condition lt Untitled gt Include Exclude Condition Select each frame in the range 187 to 234 Enter decimal numbers by typing in the number directly and hexadecimal numbers by starting the number with Ox Advanced Cancel Help Figure 89 Example Set Conditions Self Configuring Based on Frame Range 2 Select Include or Exclude to add filtered data or keep out filtered data respectively 3 Select the initial condition for the filter from the drop down list 4 Set the parameters for the selected condition in the fields provided The fields that appear in the dialog box are dependent upon the previous selection C
59. you can view or add notes to the capture file Add Modify Bookmark Add a new or modify an existing bookmark Display All Bookmarks Shows all bookmarks and lets you move between bookmarks Find Search for errors string patterns special events and more Go To Opens the Go To dialog where you can specify which event number to go to CRC Change the algorithm and seed value used to calculate CRCs To calculate a CRC select a byte range and the CRC appears in the status lines at the bottom of the Event Display Mixed Sides Serial data only By default the analyzer shows data with the DTE side above the DCE side This is called DTE over DCE format DTE data has a white background and DCE data has a gray background The analyzer can also display data in mixed side format In this format the analyzer does not separate DTE data from DCE data but shows all data on the 37 fte com rontline Debug Communications Faster same line as it comes in DTE data is still shown with a white background and DCE data with a gray background so that you can distinguish between the two The benefit of using this format is that more data fits onto one screen A Character Only The analyzer shows both the number hex binary etc data and the char acter ASCII EBCDIC or BAUDOT data on the same screen If you do not wish to see the hex characters click on the Character Only button Click again to go back to both number and char
60. 00 Slave Captured Byte Master 4369 Slave E 1b b4 c0 23 Ob 9d Se 00 01 07 17 20 Master 4396 Slave d0 23 0b Sd 5c 00 01 5a 01 amp PA 34 0 23 Ob Master 4401 37 6a 0 23 Ob 9d Slave Event 4 338 of 4 831 Frame 188 5 3 2011 1 48 58 604388 PM Source ASCII Hex Dec Oct Binary Errors Master 2F 39 47 00100111 For Help Press Fl Captured Byte Information Figure 23 Event Display Click on an event to find out more about it The three status lines at the bottom of the window are updated with information such as the time the event occurred for data bytes the time the byte was captured the value of the byte in hex decimal octal and binary any errors associated with the byte and more Events with errors are shown in red to make them easy to spot When capturing data live the analyzer continually updates the Event Display as data is captured Make sure the Lock icon 6 is displayed on the toolbar to prevent the display from updating Clicking on the icon again will unlock the display While locked you can review your data run searches determine delta time intervals between bytes and check CRCs To resume updating the display click the Lock icon again You can have more than one Event Display open at a time Click the Duplicate View icon NG tocreate a second independent Event Display window You can lock one copy of the Event Display and analyze your data while the second Event Dis
61. 2 ieee eee eee cee eee cee cece eee eee eeeeeeeeeeee 79 4 4 3 Message Sequence Chart eee cece cee cece cece e eee e cece eeeeeeceeeeeeeees 82 4 4 3 1 Message Sequence Chart Searchu eee cece ee cece eee eeeeeeee 87 4 4 3 2 Message Sequence Chart Go To Frame 2 2222 2 eee eee eee eee eee cece eeeeeee 88 4 4 3 3 Message Sequence Chart First Error Frame 89 4 4 3 4 Message Sequence Chart Printing 90 4 4 4 Packet Error Rate Statistics ce ee eee eee eens 91 4 4 4 1 Bluetooth low energy Packet Error Rate 92 4 4 4 2 Packet Error Rate Channels mumu cece eeeeees 92 4 4 4 3 Packet Error Rate Pie Chart and Expanded Chart 93 4 4 4 4 Packet Error Rate Legend _ 0 222 ieee ce cece cece ee eee aaan 94 4 4 4 5 Packet Error Rate Additional Statistics 95 4 4 4 6 Packet Error Rate Sync Selected Packets With Other Windows 95 4 4 4 7 Packet Error Rate Export ce eee aoaaa aaa annaa 96 4 4 4 8 Packet Error Rate Scroll Bar mumu eee eee eee 96 4 4 4 9 Packet Error Rate Excluded Packets 98 4 5 Data Audio Extraction aa 99 Chapter 5 Navigating and Searching the Data
62. 636 3 Data 80 128 200 10000000 643 11 30 2012 12 20 02 895166 PM 0 00 00 00 642 637 3 Data 80 128 200 10000000 644 11 30 2012 12 20 02 895166 PM 0 00 00 00 643 638 3 Data 80 128 200 10000000 Figure 102 Example csv Event Display Export Excel spreadsheet 6 4 2 1 Export Filter Out You can filter out data you don t want or need in your text file This option is available only for serial data In the Filter Out box choose which side to filter out the DTE data the DCE data or neither side don t filter any data For example if you choose the radio button for DTE data the DTE data would be filtered out of your export file and the file would contain only the DCE data You can also filter out Special Events which is everything that is not a data byte such as control signal changes and Set I O events Non printable characters or both If you choose to filter out Special Events your export file would contain only the data bytes Filtering out the non printable characters means that your export file would contain only special events and data bytes classified as printable In ASCII printable characters are those with hex values between 20 and S7e 6 4 2 2 Exporting Baudot When exporting Baudot you need to be able to determine the state of the shift character In a text export the state of the shift bit can be determined by the data in the Character field When letters is active the character field shows letters and vice versa
63. Conditions Added with an AND Operator 125 Figure 91 Save Named Filter Condition Dialog 022 2 eee eee eee cece eee eeee 126 Figure 92 Using Named Filters Section of Quick Filters to Show Hide Filters 128 Figure 93 Set Condition Dialog in Advanced View 22 cece eee ce eee eee cece eee eee eeeeeeeee 130 Figure 94 Rename Filters Dialog _ _ 2 222 ee eee eee eee eee eee ee cece eee eee eee eeeeeee 130 Figure 95 Frame Display Quick Filtering and Hiding Protocols Dialog 131 Figure 96 Windows Save dialog cece cdeeedeuceseceuex tees bucoudwesdentanueseastausseeeoetunsaiedueda 134 Figure 97 Frame Display Print Dialog lee eee cee aaa aLaaa aoaaa anaana 139 Figure 98 Frame Display HTML Export Dialog _ 2 20 22 eee cece cece ee eee eee eeeeeeee 140 Figure 99 Save As Dialog ii eee ec cee ec cece LaL LaaLa aaa aaan anaa 140 Figure 100 Event Display Print Dialog a 142 Figure 101 Event Display Export Example csv file 143 Figure 102 Example csv Event Display Export Excel spreadsheet 145 Figure 103 System Settings for defining how to capture data 146 Figure 104 Advanced System Options dialog _ 2 222 2 ee eee ee
64. DD button The Intial Connection window displays the added parameters 25 fte com rontline Debug Communications Faster Initial Connections in effect from beginning of capture onward until redefined In the piconet 2 on the Slave side with the L2CAP CID 0x0000 and with the remote side TSID 0 the AVDTP is camying Signalling packets user In the piconet 2 on the Master side with the L2CAP CID 0000 and with the remote side TSID 1 the AVDTP is canying Repatina packets Maine by user In the piconet 2 on the Master side with the L2CAP CID 0x0000 and with the remote side TSID 0 the AVDTP is canying Unknown Modified by user Parameters Added to Decoder 4 To delete a parameter from the Initial Connections window select the parameter and click on the Delete button 5 Decoder parameters cannot be edited The only way to change a parameter is to delete the ori ginal as described above and recreate the parameter with the changed settings and selections and then click on the Add button 6 RFCOMM parameters are saved when the template is saved as described in Adding a New or Sav ing an Existing Template on page 16 3 2 5 2 RFCOMM Missing Decode Information ComProbe software usually determines the protocol carried in an RFCOMM payload by monitoring previous traffic However when this fails to occur the Missing Decoding Information Detected dialog appears and requests that the user supply the missing information The f
65. Data Cont DJ Unabis to Decrypt relate to the packet are highlighted a ube E inaid F5 Sa nga i E Data Unknown o Selected ne text indicates that the type of packet has been seen in the LI unknown PI Discontinuity timeline 4 4 2 3 Throughput Displays Throughput is payload over time There are 3 categories of throughput 69 fte com rontline Debug Communications Faster 4 4 2 3 1 Average and 1 Second Packet Throughput Average Packet Throughput 559 164 Bits Sec 1 Second Packet Throughput B20 Bisten Width peak 559 164 The figure depicts the Average and 1 Second Packet Throughput dis plays This display appears when you select the Packet Throughput radio button e Average Packet Throughput is the total packet size over the entire session divided by the total time Total time is calculated by taking the difference in timestamps between the first and last packet e 1 Second Packet Throughput is the total packet size over the most recent one second e Width peak This displays the maximum throughput seen so far e A horizontal bar indicates percentage of max seen up to that point and text gives the actual throughput 44232 Average and 1 Second Payload Throughput Average Payload Throughput 261 376 Bits Sec The figure depicts the Average and One Second Payload Throughput display This display appears when you select the Payload Throughput radio button 1 Second Payload Throughput 3 240 Biser W
66. E Desktop J Gi libraries ip Downloads JA John W Trinkle Recent Places JW Computer Ga Network CJ Libraries Ji Frontline ComProb File folder e Documents Ji Frontline ComProb File folder a Music Ji Frontline ComProb File folder gt Pictures Ji Frontline ComProb File folder Subversion ne imi 3 Filename ByteLevelExport_1 tt v Save as type Text Files txt z amp Hide Folders Save Cancel Figure 35 Save As dialog Click on the Save button The exported frames are in a text file that can be opened in any standard text editing application The header shows the export type the capture filename the selected filter tab and the number of frames The body shows the frame number the timestamp in the same format shown in the Frame Display Summary pane and the frame contents as raw bytes ByteLevelExport_1 txt Notepad o B amp File Edit Format View Help Byte export of all filtered in frames Capture file le modified channel maps HID kbd cant decrypt GAIT cfa Filter tab Unfiltered 1 299 frames exported Frame Number Timestamp Frame Contents 1 7 5 2012 6 05 23 966944 PM 00 ff b2 00 15 aa d6 be 89 8e 00 13 7b 96 bi eb d7 90 2 7 5 2012 6 05 23 967570 PM 18 ff ae 00 15 aa d6 be 89 Be 00 13 7b 96 bi eb d7 90 3 7 5 2012 6 05 23 968195 PM 4e ff b3 00 15 aa d6 be 89 8e 00 13 7b 96 bi eb d7 90 4 7 5 2012 6 05 23 994441 PM 00 ff b2 00 15 aa d6 be 89 8e 00 13 7b 96 bi eb d7 90
67. PCM YA JJOPP Npa raba always converted PBAP Add Silence packets SCO eSCO SPP RAIS YNC WBS Extract Figure 71 Data Audio Extraction Settings dialog 2 Choose acheckbox es on the left side of the dialog to identify from which profile s you want to extract data It s important to note that if there is no data for the profile s you select no extracted file is created 3 If you want the file s to open automatically after they are extracted select the Open File s After Extraction checkbox P Note This does not work for SCO eSCO 4 Click on aradio button to write the streams as Two Mono Files or as One Stereo File E Note This option is for SCO eSCO only 5 Select the checkbox if you want to convert A Law and law to Linear PCM CVSD are always converted to Linear PCM It s probably a good idea to convert to Linear PCM since more media players accept this format E Note This option is for SCO eSCO only 6 Select the Add Silence packets to insert the silence packets dummy packets for the reserved empty slots into the extracted file If this option is not selected the audio packets are extracted without inserting the silence packets for the reserved empty slots E Note This option is for SCO eSCO only 100 fte com contline Debug Communications Faster 7 Select Extract A Save As dialog appears Sever E AFH Ih AFH Change cfa frm The application will assign
68. PRETO NPMATE AETI Figure 121 LE LL Tab Encryption Request Frame 39 617 from Initiator Side 1 168 fte com frontline Debug Communications Faster A 1 7 3 Viewing Encryption in the Message Sequence Chart The ComProbe software Message g Sequence Chart MSC links directly to 2 Mmmm ems Pit bii vipe Hg frames being viewed in the Frame Dis MALARIA play Similarly MSC will display the same dil Layers Cixi Summary How idep Summary LE BO LE ADV LE DATA LE LL LEGAP ATT SP information as the Frame Display Decoder pane Frames are synchronized between the Frame Display Summary pane and the MSC so clicking on a frame in either window will select that same frame in the other window Also the pro tocol tabs are the same in each window To see the pairing process click on the 79 591 SMP tab Updated channel map used Confira Value e7 4c2569e1 Je92125799n45a6425678a DHP Pairing Cosim Cone Vahe 2 a kaaa 35500 In the image above we see Frame 35 539 initiating the pairing from the mas ter device The response SMP_ Pairing Response is sent from the slave in Figure 122 MSC SMP Paring BPA 600 low energy capture Frame 35 545 SMP_ Pairing Confirm occurs between the master and the slave devices at Frame 39 591 and 39 600 respectively foe aip Fran FL Clicking on the MSC LE LL tab will show the process of encrypting a session link Clic
69. SG frontline 3 Figure 2 Desktop Folder Link 0 lll eee eee cc cee ee cece e cence names 4 Figure 3 BPA low enegy Datasource Devices Under Test Tab 10 Figure 4 BPA low energy Devices Under Test LE Encryption 11 Figure 5 BPA low energy Information Tab 000000000000020 o aooaa noona 12 Figure 6 BPA low enerby Information Tab Update Firmware Dialog eee 12 Figure 7 Select Set Initial Decoder Parameters from Control window 14 Figure 8 Tabs for each decoder requiring parameters eee eee eee cece eee eee 14 Figure 9 Set Subsequent Decoder Parameters from Control window 15 Figure 10 Example Set Subsequent Decode for Frame 52 RFCOMM 15 Figure 11 A2DP Decoder Settings eee cece cece cece cece cece oaro oann 17 Figure 12 AVDTP parameters tab ce cc cee aaao anaana 18 Figure 13 Look in Decoder pane for profile hints 20 Figure 14 AVDTP Override of Frame Information Item to Carry 21 Figure 15 AVDTP Override of Frame Information Media Codec Selection 21 Figure 16 L2CAP Decoder parameters tab _ 0 22 2
70. Select the frame where the change should take effect and select Set Subsequent Decoder Para meters from the Options menu or by selecting a frame in the frame display and choosing from the right click pop up menu and make the needed changes Change the RFCOMM parameter by selecting from the Change the Selected Item to Carry drop down list If you wish to remove an overridden rule click on Remove Override button If you want to remove all decoder parameter settings click on Remove All Choose the protocol the selected item carries from the drop down list and click OK Each entry in the Set Subsequent Decoder Parameters dialog takes effect from the specified frame onward or until redefined in this dialog on a later frame g Set Subsequent Decoder Parameters fte com Debug Communications Faster This is the Summary Pane Copy Selection to Clipboard Save Selection Go To Show Frame Size Column Show Timestamp Column Show Delta Column Add New Column Help Remove New Column Change Column Order Help Restore Default Columns Add Bookmark Export Provide L2CAP Rules Provide RFCOMM Rules Set Subsequent Decoder Parameters Show Hidden Panes b 131 RFCOMM Rules in effect from frame 131 onward until redefined here for a later frame On the Slave side with Server Channel 1 DLCI 2 RFCOMM is canying Headset Overridden by use
71. You can access this window in Bluetooth low energy by selecting the Bluetooth low energy Packet Error Rates Statistics icon rl from the Control window or Frame Display You can also open the window from the View menu on the same windows 91 All Change aralan Per Germ Eren Channa Graph T Enis Has Buraika T A M ra we Pee be Fechets with Her Wohi Bayaang Namana dana Mala Figure 67 Bluetooth low energy PER Stats Window 4 4 4 2 Packet Error Rate Channels The main portion of the PER Stats dialog displays the and 40 individual channels 0 39 for Bluetooth low energy kl Bhai bira agp Pairt Error Kaba by Channel Kumbe gt Basi 245 43 Figure 68 Bluetooth low energy Packet Error Rate Channels 92 fte com rontline Debug Communications Faster e For Bluetooth low energy Each channel contains a bar that displays the number of packets with no errors in green packets with CRC errors in dark red e The red number at the top of the channel shows the percentage of Header Error and Payload CRC Errors in relationship to the total number of packets in the channel e The light blue number at the top of each channel shows the megahertz MHz for the channel if the option is chosen in the Additional Statistics section e When you select a channel detailed information for that channel is displayed in the expanded chart on the upper right e The channels change dynamically as the Viewport is moved
72. a Capture Method 3 Clear Capture Buffer 146 CN 159 Color of Data Bytes 64 Colors 64 Comma Separated File 142 Compound Display Filters 124 Confirm CFA Changes 135 Context For Decoding 35 Control Characters 159 Control Signals 43 153 Control Window 9 146 Configuration Information 7 Conversation Filters 126 CPAS Control Window Toolbar 6 CR 159 CRC 38 CSV Files 142 Custom Protocol Stack 30 32 Custom Stack 31 32 178 fte com ontline Debug Communications Faster Customizing Fields in the Summary Pane 60 D D 1 159 D 2 158 D 3 158 D 4 158 D E 159 Data 39 133 134 Capturing 28 Data Byte Color Denotation 64 Data Errors 115 Data Extraction 99 Data Rates 39 Decimal 40 Decode Pane 61 Decoder Parameters 14 Decodes 13 30 35 45 51 61 103 Default File Locations 151 Delete a Template 17 Deleting Display Filters 127 Delta Times 39 Direction 126 Directories 151 Disabling 146 Display Filters 122 127 130 Display Options 156 DL 159 Dots 61 Driver 160 Duplicate View 36 38 54 55 E B 159 E C 159 EBCDIC 42 EBCDIC Codes 158 EIR 29 EM 159 EQ 159 Errors 67 115 132 153 ET 159 Event Display 35 54 142 Event Display Export 142 Event Display Toolbar 36 Event Numbering 157 Event Pane 63 Event Symbols 42 EX 159 Exclude 124 Exclude Radio Buttons 124 Expand All Collapse All 61 Expand Decode Pane 55 Export Export Baudot 145 Export Events 143 Export Filter Out 145 Extended Inquiry Res
73. absolute values where the max value of each channel graph is the same regardless of the position of the Viewport Channel 33 which is snapped to the top of the chart in Snap Mode shown above left appears like the right image when Snap Mode is turned off e Scrollbar Y Axis Max displays the maximum Y Axis value in the Scroll Bar 4 4 4 6 Packet Error Rate Sync Selected Packets With Other Windows By default and unlike other windows PER Stats is not synchronized with other windows such as Frame Display in that selecting a frame range in one does not highlight the same frame range in the other This ensures that Frame Display isn t constantly re synchronizing during live capture while the view port is maximized in PER Stats If PER Stats synchronization is desired it can be enabled by check ing the Sync Selected Packets with Other Windows checkbox AW poche iy 95 fte com frontline Debug Communications Faster 4 4 4 7 Packet Error Rate Export The Export section of PER Stats allows you to export data to a csv or txt file 1 To use the Export select a range of data using the Viewport Export Selected Data 2 Select csv or txt from Export Selected Data depending on 2 E what type of data file you want The Save As dialog appears p tat Save As g g Save Ini 6 data extraction Y G bi E3 Ei Recent g Desktop 1 va KA W My Documents My Computer Aa t File name 9 o
74. acket selected in both segments If the previous packet is not shown in the timeline display or a portion of the packet is displayed the display will move the view port back in time and will display the selected packet in the top segment on the left edge Each segment s timestamps will synchronously change as the view port scrolls back wardsin time m Selecting Next Packet will select the next packet moving forward in time to the right on the to the next packet regardless of which row or segment it is in If the next packet overlaps on a following segment the display will show the packet selected in both segments If the next packet is not shown in the timeline display on any segment or a portion of the packet is displayed the display will move the view port forward in time and will display the selected packet in the bottom segment on the right edge Each segment s timestamps will synchronously change as the view port scrolls forward in time All subsequent selected next packets will appear on the right of the bottom segment e Multiple packets are selected either by dragging the mouse or by holding down the shift key while nav igating or clicking e When a single packet is selected in the timeline it is also becomes selected in the Frame Display When multiple packets are selected in the timeline only one of them is selected in the Frame Display e The keyboard left arrow key goes to the previous packet The nght arrow key goes to the n
75. acter mode Number Only Controls whether the analyzer displays data in both character and number 4 format or just number format Click once to show only numeric values and again to show both character and numeric values All Events Controls whether the analyzer shows all events in the window or only data bytes Events include control signal changes and framing information Timestamping Options Brings up the timestamping options window which has options for customizing the display and capture of timestamps 4 3 3 Opening Multiple Event Display Windows Click the Duplicate View icon dg from the Event Display toolbar to open a second Event Display window You can open as many Event Display windows as you like Each Event Display is independent of the others and can show different data use a different radix or character set or be frozen or live The Event Display windows are numbered in the title bar If you have multiple Event Displays open click on the Event Display icon P on the Control window toolbar to show a list of all the Event Displays currently open Select a window from the list to bring it to the front 4 3 4 Calculating CRCs or FCSs The cyclic redundancy check CRC is a function on the Event Display window used to produce a checksum The frame check sequence FCS are the extra checksum characters added to a frame to detect errors 1 Open the Event Display P window 2 Click and drag to select the data for
76. again to return to side over side mode 3 You can right click in the center of the data display window to change between mixed and side over side modes by selecting Display Sides Together A check mark is displayed Click on Dis play Sides Together to remove the check mark and return to side by side display 4 Right click in the sides panel on the right of the data display and select Display Sides Together A check mark is displayed Click on Display Sides Together to remove the check mark and return to side by side display 4 3 7 5 List of all Event Symbols By default the Event Display shows all events which includes control signal changes start and end of frame characters and flow control changes If you want to see only the data bytes click on the All Events button Click again to display all events Click on a symbol and the analyzer displays the symbol name and sometimes additional information in the status lines at the bottom of the Event Display window For example clicking on a control signal change sym bol displays which signal s changed In addition to data bytes the events shown are in alphabetical order An event is anything that happens on the circuit or which affects data capture Data bytes con trol signal changes and long and short breaks are all events as are I O Settings changes and Data Capture Paused and Resumed 42 de fte com rontline Debug Communications Faster
77. ame recognizer to be turned off or on I O Settings Change A change was made in the I O Settings window which altered the baud parity or other circuit setting Long Break Low Power The battery in the ComProbe is low Short Break SPY Event SPY Mode only SPY events are commands sent by the application being spied on to the UART 43 al P fte com contline Debug Communications Faster Start of Frame Marks the start of a frame Begin Sync Character Strip End Sync Character Strip Sync Dropped Sync Found Sync Hunt Entered Sync Lost Test Device Stopped Responding The analyzer lost contact with the ComProbe for some reason often because there is no power to the ComProbe Test Device Began Responding The analyzer regained contact with the ComProbe Timestamping Disabled Timestamping was turned off Events following this event are not timestamped Timestamping Enabled Timestamping was turned on Events following this event have timestamps Truncated Frame A frame that is not the same size as indicated within its protocol Underrun Error Unknown Event 4 3 7 6 Font Size The font size can be changed on several Event Display windows Changing the font size on one window does not affect the font size on any other window To change the font size 44 fte com rontline Debug Communications Faster 1 Click on Event Display menu Options and sele
78. ary value 106 bookmarks 121 character string 106 errors 115 eventnumber 110 frame number 110 hex pattern 106 pattern 106 special event 111 timestamp 107 wildcards 106 Seed Value 38 Serial Driver 160 Short Break 43 Side Names 153 Sides 153 Sorting Frames 52 Special Events 111 Start 42 Start Up Options 150 Summary 57 Summary Layer Protocol 67 132 Summary Pane 57 60 61 Sync Dropped 44 Sync Found 44 Sync Hunt Entered 44 Sync Lost 44 Synchronization 54 System Settings 146 149 T Technical Support 160 Test Device Began Responding 44 Test Device Stopped Responding 44 Timestamp 119 154 155 Timestamping 119 153 155 Timestamping Disabled 44 Timestamping Enabled 44 Timestamping Options 146 153 Timestamping Resolution 154 Timestamps 153 155 Transferring Packets 28 Truncated Frame 44 U Underrun Error 44 Unframe 34 Unframe Function 34 Unframing 34 Unknown Event 44 V Viewing Data Events 40 W Wrap Buffer File 146 Wrap Files 147 182 fte com ontline Debug Communications Faster
79. at codec information when it is not transferred Rete Deiak ginoo over the air but we realize we may not always be correct When Add Bookmark we make a guess for codec type we specify it in the summary and Export decode panes by following the codec with the phrase best guess SSS by analyzer This is to let you know that this information was not eho ae obtained over the air and that the user may wish to alter it by over Foe egy TEE riding AVDTP parameters Set Subsequent Decoder Parameters 20 fte com contline Debug Communications Faster Override of Frame Information Rules in effect from frame 94 onward until redefined here for a later frame On the Slave side with the L2CAP CID 0x7401 the AVOTP is carrying Signalling packets overridden by On the Master side with the L2CAP CID 0x0042 the AVDTP is carrying Signalling packets discovered by analyzer Change the Selected Item to Carry AyD Signaling AA AVDTP Signaling E AVDTP Media AVDTP Reporting AVDTP Recovery Figure 14 AVDTP Override of Frame Information Item to Carry Change the Selected Codec to Carry Codec selection SBC MPEG 1 2 Audio appearswhen MPEG 2 4 AAC Media selected to ATRAC family CAITY APT X Paan AO Sic Codec Figure 15 AVDTP Override of Frame Information Media Codec Selection Each entry in the Set Subsequent Decoder Parameters dialog takes effect from the specified frame onward or
80. at least one piconet member to allow it perform clock synchronization A serial sniffer must know the bit rate of the tapped circuit or be physically connected to the clock line of the circuit With Virtual sniffing the protocol analyzer itself does not actually tap the link and the protocol analyzer does not require any knowledge of the physical characteristics of the link In computer jargon virtual means not real Virtual memory is memory that doesn t actually exist Virtual reality is something that looks and feels real but isn t real So we use the term Virtual sniffing because there is sniffing taking place but not in the traditional physical sense 173 fte com rontline Debug Communications Faster A 2 5 The Convenience and Reliability of Virtual Sniffing Virtual sniffing is the most convenient and reliable form of sniffing and should be used in preference to all other forms of sniffing whenever practical Virtual sniffing is convenient because it requires no setup to use except for a very small amount of software engineering typically between one and four hours that is done once and then never again Once support for Virtual sniffing has been built into application or into a devel opment environment none of the traditional sniffing setup work need be done This means e NO piconet synchronization e NO serial connection to tap e NO USB connection to tap Virtual sniffing is reliable because there is
81. ata and Audio Extraction Status If you selected Open Files s After Extraction the files open automatically 10 If you did not select this option you can open a file by simply double clicking on the name Also if a file type is unknown you can select the file and it appears in the Rename to text box 101 fte com contline Debug Communications Faster Data Extraction Status BipBppFipOppProfiles cta Bip data extraction started File C Documents and Setting Wab Decktop data estacion Epb pF tpOppProhlex BIP NZ ipg is Opened iracion kaa ipOppProfiles BP Figure 73 Rename To in the bottom section of Data Extraction Status Then you can rename the file adding a file type to attempt to open the file When you are finished select Close to close the dialogs 102 fte com rontline Debug Communications Faster Chapter 5 Navigating and Searching the Data The following sections describe how to navigate through the data and how to find specific data or packet con ditions of interest to the user 5 1 Find Capturing and decoding data within the Com Probe analyzer produces a wealth of information for analysis This mass of information by itself however is just that a mass of information There has to be ways to manage the information ComProbe software provides a number of different methods for making the data more access ible One of these methods is Find Decode Potten Tive GoT
82. ayed in the text box at the top of the dialog and click OK If you choose to create an addi tional filter then provide a new name for the filter condition or accept the default name provided by the system and click OK The Set Condition dialog box closes and the system applies the modified filter 5 3 1 7 3 Renaming a Display Filter 1 Select Rename Display Filters from the Filter menu in the Frame Display e window to open the Rename Filter dialog The system displays the Rename Filter dialog with a list of all user defined filters in the Filters combo box Rename Filters Filter0 Description fIndude each frame where the protocol Baseband field LT ADDR Is Equal To 6 New Name ri Ka Figure 94 Rename Filters Dialog 2 Select the filter to be renamed from the combo box 130 fte com rontline Debug Communications Faster 3 Enter a new name for the filter in the New Name box Optionally click the Apply button and the new name will appear in the Filters combo box and the New Name box will empty This option allows you to rename several filters without closing the Rename Filter dialog each time 4 Click OK The Rename Filter dialog box closes and the system renames the filter 5 3 2 Protocol Filtering From the Frame Display On the Frame Display click the Quick Filtering icon W or select Quick Filtering from the Filter menu This opens a dialog that lists all the protocols discovered so far T
83. because they recognized the need for visibility into the HCI interface and because it was too difficult to build air sniffers Several com panies developed air sniffers because they saw a market need and because they realized that they could charge a high price USD 525 000 and higher Two Bluetooth chip companies Silicon Wave and Broadcom were using Frontline s Serialtest serial analyzer to capture serial HCI traffic and then they would manually decode the HCI byte stream This manual decoding was far too much work and so independently Silicon Wave and Broadcom each requested that Frontline produce a serial HCI Bluetooth analyzer that would have all the features of Serialtest In response to these requests Front line developed SerialBlue the world s first commercially available serial HCI analyzer The response to SerialBlue was very positive When we asked our Bluetooth customers what they wanted next we quickly learned that there was a need for an affordable air sniffer that provided the same quality as Seri alBlue We also learned that the ultimate Bluetooth analyzer would be one that sniff air and sniff HCI sim ultaneously As work was progressing on our combination air sniffer and HCI sniffer the functional requirements for Bluetooth analyzers were changing It was no longer good enough just to decode the core Bluetooth protocols LMP HCI L2CAP RFCOMM and OBEX Applications were beginning to be built on top of Bluetooth and the
84. c28333344187832e Slave iniliakzabon vector Vs 654742236 Figure 113 Encryption Response from Slave Example ComProbe Frame Display BPA 600 low energy capture A 1 6 Encrypting The Data Transmission Data encryption begins with encrypting the link The SK is created using a session key diversifier SKD The first step in a link encryp tion is for the master device to send Link Layer encryption request message LL ENC REQ that contains the SKD ter TheSKD se is generated using the LTK The slave receives SKD ter generates SKD ve and generates SK by concatenating parts OfSKD ter and SKD ave The slave device responds with an encryption response message LL_ENC_RESP that contains SKD oe the master will create the same SK Upana LL START ENC RSP LL START EN RSP Encrgd2d The master and slave devices will now begin a handshake pro cess In this instance the master wants to transmit encrypted data so the master will transmit unencrypted LL START ENC REQ but is set to receive encrypted data using the recently cal culated SK The master responds with encrypted LL START RESP that uses the same SK just calculated and setting up to receive encrypted data Once the slave receives the master s encrypted LL START RESP message and responds with an encrypted LL START RESP message The Bluetooth low energy devices can now begin transmitting and receiving encrypted data This pro cess is reversed should the sla
85. ceeeeeeeceeeeeecess 3 2 2 Data Capture Methods _ 22 a 3 2 2 1 Opening ComProbe Data Capture Method 3 2 2 2 ComProbe BPA low energy Data Capture Methods 5 2 3 CORON WING OW IA IAEA 5 2 3 1 Control Window Toolbar 02 lec ccc cece ee ce ee cece cece cece eee eeeeeeeees 6 2 3 2 Configuration Information on the Control Window 7 2 3 3 Status Information on the Control Window 7 2 3 4 Frame Information on the Control Window 02 2 eee eee ee eee cece eee eee 7 2 3 5 Drop Down Menus 2 002865 daka GAN aeakacsebataleusdtecaeshndceledbeskbecSakuesscusssediwdsacecs 8 2 3 6 Minimizing Windows 2 0 cee eee cece ce eee eee e cece cece eee cece eee eeeceeceeceeceeeeeees 8 Chapter 3 Configuration Settings 2 222 o cee e ec ec eee ccc cece eee eee eeceeceeeeeeees 10 3 1 BPA low energy Configuration name numeneme men 10 3 1 1 BPA low energy I O Settings occ ec c cece ccc eee cece cece cece eee cecececececeeeeees 10 Sa a KG BIND lc OUNCE AA III 10 SL NONONG BN Ga ABA Aa nae AG NP 12 3 1 1 3 Update Firmware Hale mkati tia ban date a ba aa a ba 12 3 1 1 4 Datasource Toolbar Menu mmme cece cee ceececceccecceceeeeees 13 3 2 Decoder Para
86. col Filters e Named Filters e Quick Filter Protocol Filters Protocol filters test for the existence of a specific single layer The system creates a protocol filter for each decoder that is loaded if that layer is encountered in a capture session There are also three special purpose filters that are treated as protocol filters e All Frames with Errors e All Frames with Bookmarks e All Special Information Nodes Named Filters e Named filters test for anything other than simple single layer existence Named filters can be constructed that test for the existence of multiple layers field values in layers frame sizes etc as well as com binations of those things Named filters are persistent across sessions e Named filters are user defined User defined filters persist in a template file User defined filters can be deleted Quick Filters e Quick Filters are combinations of Protocol Filters and or Named Filters that are displayed on the Quick Filter tab e Quick Filters cannot be saved and do not persist across sessions e Quick Filters are created on the Quick Filter Dialog 5 3 1 1 Creating a Display Filter There are two steps to using a display filter Define the filter conditions and then apply the filter to the data set The system combines both filter definition and application in one dialog 122 fte com rontline Debug Communications Faster 1 Click the Display Filters icon Y on the Frame Display P23
87. con tent of the capture file you are viewing Decode Pattem Time GoTo Specis Events Sigal Bookmark Seach for event where One of more ofthese One ot more of these hanged changed rom on ko off gt One oF more of these Cy hes exactly changed fram off bo on to deronbes the slate Pn fe Fin 2 fw Pin 3 mna Figure 82 Find Signal tab Figure 83 Find Signal Tab You will choose one gualifier Searching for event where then choose one or more control signals Control Signals The section with the check boxes allows you to specify which control signals the analyzer should pay attention to when doing the search The analyzer pays attention to any control signal with a check mark e Click on a box to place a check mark next to a control signal e Click again to uncheck the box e By default the analyzer searches all control signals which means all boxes start out checked For example if you are only interested in finding changes in RTS and CTS you would check those two boxes and uncheck all the other boxes This tells the analyzer to look only at the RTS and CTS lines when running the search The other signals are ignored The control signals types include e USB Pin 1 e USB Pin2 113 fte com rontline Debug Communications Faster e USB Pin3 e USB Pin4 Click here to learn more about the Breakout Box and Pins 1 4 Searching for event where e The first three options are all fairly simila
88. ct Change the Font Size Window Help Set Timestamp Format Change the Font Size Choose CRC Method Fi Figure 28 Event Display Options menu 2 Choose a font size from the list Change Font Size Jat Size fF g 11 la 14 16 47 Figure 29 Event Display Font Size Selection 3 Click OK 4 4 Analyzing Protocol Decodes 4 4 1 Frame Display Window To open this window Fa Click the Frame Display icon on the Control window toolbar or select Frame Display from the View menu 45 fte com rontline Debug Communications Faster Mrama oplan Herre ct 2 PH Y o2 8 POU HS kw Protocol Tabs aa Lora i Parad i ee DOED AR Decede Pang Pait aaa OH ae aaa ie aga BIT ka aa device Dna Charrai gikan Barbari LHP Peloton Berto FHE LACAP SOP POD ADP Sarena Fr AWD TP Saskia Hamdiji Kan Cinisi l kaa Fuia Ga Fraa Fersi pila Pa o mE Lib File APA EGR ARUN Len THRE Diil h Summary Fang LE ABAKA Bi a noms Ei Dadi LL Go Ga f CETA 4 E i moe oF Bi badi Lt lo of 1 EPO ig w ar DOO iS OF D Fam La Ge Lra g Lata fiee Ga ar maa oe Ge 1 Laga an LOCA am bagani Ba Fin none Da DHT k2 ap a Pape Leg g ga 23 OO OS ji Cet L he Binary Pane Dempiei by Moh Co poker Ta Loca ELECT A Fabi Pana pai a al Mis Ya Th if bb fd la bi i pas l Character Pane FILA a Ps 25 7a 25 if op sa ta ti a Ev
89. d because they can not have errors or indicate retransmission and therefore dilute the per centages for other packet types Packets without channel numbers are excluded because the graphs are chan nel specific Before packets are captured the Scroll Bar in Classic Bluetooth PER Stats contains the message ID packets and packets without a channel number such as HCl are excluded and the Scroll Bar in Bluetooth low energy PER Stats contains the message Packets without a channel number such as HCl are excluded 98 frontline Debug Communications Figure 70 Example Excluded Packets Message in Scroll Bar Classic Bluetooth 4 5 Data Audio Extraction You use Data Audio Extraction to pull out data from various decoded Bluetooth protocols Once you have extracted the data you can save them into different file types such as text files graphic files email files mp3 files and more Then you can examine the specific files information individually 1 You access this dialog by selecting Extract Data Audio from the View menu or by clicking on the icon 5 from the toolbar Jg fte com rontline Debug Communications Faster 2 Data Audio Extraction Settings Select VIA2DP Open File s After Extraction an Apes SCO eSCO Options BIP Write S 7 BPP rite Streams as Y FTP D Two Mono Files Y HCRP One Stereo File JHF Ka YA Convert A Law and p law to Linear
90. d highlight the template marked for deletion and click the Delete button The system removes the selected template from the list of saved templates 3 Click the OK button to complete the deletion process and close the Delete dialog 4 Click the OK button on the Set Initial Decoder Parameters window to apply the deletion and close the dialog 3 2 2 Selecting A2DP Decoder Parameters Decoding SBC frames in the A2DP decoder can be slow if the analyzer decodes all the parts the header the scale factor and the audio samples of the frame You can increase the decoding speed by decoding only the header fields and disregarding other parts You can select the detail level of decoding using the Set Initial Decoder Parameters window P Note By default the decoder decodes only the header fields of the frame 1 Select Set Initial Decoder Parameters from the Options menu on the Control window or the Frame Display window 2 Click on the A2DP tab 3 Choose the desired decoding method AVDTP Security L2CAP RFCOMM A2DP IPX SBC frames decoding Information Decode only the header fields of the SBC frame in detail sx Decode all the parts the header the scale factors and the audio samples of the SBC frame in detail Figure 11 A2DP Decoder Settings 17 fte com rontline Debug Communications Faster 4 Follow steps to save the template changes or
91. d options like Cascade Minimize Tile etc e Within the Help menu you can open the electronic Help file About lt hardware where hardware if the specific ComProbe capture method e g About BPA 600 2 3 6 Minimizing Windows Windows can be minimized individually or as a group when the Control window is minimized To minimize win dows as a group fte com rontline Debug Communications Faster Go to the Window menu on the Control A window Select Minimize Control Minimizes All The analyzer puts a check next to the menu item indic ating that when the Control window is minimized all windows are minimized Select the menu item again to deactivate this feature The windows minimize to the top of the operating system Task Bar fte com rontline Debug Communications Faster Chapter 3 Configuration Settings In this section we show how to configure each of the Frontline ComProbe analyzer using the ComProbe soft ware for capturing data 3 1 BPA low energy Configuration 3 1 1 BPA low energy O Settings Click on the topics listed below for information about ComProbe BPA low energy I O settings 1 Datasource 2 Information 3 Update Firmware 3 1 1 1 Datasource You can select the ComProbe BPA low energy analyzer for sniffing Bluetooth low energy communications on available devices BPA low energy datasource o aka File View BPA low energy Help HQ Devices Under Test BPA
92. data in Frame Display and Event Display win dow To access the search by time function 1 Open a capture file to search 2 Open the Event Display P or Frame Display e window 107 fte com rontline Debug Communications Faster 3 Click on the Find icon aa or choose Find from the Edit menu 4 Click on the Time tab of the Find dialog sy Note The tabs displayed on the Find dialog depend on the product you are running and the con tent of the capture file you are viewing Decode Patten Tim GoTo Specia Event Bookmark Search for E Absolute C Relative ae L Heb Day Second 1000000 Seconds a en i iz 51 931000 A Bigun Go to the limaitamp CG On o baoe the specified lima C Ona after the specified ima Figure 79 Find by Time tab The analyzer can search by time in several different ways Search for Absolute Relative timestamp e Absolute An absolute timestamp search means that the analyzer searches for an event at the exact date and time specified If no event is found at that time the analyzer goes to the nearest event either before or after the selected time based on the Go to the timestamp selection e Relative A relative search means that the analyzer begins searching from whatever event you are cur rently on and search for the next event a specific amount of time away 1 Select Absolute or Relative 2 Select the date and time using the drop down lists for Month Yea
93. des in the above example then the analyzer finds the second pattern followed by the third pattern but not the first pattern This is because each side has one instance in which the whole pattern can be found The analyzer completely searches the DTE side first followed by the DCE side P Note Side Restriction is available for pattern and error searching 105 fte com rontline Debug Communications Faster 1 Select one of the two options 2 Select DTE DCE or both 3 When you made your selections click on the Find Next or Find Previous buttons to start the search from the current event The result of the search is displayed in the Decode pane in Frame Display 5 1 2 Searching by Pattern Search by Pattern lets you perform a traditional string search You can combine any of the formats when enter ing your string and your search can include wildcards To access the search by pattern function 1 Open a capture file to search 2 Open the Event Display P or Frame Display p window 3 Click on the Find icon an or choose Find from the Edit menu 4 Click on the Pattern tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the con tent of the capture file you are viewing Ek Find Decode Patten Time GoTo Special Events Bookmark Patter v Enter Hex values as x _ lgnore case Find Pravinas Binary values as kbbbbbbbb Co
94. dey nisor shal distribute IAK followed by its address 39 661 5 Encryption inio 40 Oo OOOO DO DE 065241 Sign Indietor shall divtinbute CSRE HENI 5 Master ldertiic H 00 C D DO CEOS 125841 Responder Key Distibukon HEH 5 kiari Inloima 40 OOO 00507 165542 Eneka Responder shall distribute LTE lodowed by EDA and Hand 19 706 5 Signing Indices 40 KUJA AZA tm DO NE GR dey Responde shall dsirbule IR k Reiger ber ts address ANO hi Identity Intorms 40 00 00000 DOS 335613 Sipe Hagpondes shall Ssinbuls SAK 2 M lderkity Addes 31 CORO OSO 714 M Sigring riomsa 40 Oo OOOO DO CF te 336891 Figure 117 SMP Pairing Request Frame 35 539 from Initiator Side 1 On the left side of the figure above is the Frame Display Decoder pane that shows the decoded information supplied in the selected frame in the Summary pane Frame 35 539 Shown is the SMP data associated with and encrypted link MITM Protection Yes The requested keys are also shown Selecting Frame 35 545 would provide the response from the responder Side 2 and would contain similar information Selecting Frame 39 591 will display the Pairing Confirm from the initiator Side 1 in the Decoder pane The Confirm Value shown is the Mconfirm 128 bit random number that contains TK Pairing Request command Pair ing Response command initiating device address and the responding device address Selecting Frame 39 600 would provide the Sconfirm random number from the responder Side 2 w
95. directional arrow that you can use to move left right and up down Ctrl Summary tab When you select the Ctrl Summary tab you will see a summary of the control and signaling frames in the order that they are received transmitted from and to devices 85 fte com contline Debug Communications Faster c PAG AERA ET oe mg SA nA SSS paaa ma maa a an All Layers Ctrl Summary Nor Mog Summary GB LMP FLCAP EDP PRFCONM HF AYOTP AVDTP Signaling ESSES Figure 59 Control and Signaling Frames Summay The frame numbered is shown whether the message comes from the Master or Slave the message Address the message itself and the timestamp Additionally the control signaling packets for each layer are shown in a different background color Piconet 1 Piconet Ctrl Summary Non Msg Summary BB LMP L2CAP SDP RFCOMM OBEX BIP Figure 60 Packet Layers Shown in Different Colors If you right click within the Ctrl Summary you can select Show in MSC CA tua aaa AA ESS as E MP a ati Har i All Layers Ctl Summary Nonbsg Summary BE LMP L2CAP SDP AFCOMM HF ANDIP AVDTP Signaling 1 MP preferred rate Figure 61 Right Click in Ctrl Summary to Display Show in MSC The window then displays the same information but in the normal MSC view 86 fte com contline Debug Communications Faster All Layers Ctrl Summa
96. duration and Y Axis max and it also has two controls e Selecting MHz On Es displays the megahertz value for each channel in the main channels chart and also in the expanded chart e Selecting MHz Off ESE removes the megahertz value e Selected Packets displays the packet range selected in the Scroll Bar This includes inapplicable Inap plicable packets include Wi Fi packets Sniffer Debug packets any packets that are not relevant to PER Stats Inapplicable packets do not appear as part of the Additional Statistics packets e Selected Duration identifies the total amount of time in the selected packet range displayed in the Scroll Bar e Duration Per Bar in Scrollbar identifies the amount of time represented by each bar in the Scroll Bar e The Channel Graph Y Axis Max can display two different values When the Snap Arrow is orange O E the values for channels in the main chart are shown in relative terms in Snap Mode This means that one channel or channels with the greatest value is snapped to the top of the chart In the graphic below left Channel 33 is snapped to the top of the chart The channel s with the greatest value become a full scale reference display for the other channels that have been relatively scaled Channel comparisons become easier With Snap On you can select multiple time values in the Scroll Bar When the Snap Arrow is white Snap Mode turned off the val ues for channels in the main chart are shown in
97. dware and Software This chapter will describe the minimum computer requirements and how to install the software e Chapter 2 Getting Started Here we describe how to set up and connect the hardware and how to apply power This chapter also describes how to start the ComProbe software in Data Capture Methods You will be introduced to the Control window that is the primary operating dialog in the ComProbe software fte com rontline Debug Communications Faster e Chapter 3 Configuration Settings The software and hardware is configured to capture data Con figuration settings may vary for a particular ComProbe analyzer depending on the technology and net work being sniffed There are topics on configuring protocol decoders used to disassemble packets into frames and events e Chapter 4 Capturing and Analyzing Data This Chapter describes how to start a capture session and how to observe the captured packets frames layers and events e Chapter 5 Navigating and Searching the Data Here you will find how to move through the data and how to isolate the data to specific events often used for troubleshooting device design problems e Chapter 6 Saving and Importing Data When a live capture is completed you may want to save the cap tured data for future analysis or you may want to import a captured data set from another developer or for use in interoperability testing This chapter will explain how to do this for various data file for
98. e 46 fte com rontline Debug Communications Faster e These tabs are arranged in separate color coded groups These groups and their col a Mm fa Classic Bluetooth blue ors are General white Classic Bluetooth ke al Og a Classic Bluetooth blue Bookmarks info blue Bluetooth low energy green Baseband L2CAP TCS LE BB LE PEKT LE ADV mi GANG waji 802 11 orange USB purple NFC 90211 Rada B021 MAC Data 7 Bluetooth low energy green brown and SD teal The General group iha _ applies to all technologies The other fa papa ANG 802 11 orange groups are technology specific sagar maana e Clicking on a protocol filter tab in the Gen eral group filters in all packets containing that protocol regardless of each packet s technology e Clicking on a protocol filter tab in a technology specific group filters in all packets containing that protocol on that technology e A protocol filter tab appears in the General group only if the protocol occurs in more than one of the tech nology specific tab groups For example if L2CAP occurs in both Classic Bluetooth and Bluetooth low energy there will be L2CAP tabs in the General group the Classic Bluetooth group and the Bluetooth low energy group Select the Unfiltered tab to display all packets There are several special tabs that appear in the Summary Pane when certain conditions are
99. e Filter menu on Hide Show Filters the Frame Display Ba window Filters to open the Hide Show Filters dialog The system displays the Description Hide Show Filters dialog with a list of all user defined filters 2 Select the filter to be hidden Cancel from the combo box F ndude each frame where the protocol Data field ASCII Contains the Substring 3 Click the Hide button The Hide button is only showing if the selected filter is currently showing in the Frame Display 4 Click OK The Hide Show Filters dialog box closes and the system hides the filter and removes the filter tab from the Frame Display Showing a Hidden Display Filter If a display filter is hidden the following steps will reveal that filter in the Frame Display ra 1 Select Hide Show Display Filters from the Filter menu in the Frame Display window to open the Hide Show Filters dialog The system displays the Hide Show Filters dialog with a list of all user defined filters 2 Select the filter to be revealed from the combo box 3 Click the Show button 4 Click OK The Hide Show Filters dialog box closes and the system reveals the filter in the Frame Display You can also open the Quick Filter dialog and check the box next to the hidden filter to show or hide a display fil ter Mamed Filters F Filter PASC 3 E Filter Filber2 E Filter Role Slave FSCO link Supported E Filter Figure 92 Using Named Filt
100. e Format Zoom Navigate Help BBO9 E gt e HAL Average Packet Throughput 83 865 Throughput Over Time GENE O side 1 45 845 bits s Swap Adv Scanning Side 2 Average Payload Throughput 67 0921 spa parish waji 47 bits s Packet Throughput m kia m 1 Second Packet Throughput a 50 319 Hali peeli Na Payload Throughput E Data Cont E crc Error 47 008 bitsis 2 MATa a NA pp MAA PRN II E Include MIC Data Empty E Unable to Decrypt 1 Second Payload Throughput o 33 546 Both E Data Ctri Invalid IFS 0 bits s EE Data Unknown Configured Devices J unknown D selected Width peak 47 008 ales TA aai All Devices Bi baconiniiy 15 23 VI Show Running Average Selected Packet 32 020 Adv Type ADV IND Timestamp 3 14 2013 12 18 23 074302 PM Duration 376 us Channel 39 2480 MHz 29 769 ms 29 77 ms 29 769 ms 29 771 ms 29 769 ms 29 77 ms 29 769 mg a 29771 ms 29 769 cs wA OO WA WA KA ee Bee Fe o LLANA Oxaf9a8bdd Addr Oxaf9ab45e For Help Press F1 Figure 41 Bluetooth low energy Timeline You access the Timeline by selecting Bluetooth low energy Timeline from the View menu or by pressing the Bluetooth low energy Timeline icon LA on the Control window toolbar and Frame Display toolbar In computing throughput packets that have a CRC error are excluded 4 4 2 1 low energy Timeline
101. e Frontline ComProbe Protocol Analysis System directory contains supporting doucmentation for devel opment Automation DecoderScript application notes documentation Quick Start Guides and User Manual and maintenance tools 2 2 2 ComProbe BPA low energy Data Capture Methods ComProbe Protocol Analysis System has different data capture methods to accommodate various applications Select Data Capture Method X 3 43 Bluetooth low energy Sniffing 49 Bluetooth low energy 3 43 Virtual Sniffing 49 FTS Side 3 IEEE11073 Cancel Help Requires one ComProbe BPA low energy hardware or one ComProbe FBLEA hardware Used for typical applications to capture Bluetooth low energy data Connected Devices Create Shortcut When Run Bluetooth low energy o This method requires one ComProbe BPA low energy hardware or one ComProbe FBLEA hardware o Used for typical applications to capture Bluetooth low energy data 2 3 Control Window The analyzer displays information in multiple windows with each window presenting a different type of inform ation The Control window opens when the Run button is clicked in the Capture Method window The Control window provides access to each ComProbe analyzer functions and settings as well as a brief overview of the data in the capture file Each icon on the toolbar represents a different data analysis function fte com rontline Debug Com
102. e Options menu on the Control win dow 2 To change a name click on the name given in the Current Names column and then click again to modify the name a slow double click 3 Select OK to initiate the changes The changes that have been made will not fully take effect for any views already open Closing and reopening the views will cause the name change to take effect 4 To restore the default values click the Set Defaults button 7 1 4 Timestamping Timestamping is the process of precise recording in time of packet arrival Timestamps is an optional parameter in the Frame Display and Event Display that can assist in troubleshooting a network link 7 1 4 1 Timestamping Options The Timestamping Options window allows you to enable or disable timestamping and change the resolution of the timestamps for both capture and display purposes To open this window 153 fte com frontline Debug Communications Faster Choose Set Timestamp Format from the Options menu on the Frame Display and Event Display window or click on the Timestamping Option will open Timestamping Options v Store Timestamps This item takes effect immediately Capture Options Storage Resolution 0 50 Microseconds high resolution x Cancel Note 1 To apply resolution changes you must restart the program Help Note 2 Finer resolutions increase the capture file size Click Help for more information on how timestamp
103. e aaao aoaaa onana anonn 150 Figure 105 Start Up Options dialog _ _ 22 ll eee aaa aaa aLaaa aaa aaa anaana aaan anaa 151 Figure 106 File Locations dialog cee cece cece eee eee e ccc eee cece eeeeeeeees 151 Figure 107 File Locations Browse dialog 152 Figure 108 Example Side Names Where Slave and Master are current 153 Figure 109 Timestamping Options dialog 154 Figure 110 Sample Initiator Pairing Request Decode ComProbe Frame Display BPA 600 low energy CAPE daa a aan GA Aa i ee ee eee tee 163 Figure 111 Message Sequence Chart SMP Pairing aoaaa aoaaa danaa eee eee cece eee eeeee 164 Figure 112 Encryption Request from Master Example ComProbe Frame Display BPA 600 low SAA oe i ee ee oe ec es Sie ot ese eee cee eee eed sees asees 164 Figure 113 Encryption Response from Slave Example ComProbe Frame Display BPA 600 low energy capture aaao aoaaa ante te cence tie ats tate srs aoa ae eee uww nunu mu ninunue nin 165 Figure 114 Message Sequence Chart Link Layer Encryption 165 Figure 115 ComProbe BPA 600 low energy only datasource settings 166 Figure 116 BPA 600 datasource Encryption Key Entry 222 e eee ee eee eee cece eee eeeeee 166 Figure 117 SMP Pairing Request Frame 35 539 from Initiator Side 1 167 Figure 118 SMP Pairin
104. e dis coverable Bluetooth devices on the Device Database dialog Save button to save the configuration if you made changes but did not begin sniffing All settings are saved automatically when you start sniffing Help button opens the help file 3 2 Decoder Parameters Some protocol decoders have user defined parameters These are protocols where some information cannot be discovered by looking at the data and must be entered by the user in order for the decoder to correctly decode the data For example such information might be a field where the length is either 3 or 4 bytes and which length is being used is a system option There may be times when the context for decoding a frame is missing For example if the analyzer captures a response frame but does not capture the command frame then the decode for the response may be 13 fte com rontline Debug Communications Faster incomplete The Set Initial Decoder Parameters window allows you to supply the context for any frame The dialog allows you to define any number of parameters and save them in a template for later use The decoder template function provides the capacity to create multiple templates that contain different para meters This capability allows you to maintain individual templates for each Bluetooth network monitored Applying a template containing only those parameters necessary to decode transmissions particular to an indi vidual network enhances the e
105. e eeeeeeeeees 156 72 1 Perlormance Notes aa rag i ee ete ee ee el ob aoe ee ree eee ee aeons 156 AA od O 24 Coho a of ee ee nea Rene ee Tee AA 157 7 2 3 Event Numbering mwm unumu LaaLa aoaaa eeeeeee 157 7 2 4 Useful Character Tables eeeeeeeeeee 157 Ded Ph PSCC OS ct ee ek ee ee ee ee eee aes 157 vil fte com rontline Debug Communications Faster kantut a AAO a Se a GB 158 a pe ee a AA a 158 MAA PAPA 159 AA eee eases 160 7 3 Contacting Technical Support _ 2 22 2 2 oe eee ce cece cece eee cece aana 160 7 3 1 Instructional Videos 0 0 2 lc cece ce ce ce ee ce cece cece cece eee ee ee eeeeeeeeeees 160 Appendix A Application Notes 161 A 1 Decrypting Encrypted Bluetooth low energy 22 2 cece eee eee ee eee eee eee eeeee 162 A 1 1 How Encryption Works in Bluetooth low energy 2 eee eee eee aana cece eee eeeee 162 ALZ PIE eee oe a am ole tee ee ee et ee eee ee 162 A 1 3 Pairing Methods _ _ 2 22 0 eee cee eee ec cc eee ee eee cence cece eeeeeee 163 A 1 4 Encrypting the Link 164 A 1 5 Encryption Key Generation and Distribution 164 A 1 6 Encrypting The Data Transmission 22 aaa eee eee cece ee cee eee cece aaa anaoa aaan 165 A 1 7 Decrypting Encrypted Data Using ComProbe BPA 600 low energy Capture 165 A 1 7 1 Setting up the BPA 600 _ _ 0 22 22 i ieee eee oonan onono
106. e entire filter place the cursor over the text and a ToolTip pops up with the full text of the fil ter Filter The following icons all change how the panes are arranged on the Frame Display Additional layouts are listed in the View menu Show Default Panes Returns the panes to their default settings Show Only Summary Pane Displays only the Summary pane Shall All Panes Except Event Pane Makes the Decode pane taller and the Summary pane narrower Toggle Display Lock Prevents the display from updating FE gt AH H W Go To Frame Q First Frame Moves to the first frame in the buffer Previous Frame Moves to the previous frame in the buffer Next Frame Moves to the next frame in the buffer Last Frame Moves to the last frame in the buffer O O Find on Frame Display only searches the Decode Pane for a Find value you enter in the text box Aa Find Previous Occurrence Moves to the previous occurrence of the value in the Frame Display Find 50 fte com rontline Debug Communications Faster po Find Next Occurrence Moves to the next occurrence of the value in the Frame Display Find ad Cancel Current Search Stops the current Frame Display Find Summary Drop Down Box Lists all the protocols found in the data in the file This box does not list all the protocol decoders available to the analyzer merely the protocols found in the data Selecting a protocol from the l
107. e file is When the file is full it begins to wrap which means the oldest data will be overwritten by new data F 3 Click the Stop icon to temporarily stop data capture Click the Start Capture icon again to resume capture Stopping capture means no data will be added to the capture file until capture is resumed but the previously captured date remains in the file if 4 To clear captured data click the Clear icon 7 5 e If you select Clear after selecting Stop a dialog appears asking whether you want to save the data o You can click Save File and enter a file name when prompted o Ifyou choose Do Not Save all data will be cleared o If you choose Cancel the dialog closes with no changes e If you select the Clear icon while a capture is occurring o The capture stops o A dialog appears asking if you want to save the capture 28 fte com rontline Debug Communications Faster o You can select Yes and save the capture or select No and close the dialog In either case the existing capture file 1s cleared and a new capture file is started o If you choose Cancel the dialog closes with no changes To see how to capture to a series of files or single file choose System Settings from the Options menu on the Control window To see how to capture to a single file choose System Settings from the Options menu on the Control window When live capture stops no new packets are sniffed but there can still be packe
108. e from the Zoom menu Packet length indicates duration The Timeline and Frame Display are synchronized so the packet range selected by the user in one is automatically selected in the other For the selected packet range the Timeline shows various duration values Gap Timestamp Delta and Span but only if both the first and last packet in the range are available in the Timeline If not those values are shown as n a Packets that are not displayed in the Timeline are Sniffer Debug packets non LE packets e g WiFi and packets that are not from a Con figured Device the Configured Devices radio button is checked Bluetooth low energy Timeline le Sniffer_Capture_GB6900AA_2 cfa File Format Zoom Navigate Help GOOD ec erR Average Payload Throughput Selected Packet 30 958 Adv Type SCAN RSP Timestamp 3 14 2013 12 18 17 47 bits s 4 634 18 66 ms 1 Second Payload Throughput 0 bits s 4 506 ms 18 308 ms Packet Throughput Width peak 68 Packet 30 958 Ady Scanning Ady Type SCAN_RSP Timestamp 3 14 2013 12 18 17 271887 PM Duration 352 us Prev Next Timestamp Deltas 326 us 18 66 ms Prev Next Gaps 150 us 18 308 ms CP 2 Channel Index 39 2480 MHz Meets Predefined Filter Criteria for BT low energy devices Yes Event Status Recieved without errors PDU Length 36 Advertiser Address Dxffe24c209871 Access Address Dx8e89bed6 LE ADY AdvA Oxffe24c209871 AddrT ype
109. eader row 3 A small white triangle indicates where the column is moved to 4 When the triangle is in the desired location release the mouse Restoring Default Column Settings To restore columns to their default locations their default widths and show any hidden columns 1 Right click on any column header and choose Restore Default Column Widths or select Restore Default Column Widths from the Format menu 4 4 1 11 3 Frame Symbols in the Summary Pane A green dot means the frame was decoded successfully and the protocol listed in the Summary ba Layer drop down box exists in the frame No dot means the frame was decoded successfully but the protocol listed in the Summary Layer drop down box does not exist in the frame o A green circle means the frame was not fully decoded There are several reasons why this might happen e One reason is that the frame compiler hasn t caught up to that frame yet It takes some time for the analyzer to compile and decode frames Frame compilation also has a lower priority than other tasks such as capturing data If the analyzer is busy capturing data frame compilation may fall behind When the analyzer catches up the green circle changes to either a green dot or no dot e Another reason is if some data in the frame is context dependent and we don t have the context An example is a compressed header where the first frame gives the complete header and subsequent frames just give information on what ha
110. ece LLa Laaa Laaa aana 103 Figure 75 Find Decode Tab Search for String e eee eee ee ee ee eee eee 104 Figure 76 Find Decode Tab Side Restriction _ _ 2 22 ieee ee eee eee oaaao oaaao nann 104 Figure 77 Find Pattern Tab scxsiciee ese dadala nets wweseseedureeessdaeiusiwstebadeveonescsucdiewls 106 Figure 78 Find Pattern Tab Side Restrictions 2 eee ee eee eee ee eee eee eee eeeeeee 107 Figure 79 Find by Time tab ei eee cee ec cece eee eee cece ee eeeeeeeeeeeees 108 Figure 80 Find Go To tab __ 2 2 2 eee cee eee eect eee eee eeeees 110 Figure 81 Find Special Events tab _ 2 22 olen ec cece eee oaoa orao onran 112 Figure 82 Find Signal tab ccc cee cc cece eee eee cece Laaa aaau 113 Figure 83 Find Signal Tab eee ee cece cee cee cee eee cece eee cece cece eeeeeeeeeeeeeees 113 Figure 84 Find Error tab III 116 Figure 85 Find Bookmark tab 2 222 a 118 Figure 86 Bookmarked Frame 3 in the Frame Display aa aaaa aaan aaaan anana 119 Figure 87 Find Window Bookmark tab Used to Move Around With Bookmarks 121 Figure 88 Example Set Conditions Self Configuring Based on Protocol Selection 123 XI fte com rontline Debug Communications Faster Figure 89 Example Set Conditions Self Configuring Based on Frame Range 123 Figure 90 Two Filter
111. ect the Unfiltered tab to display all packets There are several special tabs that appear in the Summary pane when certain conditions are met These tabs appear only in the General group and apply to all technologies The tabs are e Bookmarks appear when a bookmark is first seen e Errors appear when an error is first seen An error is a physical error in a data byte or an error in the pro tocol decode e Info appears when a frame containing an Information field is first seen 58 fte com rontline Debug Communications Faster The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected D O Use the navigation icons keyboard or mouse to move through the frames The icons and move you to the first and last frames in the buffer respectively Use the Go To icon Be to move to a specific frame num ber Placing the mouse pointer on a summary pane header with truncated text displays a tooltip showing the full header text LE BB LE PKT LE ADV 802 11 Rado 802 11 MAC Data B Fret aK lt Total Frames 101 Frames Feedin 101 Frame
112. ed 2 There are three ways to access the Add Modfy Bookmark dialog a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark LJ icon on one of the toolbars or c Right click on the frame event and choosing Modify Bookmark on the selection 3 Change the comment in the dialog box 4 Click OK The edited bookmark will be saved as a part of the cfa file 5 You can also select Display All Bookmarks LI from the Frame Display and Event Display tool bar or the Bookmarks menu the Find window will open on the Bookmark tab Select the book mark you want to modify and click the Modify button Change the comment in the dialog box and click OK Delete 1 Select the frame or event with the bookmark to be deleted 2 There are three ways to access the Add Modfy Bookmark dialog 120 fte com rontline Debug Communications Faster a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark LJ icon on one of the toolbars or c Right click on the frame event and choosing Modify Bookmark on the selection 3 Click on the Delete button The bookmark will be deleted 4 You can also select Display All Bookmarks LI from the Frame Display and Event Display tool bar or the Bookmarks menu the Find window will open on the Bookmark tab Select the book mark you want to delete
113. ed the plug ins are reset and received frames are re decoded For example If the first frame occurs more than 10 minutes in the past the 10 minute utilization graph stays blank until a frame from 10 minutes ago or less is decoded o Find Search for errors string patterns special events and more Display Capture Notes Brings up the Capture Notes window where you can view or add notes to the capture file Add Modify Bookmark Add a new or modify an existing book mark Display All Bookmarks Shows all bookmarks and lets you move between bookmarks E amp UW B K low energy Timeline Opens the low energy Timeline Bluetooth low energy Packet Error Rate Statistics Opens the Packet Error Rate Statistics display Bluetooth Classic Packet Error Rate Statistics Opens the Packet Error Rate Statistics display Network View Opens the Network View Window D gt G E Dashboard Opens the Dashboard Dialog Reload Decoders When Reload Decoders is clicked the plug ins are reset and received frames are re decoded For example If the first frame occurs more than 10 minutes in the past the 10 minute utilization graph stays blank until a frame from 10 minutes ago or less is decoded 49 fte com rontline Debug Communications Faster Filter Text giving the filter currently in use If no filter is being used the text reads All Frames which means that nothing is filtered out To see the text of th
114. ed MIC data and while hold rena 1 274 ing the left mouse button drag the field to the Summary SN 1 pe MD 0 1 276 Frame 1 pane Payload Length 13 1 277 Encrypted Encrypted Payload Data Oxf9345c446e6d76 oe WA Data in the 3 An Encrypted MIC column is added to the Summary pane S frevpled MIC ai 3 nl Og gt HAQnleried VeCOUE IS IN anoe 1 281 71 fte com rontline Debug Communications Faster LE PKT LE BB LE PKT LE ADY LE DATA LE LL L2CAP SMP po Preamble 55 Access Address 0450655521 B Framett Clk Freq Encrypted MIC LE Msg 5i kina Tune Pa 1 271 Oxe025304e Encrypted MIC a WA 1 272 Dx617b5fed column is added to Pe a 1 273 the Summary Pane i SN 1 1 274 gt adi ku MDO era Osa oOf2dt z Payload Length 13 1 26 OxJcabO4 t i Encrypted Payload Data Onf9345c446e6d76 Lak S Encrypted MIC Oxa5ch4391 1 278 i Payload is fragmented Dey de is in another f Lara x9b324 e2 G 1 280 0sa5cb4agi 7 N mm 1281 p Use your mouse to drag this i field to the Summary Pane 404 L m Figure 43 Creating Encrypted MIC in Frame Display Summary pane e Selecting Both displays both Packet and Payload Throughput The y axis numbers appear in blue In the Throughput Graph packets appears as e Packet Throughput Blue e Payload Throughput Green e Selecting Configured Devices Dispalays data from configured devices The low energy Timeline considers a packet to
115. ed time relative to the last selected item 1 Select On or before the specified time or On or after the specified time 2 When you have specified the time interval you want to use click on the Go To Move Forward or Move Backward buttons to start the search from the current event When you select Absolute as Search for Go To is available When you select Relative as Search for Move Forward or Move Backwardis available There are a couple of other concepts to understand in respect to searching with timestamps e The analyzer skips some special events that do not have timestamps such as frame markers Data events that do not have timestamps because timestamping was turned off either before or during capture are also skipped e Timestamping can be turned on and off while data is being captured As a result the capture buffer may have some data with a timestamp and some data without When doing a search by timestamp the ana lyzer ignores all data without a timestamp e The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time 5 1 4 Using Go To Searching with Go To allows you to go to a particular frame or event or to move through the data X number of events or frames at a time You can move either forward or backwards through the data To access the Go To function 109 fte com rontline Debug Communications Faster 1 Open a capture
116. ed to select single or multiple vertical bars You can drag the sides of the Viewport or the slider buttons to select multiple bars representing a greater time range You can click and drag the Viewport within the Scroll Bar When you select a packet range in Frame Display that includes only some of the frames in PER Stats the Viewport snaps up against the side of the bar with the unselected frames When you select a packet range in Frame Display that includes all of the frames in PER Stats the View port displays a space between the Viewport sides and the bar Double clicking anywhere inside the Scroll Bar selects the entire Scroll Bar Double clicking again toggles back to the previous size of the Viewport Selecting Ctrl A 1s the same as double clicking Clicking on a vertical bar left justifies the Viewport to that bar Shift clicking on a bar extends the nearest Viewport side to include that bar The Home key moves the Viewport to the left edge The End key moves the Viewport to the right edge 97 fte com rontline Debug Communications Faster e Pressing the left arrow button Q the left arrow key or the up arrow key moves the Viewport to the left one vertical bar at a time e Pressing the right arrow button Cc the right arrow key or the down arrow key moves the Viewport to the right one vertical bar at a time e Pressing the double left arrow button o or the PgUp key moves the Viewport to the left
117. efer to the event numbers they work the same way In the above example the first row would be listed as 2d00 which is hex for 11520 The advantage of not renumbering events is that you can save a portion of a capture file send it to a colleague and tell your colleague to look at a particular event Since the events are not renumbered your colleague s file use the same event numbers that your file does 7 2 4 Useful Character Tables 7 2 4 1 ASCII Codes DL E bei Dc2 DES Dos nas YN ETE EAN Ew SvBleScL FS esf RS US se ta s e 157 7 2 4 2 Baudot Codes DEC HEX a FIGURES LANE NULI TEI mm a lt ma Pd t La a Gal E CE ia p an a gt a OER aQ BEL ma m FIGURES FIGURES a Sa pi LETTERS 7 2 4 3 EBCDIC Codes hex xO xt 2 aa se KIE PA xD J x TF Ox NUL S0H STA LC DEL e pE paei pes IM BES NL B5 IL CAN EM EE pat Ee es Is 2x DS S0S FS BYP LF ETB ESC sa ENG ACK BEL rsx Syn PN Rs ucleor cuoca anag sug afsp J Ul Ca re tel erst EHI ee ee ee ees ir hp bh TI TJ JIi 5 fp a a a a aaa Ka a Kai ble dla f aglhl i J AHH olplalrl IH A sl dtlulviwi x y zl IL Bl J I ee ee ee saa Hr Cl LIA IBICIDIE F G H I 158 fte com contline Debug Communications Faster fte com rontline Debug Communications Faster 7 2 4 4
118. elta Times and Data Rates 39 4 3 6 Switching Between Live Update and Review Mode 40 4 3 7 Data Formats and Symbols _ 2 2 22 2 eee ee cee ce cece cece cece cece aaoo oonan 40 4 3 7 1 Switching Between Viewing All Events and Viewing Data Events 40 4 3 7 2 Switching Between Hex Decimal Octal or Binary 40 4 3 7 3 Switching Between ASCII EBCDIC and Baudot 42 4 3 7 4 Selecting Mixed Channel Sides 42 4 3 7 5 List of all Event Symbols umeme eee cece onran 42 DDO OIC SIZE IIIA 44 4 4 Analyzing Protocol Decodes oaaao oaaao oaaao eee cee eee eee eee eee cence eee Loann 45 4 4 1 Frame Display Window _ 2 220 22 ee ee cece cc eee cece e eee eee eeeeeeee 45 4 4 1 1 Frame Display Toolbar 2 22 oie eee cece ee eee e eee eee eeeee 48 4 4 1 2 Frame Display Status Bar U 22 ee cece cece eee cece eeeeee 51 4 4 1 3 Hiding and Revealing Protocol Layers in the Frame Display 51 4 4 1 4 Physical vs Logical Byte Display oe eee aandaa aaan daanan annaa 52 4 4 1 5 Sorting Frames ieee ee eee eect aoaaa imu 52 4 4 1 6 Frame Display Find _ 2 22 22 ei ee eee cc ccc ee eee eee cence eeeees 52 4 4 1 7 Synchronizing the E
119. en press Enter and the dialog will display the data for that page kd Ka gt pi If the data requires multiple pages the navigation buttons will take you to the e First page Previous Page e Next Page e Last Page x The Select font size drop down allows you to select the text font size for the printed data Sim ply select a font size from the drop down list Close Print Preview closes the dialog and returns to the Message Sequence Chart When you select Print you will output the data that is currently being displayed 4 4 4 Packet Error Rate Statistics The Packet Error Rate PER Stats view provides a dynamic graphical representation of the Packet Error Rate for each channel The dialog displays a graph for each channel numbered O through 78 Data Analysis Packet Error Rate Stats assist in detecting bad communication connections When a high percentage of re transmits and or header payload errors occur careful analysis of the statistics indicate whether the two devices under test are experiencing trouble communicating or the packet sniffer is having difficulty listening Generally if the statistics display either a large number of re transmits with few errors or an equal number of errors and re transmits then the two devices are not communicating clearly However if the statistics display a large number of errors and a small number of re transmits then the packet sniffer is not receiving the trans missions clearly
120. ent 2 3 4 4 2 8 1 Zoom menu Zoom In Ctrl Plus Zoom Out Ctrl Minus foom In Tool i Zoom Out Tool Selection Tool 2 5 ms 1x7 11 25 ms 1x9 33 75 ms 1 27 125 ms 1x100 437 5 ms 1x350 1 875 s 11500 3 75 s 193000 1 5 ms 61 25 ms time intervals 3x2 22 5 mg 18 1 25 ms time intervals 6x3 90 ms 721 25 ms time intervals 12x6 202 5 ms 162 1 25 ms time intervals 12 9 360 ms 288 1 25 ms time intervals 241 7 562 5 ms 450 1 25 ms time intervals 30x15 810 ms 648 1 25 ms time intervals 36x18 1 1025 s 8821 25 ms time intervals 42x21 1 44 s 1152 1 25 ms time intervals 48 24 1 8225 5 1458 1 25 ms time intervals 54527 2 255 1800 1 25 ms time intervals 60x30 2 1235 5 2178 1 25 ms time intervals 665331 3 245 2592125 ms time intervals 7236 3 8025 s 3042 1 25 ms time intervals 78 39 4 41 5 3528 1 25 ms time intervals 845421 5 0625 s 4050 1 25 ms time intervals 905451 Figure 54 low energy Timeline Zoom menu 80 fte com rontline Debug Communications Faster 4 4 2 8 1 1 Single Segment Zoom Timeline view displayed Markers per segment 25 ms 1x 11 25 ms 1 9 33 75 ms 1x27 125 ms 1x100 437 5 ms 1350 1 875 s 11500 3 755 1x3000 Zoom Menu Single Segment Each selection defines the timeline displayed the number of segments and num ber of 1 25 ms markers withing the segment For example
121. ent Pane sos HA Talaan TH Pee feed JA a ie CL ee bya Fest Here Femin Fi Figure 30 Frame Display with all panes active Frame Display Panes The Frame Display window is used to view all frame related information It is composed of a number of dif ferent sections or panes where each pane shows a different type of information about a frame e Summary Pane The Summary Pane displays a one line summary of each frame for every protocol found in the data and can be sorted by field for every protocol Click here for an explanation of the sym bols next to the frame numbers e Decode Pane The Decode Pane displays a detailed decode of the highlighted frame Fields selected in the Decode Pane have the appropriate bit s or byte s selected in the Radix Binary Character and Event panes e Radix Pane The Radix Pane displays the logical data bytes in the selected frame in either hexadecimal decimal or octal e Binary Pane The Binary Pane displays a binary representation of the logical data bytes e Character Pane The Character Pane displays the character representation of the logical data bytes in either ASCII EBCDIC or Baudot e Event Pane The Event Pane displays the physical data bytes in the frame as received on the network By default all panes except the Event Pane are displayed when the Frame Display is first opened Protocol Tabs Protocol filter tabs are displayed in the Frame Display above the Summary pan
122. er tab then appears on the Frame Display Changing the filter definition on the Quick Filter dialog changes the filter applied on the Quick Filter tab Quick filters are persistent during the session but are discarded when the session is closed Quick Filter The box in the center is the Protocols To Hide When you select the checkbox for a protocol in the Protocols To Hide data for that protocol will not appear in the Decode Binary Radix and Character panes The frames containing that type data will still appear in the Summary pane but not in the Decode Binary Radix and Character panes 131 fte com rontline Debug Communications Faster The box on the right is the Named Filters It contains filters that you cre ate using the Named Filter and Set Condition dialogs When you select Named Filters the checkbox for the Name Filters a tab appears on the Summary Pane E FilterO that displays the frame containing the specific data identified in the filter Filter The named Filter tab remains on the Frame Display Sum F Filter Filters mary Pane unless you hide it using the Hide Show Display SCO link Supported Filters dialog With low energy the Configured BT Low energy devices and Exclude Role slave NULLS and POLLs are default named filters Configured BT low energy devic Ej Exclude NULL and POLLs Check
123. ers 32 fte com rontline Debug Communications Faster 1 Click the All additional stack layers can be determined automatically button 2 If your protocol stack is complete and there are no additional layers click the There are no addi tional stack layers button 3 Ifyou select this option the analyzer uses the stack you defined for every frame Frames that do use this stack are decoded incorrectly Save the Stack 1 Click the Add To Predefined List button 2 Give the stack a name and click Add In the future the stack appears in the Protocol Stack List on the first screen of the Protocol Stack wizard Remove a Stack 1 Select it in the first screen and click Remove Selected Item From List 2 Ifyou remove the stack you must to recreate it if you need to use it again i Note If you do not save your custom stack it does appear in the predefined list but applies to the frames in the current session However it is discarded at the end of the session 4 2 3 Reframing If you need to change the protocol stack used to interpret a capture file and the framing is different in the new stack you need to reframe in order for the protocol decode to be correct You can also use Reframe to frame unframed data The original capture file is not altered during this process a Note You cannot reframe from the Capture File Viewer accessed by selecting Capture File Viewer or Load Capture File to start the software and
124. ers Section of Quick Filters to Show Hide Filters ss Note When you have multiple Frame Display windows with a display filter or filters those fil ter do not automatically appear in other Frame Display windows You must use the Hide Show dialog to display a filter created in one Frame Display in different Frame Display window 128 fte com rontline Debug Communications Faster 5 3 1 7 Editing Filters 5 3 1 7 1 Modifying a Condition in a Filter 1 Click the Display Filters icon Y on the Frame Set Condition Display window or select Apply Modify Dis NG play Filters from the Filter menu to open the Set EE Lurentu Actwe Londition Filteri Condition dialog box The Set Condition dialog Filters box displays the current filter definition at the top ASCIE 2 of the dialog To display another filter click the Open icon and select the filter from the pop up list of all the saved filters 2 Edit the desired parameter of the condition Because the required fields for a condition statement depend upon previously selected parameters the Set Condition dialog box may display additional fields that were not present in the original filter In the event this occurs continue to enter the requested parameters in the fields provided until the condition statement is complete 3 Click OK The system displays the Save Named Condition dialog Ensure that the filter name is displayed in the text box at the top o
125. essaging between the RFCOMM M Master and the RFCOMM S Slave Channel Signaling Length 0 Channel Signaling Length 0 The Non Message Summary tab displays all the non message items in the data AFCOMM signaling channel created The Ctrl Summary tab displays the sig naling packets for all layers in one win dow in the order in which they are received The information in the colored boxes displays general information about the messaging The same is true for each one of the protocols If you want to see the all the messaging in one dialog you select the All Layers tab When you move the mouse over the message description you see an expanded tool tip If you position the cursor outside of the message box the tool tip will only display for a few seconds LMP timing accuracy req Address 1 Opcode LMP max slot Transaction ID Initiated by maste Max Slots 0x05 slots Tran D Initiated by slave If however you position the cursor within the tool tip box the message will remain until you move the cursor out of the box Additionally If you right click on a message description you will see the select Show all Layers button 84 fte com rontline Debug Communications Faster a a When you select Show all Layers the chart will display all the messaging layers The Frame and Time of the packets are displayed on the left side of the chart
126. et Selected Packet 1 751 Adv Type ADV IND Timestamp 5714 2013 12 14 19 272227 PM Duration 376us Channel 35 2450 MHz Figure 51 Bluetooth le Timeline Packet Info Line e When you select multiple packets the info line includes o Gap duration between the end of the first selected packet and the beginning of the last selected packet o Timestamp Delta Duration between the beginnings of the first and last packets selected o Span Duration between the beginning of the first selected packet and the end of the last selected packet Selected Packets 1 751 1 793 Gap 476us Timestamp Delta 352 us Span 980 us Figure 52 Bluetooth le Timeline Packet Info Line for Multiple Selected Packets e Floating Information Window aka Tooltip The information window displays when the mouse cursor hovers on a packet It persists as long as the mouse cursor stays on the packet e Discontinuities Discontinuities are indicated by cross hatched slots See the Discontinuities section e Packet Status Packet status is indicated by color codes Refer to low energy Timeline Legends e Right Click Menu The right click menu provides zooming and time marker alignment e Graphical Packet Depiction each packet within the visible range is graphically depicted See the Packet Depiction section e Swap Button The Swap button switches the position of the Timeline and the Throughput graph e Show Running Average Selecting this check box sho
127. ext packet The Ctrl left arrow key goes to the previous error packet The Ctrl right arrow key goes to the next error packet e The mouse scroll wheel will scroll the timeline as long as the cursor is in the dialog 4 4 2 8 le Timeline Zooming Zoom features can be accessed from the Bluetooth low energy Timeline Zoom menuor by right clicking on the Timeline window A couple of things to remember about Zooming e Zooming using the toolbar buttons in a single segment display is relative to the center of the display That is as you zoom out those packets on the left and nght halves will move closer to the center If you zoom in those packets inthe left and nght halves will move towards the left and nght edges respect ively e Zooming using the toolbar buttons in a multiple segment display is relative to the number of segments If you have a single display and zoom out they will become two segments then three segments then six and so forth e Selecting a Zoom icon or on the toolbar zooms in our out e The current Zoom setting is shown in the center of the timeline segment information bar at the bottom of each timeline segment 79 fte com rontline Debug Communications Faster e If you are in multiple segments the segment information bar will show the zoom level with the text Contiguous time segment x n where x is 1 2 3 segment and n is the total numbr of segments For example Contiguous time segm
128. f the dialog and click OK If you choose to create an addi tional filter then provide a new name for the filter condition or accept the default name provided by the system and click OK The Set Condition dialog box closes and the system applies the modified filter 5 3 1 2 Deleting a Condition in a Filter If a display filter has two or more conditions you can delete conditions If there is only one condition set in the filter you must delete the filter using Delete Display Filters from the Filters menu 1 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Display Filters from the Filter menu to open the Set Condition dialog box Click on the Advanced button to show the condition in Boolean format The dialog box displays the current filter definition To dis play another filter click the Open icon and select the filter from the pop up list of all the saved filters 129 fte com frontline Debug Communications Faster Set Condition Currently Active Condition Filters Include C Exclude Condition AND OR where the protocol Baseband held LT ADDR Is Egu AND Figure 93 Set Condition Dialog in Advanced View 2 Select the desired condition from the filter definition 3 Click the Delete Selected Line icon 4 Edit the Boolean operators and parentheses as needed 5 Click OK The system displays the Save Named Condition dialog Ensure that the filter name is displ
129. fficiency of the analyzer to decode data If you have decoders loaded which require decoder parameters a window with one tab for every decoder that requires parameters appears the first time the decoder is loaded For help on setting the parameters click the Help button on each tab to get help information specific to that decoder If you need to change the parameters later e Choose Set Initial Decoder Parameters from the Options menu on the Control and Frame Display win dows Options Window Help Hardware Settings r VO Settings System Settings Alt Enter Directories v Check for New Releases at Startup Side Names Protocol Stack Set Subsequent Decoder Parameters Automatically Request Missing Decoding Information Figure 7 Select Set Initial Decoder Parameters from Control window The Set Initial Decoder Parameters window opens with a tab for each decoder that requires parameters Set Initial Decoder Parameters Ly Ld Template DTP Figure 8 Tabs for each decoder requiring parameters e Each entry in the Set Initial Decoder Parameters window takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog Override Existing Parameters The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter i
130. file is being saved 134 fte com rontline Debug Communications Faster default capture file directory 8 When you are finished click OK 6 1 3 Saving a Portion of a Capture File FE l If you are capturing data click on the Stop icon J to pause data capture You cannot save data to a file while it is being captured Fay 2 Open the Event Display P or Frame Display window depending on whether you want to specify a range in bytes or in frames 3 Select the portion of the data that you want to save Click and drag to select data or click on the first item move to the last item and Shift Click to select the entire range or use the Shift key with the keyboard arrows or the navigation icons in the Frame Display toolbar If the range you want to save is too large to select note the numbers of the first and last item in the range 4 Right click in the data 5 Select Save Selection or Save As from the right click menu 6 Click on the radio button labeled Selection If you Save selected a range make sure the starting and ending C Entire File numbers are correct To specify a range type the 2 Selection numbers of the first and last items in the range in Even Frames the boxes p 7 Select either Events or Frames to indicate whether the numbers are event or frame numbers As Type file name heg Note No capbunng val be done while the 8 Type a file name in the As box at the bottom of the fide
131. finition on the Quick Filter dialog changes the filter applied on the Quick Filter tab Quick filters are persistent during the session but are discarded when the session is closed Quick Filter 65 fte com rontline Debug Communications Faster The box in the center is the Protocols To Hide When you select the checkbox for a protocol in the Protocols To Hide data for that protocol will not appear in the Decode Binary Radix and Character panes The frames containing that type data will still appear in the Summary pane but not in the Decode Binary Radix and Character panes The box on the right is the Named Filters It contains filters that you cre ate using the Named Filter and Set Condition dialogs When you select Named Filters the checkbox for the Name Filters a tab appears on the Summary Pane E Filler that displays the frame containing the specific data identified in the filter Filter The named Filter tab remains on the Frame Display Sum Filter Filter3 mary Pane unless you hide it using the Hide Show Display FSCO link Supported Filters dialog With low energy the Configured BT Low energy devices and Exclude Role Slave NULLS and POLLs are default named filters U Configured BT low energy devic E Exclude NULLs and POLL Check the small box next to the name of each protocol you want to filter in hide or Named Filter to display Then
132. fte com rontline Debug Communications Faster B A low energy BLUETOOTH PROTOCOL ANALYZER ComProbe User Manual Revision Date 4 10 2014 fte com rontline Debug Communications Faster Copyright 2000 2014 Frontline Test Equipment Inc All rights reserved FTS Frontline Frontline Test System ComProbe Protocol Analysis System and ComProbe are registered trade marks of Frontline Test Equipment Inc FTS4BT BPA 500 and BPA 600 is a trademark of Frontline Test Equipment Inc The Bluetooth SIG Inc owns the Bluetooth word mark and logos and any use of such marks by Frontline is under license All other trademarks and registered trademarks are property of their respective owners fte com rontline Debug Communications Faster Contents Chapter 1 ComProbe Hardware amp Software 1 1 1 What isin iS maa Ia 1 1 2 Minimum System Requirements 00000000000 aooaa aooaa noonoo ononon 2 1 3 Software Installation 2 3s22sdccecndGends Sons coanedanncecicchicecSocesdhardeanereceseeedeecedeceesccenie 2 LaL RONCO PAA APP PA UE 2 132 From Download IAA 2 Chapter 2 Getting Started coun dhsd ewe cewek eed cedsede de bauesendcedcdeacusdunbddesencekadessouraasaues 3 2 1 BPA low energy Hardware 2 a 3 2 1 1 Connecting Powering cece cece cece cece cece ec eee cece cece cece cece cece
133. g Confirm Frame 39 591 from Initiator Side 1 168 xii fte com rontline Debug Communications Faster PI LIO cause aED kanta ee a EGO BOGA HD BP 168 Figure 120 SMP Key Distribution Frames 222 ee eee cece eee cece ee eee cee eeeeeeeeeeeees 168 Figure 121 LE LL Tab Encryption Request Frame 39 617 from Initiator Side 1 168 Figure 122 MSC SMP Paring BPA 600 low energy capture 22 2 eee cece eee ee eee eee eeee 169 Figure 123 MSC link Layer Encryption BPA 600 low energy capture 169 Figure 124 Decrypted Data Example Frame 39 723 2 2 22 l cece eee cece cece ee eeeeeeee 170 Initiator Pairing Confirm Example ComProbeFrame Display BPA 600 low energy capture 163 Responder Pairing Confirm Example ComProbeFrame Display BPA 600 low energy capture 164 xiii fte com rontline Debug Communications Faster Chapter 1 ComProbe Hardware amp Software Frontline Test Equipment ComProbe family of protocol analyzers work with the following technologies e Classic Bluetooth e Bluetooth low energy e Dual Mode Bluetooth simultaneous Classic and low energy e Bluetooth Coexistence with 802 11 e Bluetooth HCI USB SD High Speed UART e NFC e 802 11 Wi Fi e SD e USB e HSU High Speed UART The ComProbe hardware interfaces with your computer that is runn
134. ghted in the Event Display The first selected byte appears on the third line of the display CVEventDisplay To change the line on which the first selected byte appears Selectlion0ffset 2 l Open fts ini located in the C User Public Public Documents Frontline Test Equipment 2 Go to the CV EventDisplay section 3 Change the value for SelectionOffset 4 Ifyou want the selection to land on the top line of the display change the SelectionOffset to 0 zero 5 1 10 Subtleties of Timestamp Searching Timestamping can be turned on and off while data is being captured As a result the capture buffer may have some data with a timestamp and some data without When doing a search by timestamp the analyzer ignores all data without a timestamp s1 Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time 5 2 Bookmarks Bookmarks are electronic sticky notes that you attach to frames of interest so they can be easily found later In Frame Display bookmarked frames appear with a magenta triangle icon next to them Command Ener Code FID MID Fil Source TID UIC Fia Deka Timestamp Pag B From 1 Bd 122010 11 25 2 168 OOOO 12 67200 11 25 b E3 124 OOO O0 3 T2767 2010 11 25 4 Ed ANNA 126 AN0 11 25 Figure 86 Bookmarked Frame 3 in the Frame Display 00 00 00 00 oo Inthe Event Display bookmarks appear as a dashed line around
135. h for and whether to search the DTE or DCE data or both Bytes with errors are shown in red in the Event Display window making it easy to find errors visually when looking through the data To access the search by time function 1 Open a capture file to search a E 2 Open the Event Display or Frame Display window 3 Click on the Find icon aa or choose Find from the Edit menu 4 Click on the Errors tab of the Find dialog tent of the capture file you are viewing P Note The tabs displayed on the Find dialog depend on the product you are running and the con 115 fte com rontline Debug Communications Faster J Find BPA500 cfa Decode Pattern Time Search for event where eT 8 One or more of these changed He One or more of these occured hit exactly describes the state Find Previous D One or more of these was aff pari Side Restriction a search without regard to data origin Search only these sides Figure 84 Find Error tab Searching for event where The first three options are all fairly similar and are described together These options are searching for an event where e one or more error conditions changed e one or more error conditions occurred e one or more error conditions were off i e no errors occurred Selecting Which Errors to Search The section with the check boxes allows you to choose which errors the analyzer should look for
136. h the currently selected bytes highlighted Frame Display framed data only Opens a Frame Display with the frame of the currently selected bytes highlighted hsf 0 Cascade Arranges windows in a cascaded display Low energy Opens the low energy Timeline dialog MSC Chart Opens the Message Sequence Chart Bluetooth low energy Packet Error Rate Statistics Opens the Packet Error Rate Stat istics window R fte com rontline Debug Communications Faster 2 3 2 Configuration Information on the Control Window The Configuration bar just below the toolbar displays the hardware configuration and may include I O set tings It also provides such things as name of the network card address information ports in use etc 2 3 3 Status Information on the Control Window The Status bar located just below the Configuration bar on the Control window provides a quick look at cur rent activity in the analyzer Capture Status Y Not Active Capture ko Single File M A used Utilization 0 Host O Control Events 0 e Capture Status displays Not Active Paused or Running and refers to the state of data capture It will also display whether you are capturing to a series of files or capturing to a single file o Not Active means that the analyzer is not currently capturing data o Paused means that data capture has been suspended o Running means that the analyzer is actively capturing data e Used The next item
137. he Display Filters icon Y on the Frame Display window or select Apply Modify Dis play Filters from the filter menu to open the Set Condition dialog box 2 From the Select each frame combo box choose frames with the conversation as the initial con dition 3 Select an address type IP MAC TCP UDB from the Typecombo box The address type selec tion populates both Address combo boxes with node address in the data set that match the type selection 4 Select a node address from the first Address combo box 5 Choose a direction arrow from the direction box The left arrow filters on all frames where the top node address is the destination the nght arrow filters on all frames where the top node address is the source and the double arrow filters on all frames where the top node address is either the source or the destination gu 6 Ifyou want to filter on just one node address skip step 7 and continue with step 8 7 Ifyou want to filter on traffic going between two address nodes i e a conversation select a 126 fte com rontline Debug Communications Faster node address from the second Address combo box 8 Click OK The Set Condition dialog box closes and the analyzer applies the filter When a display filter is applied a description of the filter appears to the right of the toolbar in the Frame Dis play windows VA Note The OK button is unavailable grayed out until the condition selectio
138. he Options menu on the Control window 2 On the System Settings window click the Start Up button 3 Choose one of the options to determine if the analyzer starts data capture immediately on starting up Or not 150 fte com rontline Debug Communications Faster Program Start Up Options On program sar up Don t start captunng mmedately CO Start captuning to a file imemeckately O iai capturing immediately to the following fla Figure 105 Start Up Options dialog e Don t start capturing immediately This is the default setting The analyzer begins monitoring data but does not begin capturing data until clicking the Start Capture 9 icon on the Control Event Display or Frame Display windows e Start capturing to a file immediately When the analyzer starts up it immediately opens a capture file and begins data capture to it This is the equivalent of clicking the Start Capture 9 icon The file is given a name based on the settings for capturing to a file or series of files in the System Settings win dow e Start capturing immediately to the following file Enter a file name in the box below this option When the analyzer starts up it immediately begins data capture to that file If the file already exists the data in it is overwritten 7 1 2 Changing Default File Locations The analyzer saves user files in specific locations by default Capture files are placed in the My Capture Files dir ectory a
139. he Set Subsequent Decoder Parameters dialog 24 fte com rontline Debug Communications Faster AVDTP Security L2CAP RFCOMM a2pp use iPx Tcr UDP Initial Connections in effect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog Stream Master LA Server Channel 5 DLC 0 DataSource DS No set Ofor Single DS 0 Caries UUID OBEX N Add Figure 19 RFCOMM parameters tab The RFCOMM Set Initial Decoder Parameters tab requires the following user inputs to complete a para meter e Stream Identifies the role of the device initiating the frame master or slave e Server Channel The Bluetoothchannel number 0 through 78 e DLCI This is the Data Link Connection Identifier and identifies the ongoing connection between a cli ent and a server e Data Source DS No When only one data source is employed set this parameter to 0 zero otherwise set to the desired data source e Carries UUID Select from the list to apply the Universal Unique Identifier UUID of the application layer that RFCOMM traverses to from the following o OBEX o SPP o encap asyncPPP o Headset o FAX o Hands Free o SIM Access o VCP o UDI o Raw Data Adding Deleting and Saving RFCOMMParameters 1 From the Set Initial Decoder Parameters window click on the RFCOMMtab 2 Set or select the RFCOMMdecoder parameters 3 Click ont he A
140. he plus icon on the left side of the dialog box and repeat steps 4 and 5 for the next condition Use the up t and down arrow icons on the left side of the dialog box to order your conditions and the delete button x to delete conditions from your filter Continue adding conditions until your filter is complete Include parentheses as needed and set the boolean operators Click OK The system displays the Save Named Condition dialog Provide a name for the filter condition or accept the default name provided by the system and click OK 125 fte com frontline Debug Communications Faster Save Named Condition AA CC ka User Defined Conditions FilterQ Figure 91 Save Named Filter Condition Dialog The Set Condition dialog box closes creates a tab on the Frame Display with the filter name and applies the filter When a display filter is applied a description of the fil Filter Include each Frame where the protocol Data exists ter appears to the right of the toolbar in the Frame Display windows us Note The OK button on the Set Condition dialog box is unavailable grayed out until the con dition selections are complete 5 3 1 5 Defining Node and Conversation Filters There are two steps to using Node and Conversation display filter Define the filter conditions and then apply the filter to the data set The analyzer combines both filter definition and application in one dialog 1 Click t
141. he protocols displayed change depending on the data received Quick Filtering and Hiding Protocols Protocols To Filter In Protocols To Hide Named Filters All Frames With Errors All But the Last Layer FilterO G All Frames With Information All Frames With Information Filter1 ano AYDTP JAYDTP Filter2 A VDTP Signaling AVDTP Signaling 17 SCO link Supported hep Baseband Baseband Filter3 Bluetooth FHS Bluetooth FHS Role Slave Headset Headset Configured BT low energy devic L2CAP F L2CAP Exclude NULLs and POLLs LMP LMP Non Captured Info Non Captured Info e K E PreConnection FHS ID PreConnection FHS IRFCOMM C RFCOMM FISDP ESDP Filtering shows only frames that contain the protocol desired but it shows the entire frame Hiding removes any protocol layers from displaying in any frame Figure 95 Frame Display Quick Filtering and Hiding Protocols Dialog The box on the left is Protocols To Filter In When you select the checkbox for a protocol in the Protocols to Filter In the Summary pane will only display those frames that contain data from that protocol If you filter on more than one protocol the result are all frames that contain at least one of those protocols For example if you filter on IP and IPX NetBIOS you receive all frames that contain either IP or IPX NetBIOS or both A Quick Filt
142. hen you have multiple Frame Display windows open and you are capturing data you may receive an error message declaring that Filtering cannot be done while receiving data this fast If this occurs you may have to stop filtering until the data is captured 4 4 1 9 Working with Panes on Frame Display When the Frame Display first opens all panes are displayed except the Event pane To view all the panes select Show All Panes from the View menu e The Toggle Expand Decode Pane icon in makes the decode pane longer to view lengthy decodes better i e The Show Default Panes icon returns the Frame Display to its default settings e The Show only Summary Pane icon La displays on the Summary Pane To close a pane right click on the pane and select Hide This Pane from the pop up menu or de select Show Pane Name from the View menu To open a pane right click on the any pane and select Show Hidden Panes from the pop up menu and select the pane from the fly out menu or select Show Pane Name from the View menu 55 fte com rontline Debug Communications Faster To re size a pane place the cursor over the pane border until a double arrow cursor appears Click and drag on the pane border to re size the pane 4 41 10 Frame Display Byte Export The captured frames can be exported as raw bytes to a text file 1 From the Frame Display File menu select Byte Export 9 Frame Display le modified channel
143. ial Decoder Parameters dialog to display the Template Manager dialog Name To Save Template As Cancel Frontline4 2 Enter aname for the new template and click OK Currently Saved Templates For This Object Type Frontline The system saves the template and closes the Template adore f Manager dialog Frontines 3 Click the OK button on the Set Initial Decoder Para meters window to apply the template and close the dia log Save Changes to a Template This procedure saves changes to parameters in an existing template 1 After making changes to parameter settings in a user defined template click the Save z but ton at the top of the Set Initial Decoder Parameters window to display the Template Manager dialog 2 Ensure that the name of the template is listed in the Name to Save Template As text box and click OK 16 fte com rontline Debug Communications Faster 3 The system displays a dialog asking for confirmation of the change to the existing template Click the Yes button The system saves the parameter changes to the template and closes the Save As dialog 4 Click the OK button on the Set Initial Decoder Parameters window to apply the template and close the window 3 2 1 3 Deleting a Template 1 After opening the Set Initial Decoder Parameters window click the Delete x button in the tool bar The system displays the Template Manager dialog with a list of saved templates 2 Select click on an
144. idth peak 2641 376 e Average Payload Throughput is the total payload over the entire session divided by the total time e 1 second Payload Throughputis the total payload over the most recent one second e Width peak This displays the maximum throughput seen so far Note 1 second throughput behaves differently than average throughput In particular while average throughput can be very large with only a couple of packets since it s dividing small packet or payload size by small time 1 second throughput can be very small since it divides by an entire one second 4 4 2 3 3 Throughput Graph The following figure depicts the Throughput Graph Throughput Over Time Swap Ji me Hh al Packet Throughput Mni Payload Throughput Include MIC Both bits s Configured Devices O All Devices v Show Running Average Figure 42 Bluetooth low energy Timeline Throughput Graph The Swap button switches the position of the Timeline and the Throughput graph 70 fte com rontline Debug Communications Faster Selecting Throughput Display e Selecting Packet Throughput displays just the Packet Throughput in graph form and displays the Aver age and Average and Second Packet Throughput on the left side of the dialog The y axis numbers appear in blue e Selecting Payload Throughput displays just the Payload Throughput in graph form and displays the Average and Average and 1 Second Payload Throughput o
145. ing AVDTP Parameters 1 From the Set Initial Decoder Parameters window click on the AVDTP tab 2 Set or select the AVDTP decoder parameters 3 Click onthe ADD button The Intial Connection window displays the added parameters 18 fte com frontline Debug Communications Faster Initial Connections in effect from beginning of capture onward until redefined In the piconet 2 on the Slave side with the L2CAP CID 00000 and with the remote side TSID O the AVDTP is camying Si 1 In the piconet 2 on the Master side with the L2CAP CID 0000 and with the remote side TSID 1 the AVDTP is canying Reporting packets Modified by user In the piconet 2 on the Master side with the LAC AP CID 0000 and with the remote side TSID 0 the AVDTP is camying Unknown Modified by user Parameters Added to Decoder 4 To delete a parameter from the Initial Connections window select the parameter and click on the Delete button 5 Decoder parameters cannot be edited The only way to change a parameter is to delete the ori ginal as described above and recreate the parameter with the changed settings and selections and then click on the Add button 6 AVDTP parameters are saved when the template is saved as described in Adding a New or Sav ing an Existing Template on page 16Adding a New or Saving an Existing Template on page 16 3 2 3 2 AVDTP Missing Decode Information The analyzer usually determines the protocol carried in an AVDTP payload by
146. ing methods One of two pieces of data allow alternative pairing 1 PIN is a six digit or less if leading zeros are omitted decimal number 2 Out of Band OOB data is a 16 digit hexadecimal code which the devices exchange via a channel that is different than the le transmission itself This channel is called OOB For off the shelf devices we cannot sniff OOB data but in the lab you may have access to the data exchanged through this channel Click here to see how to capture data after completing the configuration 11 fte com contline Debug Communications Faster 3 1 1 2 Information The ComProbe BPA low energy Information tab is one of the two tabs that appear when you first start the low energy analyzer K BPA low energy datasource o aga File View BPA low energy Help HO Devices Under Test BPA low energy Information FBA16001 Refresh Device List Update Firmware Firmware Yersion BPA low energy 203 13 Jul 12 BPA low energy Querying for firmware ids for firmware ids Premium Maintenance will expire on July 26 2023 Figure 5 BPA low energy Information Tab There are several pieces of information on this display e The current ComProbe BPA low energy hardware firmware is displayed under Firmware Version e If you want to make sure the most up to date list of devices is shown select Refresh Device e If you want to load the latest firmware yo
147. ing our robust software engine called the ComProbe Protocol Analysis System or ComProbe software Whether you are sniffing the air or connecting dir ectly to the chip Frontline analyzers use the same powerful ComProbe software to help you test troubleshoot and debug communications faster ComProbe software is an easy to use and powerful protocol analysis platform Simply use the appropriate ComProbe hardware or write your own proprietary code to pump communication streams directly into the ComProbe software where they are decoded decrypted and analyzed Within the ComProbe software you see packets frames events coexistence binary hex radix statistics errors and much more This manual is a user guide that takes you from connecting and setting up the hardware through all of the ComProbe software functions for your ComProbe hardware Should you have any questions contact the Front line Technical Support Team 1 1 What is in this manual The ComProbe User Manual comprises the following seven chapters The chapters are organized in the sequence you would normally follow to capture and analyze data set up configure capture analyze save You can read them from beginning to end to gain a complete understanding of how to use the ComProbe hardware and software or you can skip around if you only need a refresher on a particular topic Use the Contents Index and Glossary to find the location of particular topics e Chapter 1 ComProbe Har
148. into a Comma Separated File csv To access this feature 1 Right click on the Summary pane or open the Frame Display File menu 2 Select the Export menu item 3 Select a storage location and enter a File name 4 Select Save 6 4 2 Exporting a File with Event Display Export With the Event Display Export dialog you can export the contents of the Event Display dialog as a test txt CSV csv HTML htm or Binary File bin You also have the option of exporting the entire capture buffer or just the current selection of the Event Display dialog 142 fte com frontline Debug Communications Faster Event Display Export File name CJ sers4Frontline4D eskbop 3 NPC Wit Save as lupe CS File cay g Event range All Selection 1 to 2000 DCE Events Per Row CSW Headers CO Multiple Events Per Row No Timestamps ID Show Preamble One Event Per Row Show Timestamp3 YU Show Column Headings Help Save Figure 101 Event Display Export Example csv file How to Export Event Display Data to a File 1 Select Export Events from the File menu on the Event Display window to display the Event Dis play Export dialog 2 Enter a file path and name or click the browser button to display the Windows Save As dialog and navigate to the desired storage location 3 Selecta file type from the Save as type drop down List Menu on the Event Display Export dialog Se
149. ion was initiated and decryption was successful In LE Data we see the Encrypted MIC value The MIC value is used to authenticate the sender of the data packet to ensure that the data was sent by a peer device in the link and not by a third party attacker The actual decrypted data appears between the Payload Length and the MIC in the packet This is shown in the Binary pane below the Summary pane KF Fase Dalag be reer Copies eC Ta 2 PHS VY is2 DDS ka ODEKE6OO IMA per PEG Unfdtend aa Conpaod DT kas energy dewows Kal Filter Lisa Chara res 3 200 Me LE BB LE PET LE ADW LE DATA LE LL LZCAP SMP ATT iaip Fra Frame encypied bia aye Bo Fies FE The Even Chaka aL PS Le Fre Cuba Ting da SUCs fly aaa kar l naa ay HIH 3 8 SUCCESS Mo mO 5 Gap il WH aliae shah a aa i i decrypted POU Langiki 14 Mm 0 H SUCCESS Wei VW zi OOO OL LIE MA n PT am Ct Mc 2 14 Moro on Pwani LEE NTG 0 F SUCCESS ijz 7j KI Do Di mi Aiii ekien Daai Er 1 n Success Ms nH 8 oped ag CRI Deal Ki ce z 5 39 KI LE DATA FILI 4 T8 o Decraphed data TC az i Biao hk a hi 8 hk AAA NG hd Ah To YY MET hezan HOLOLOLON 11811101 grade 1512 205110610 16161111 niea Check F mae TERRI LAH BRR RSUFFBT HELENS Lebo SOBs onananBi up bo all 1 A tAiago 44 emroypied data P Langhi 4 H Chard Wt eH iane Bhe ol NG M42 72 04 50 Ge 55 dd Hii Pa ak oF Oa G8 84 a8 Picker Mia TELE LL se dla3 15
150. is hana seve screen Click the Browse icon to browse to a spe cific directory Otherwise your file is saved in the default capture file directory 9 Click OK when you are finished 6 1 4 Confirm Capture File CFA Changes This dialog appears when you close a capture file after changing the Notes the protocol stack or bookmarks The dialog lists information that was added or changed and allows you to select which information to save and whether to save it to the current file or to a new one Changes made to the file appear in a list in the left pane You can click on each item to see details in the right pane about what was changed for each item You simply check the boxes next to the changes you want to keep Once you decide what changes to keep select one of the following e Save To This File Saves the changes you have made to the current capture file e Save As Saves the changes to a new file 135 fte com rontline Debug Communications Faster e Cancel the Close Operation Closes the file and returns you back to the display No changes are saved e Discard Changes Closes the file without saving any of the changes made to the notes bookmarks or protocol stack 6 1 5 Adding Comments to a Capture File The Notes feature allows you to add comments to a CFA file These comments can be used for many purposes For example you can list the setup used to create the capture file record why the file is
151. ist Show Delta Colma l Add New Column Hel 4 Ifyou wish to remove an overridden rule click on E Remove New Column Remove Override button If you want to remove all PAPANG decoder parameter settings click on Remove All ee ee Restore Default Columns 5 Click OK Add Bookmark Export Provide L2CAP Rules Provide RFCOMM Rules Set Subsequent Decoder Parameters Set Subsequent Decoder Parameters 131 RFCOMM Rules in effect from frame 131 onward until redefined here for a later frame On the Slave side with Server Channel 1 DLCI 2 RFCOMM is canying Headset Overidden by user Show Hidden Panes b Remove Overide SPP encap asyncPPP Headset Remove All FAX Hands Free SIM Access OBEX ok JI Caca J Heb HS HF Undecoded RFCOMM Frames VCP UDI Raw Data Figure 18 Change the Selected Items to Carry selection list Each entry in the Set Subsequent Decoder Parameters dialog takes effect from the specified frame onward or until redefined in this dialog on a later frame Note If the capture has no user defined overrides then the system displays a dialog stating that no user defined overrides exist 3 2 5 RFCOMM Decoder Parameters 3 2 5 1 About RFCOMM Decoder Parameters Each entry in the Set Initial Decoder Parameters dialog takes effect from the beginning of the capture onward or until redefined in t
152. ist box 4 Click on selected layers in the list to de select or click the Reset Selected Layers button to de select all selected layers 138 fte com rontline Debug Communications Faster Frame Display Print Prowde infomaton to export dala from the currerily selected fiber tab include Detal Section Summary Ho decode nection O Al layers C Selected lyers only 802 11 AMP B02 10 5TP Selection Be 1X A2DP AMP Managei 4 ONE Frame Range F Delete Fle Note Bowne pani opbong map alfect whether ang gray background 8 ponted See Help lot mka Figure 97 Frame Display Print Dialog 5 Select the range of frames to include All or Selection in the Frame Range section of the Frame Display Print dialog Choosing All prints up to 1000 frames from the buffer Choosing Selection prints only the frames you select in the Frame Display window 6 Selecting the Delete File deletes the temporary html file that was used during printing 7 Click the OK button If you chose Print Preview the system displays your data in a browser print preview display with options for printing such as page orientation and paper size You can also use your Printer Preferences dialog to make some of these selections When printing your data the analyzer creates an html file and prints the path to the file at the bottom of the page This file can be opened in your browser however it may appear different than the printed version F
153. ist changes the Summary pane to display summary information for that protocol When a Summary low energy predefined Named Filter like Nulls and Polls is selected the Summary drop down is disabled Summary No n Captured Info Text with Protocol Stack To the right of the Summary Layer box is some text giving the protocol stack Baseband with Auto traverse Summary Non Captured Info currently in use Note If the frames are sorted in other than ascending frame number order the order of the frames in the buffer is the sorted order Therefore the last frame in the buffer may not have the last frame number 4 4 1 2 Frame Display Status Bar The Frame Display Status bar appears at the bottom of the Frame Display It contains the following inform ation e Frame s Selected Displays the frame number or numbers of selected highlighted frames and the total number of selected frames in parentheses e Total Frames The total number of frames in the capture buffer or capture file in real time e Frames Filtered In The total number of frames displayed in the filtered results from user applied filters in real time 4 4 1 3 Hiding and Revealing Protocol Layers in the Frame Display Hiding protocol layers refers to the ability to prevent a layer from being displayed on the Decode pane Hidden layers remain hidden for every frame where the layer is present and can be revealed again at any time You can hide as many layers as yo
154. ith similar information from that device but the random number would be different than Mconfirm Once pairing is complete and an encrypted session established the keys are distributed by the master and slave now identified by Side M and Side S respectively in the Summary pane In Frame 39 661 the slave has dis tributed LTK to the master to allow exchange of encrypted data Frame 39 661 through 39 714 in the Sum mary pane SMP tab are the key distribution frames 167 fte com rontline Debug Communications Faster SMP EER CT a rary ey i WELLL KJ DELERS eee 35 573 1 Paang Request 2b 000 14 0 0004 38 315616 Lede Pang Loni i Condi Vehane Ra PEG ee 35 545 2 Paeng Reiponie 26 OOORODO Oha aesa09 39591 1 Farg Conim 36 0000223 O05 705605 38 EN 2 Farg Corim Fb 0000 DO O COTS 01 Fee Figure 118 SMP Pairing Confirm Frame 39 591 from Initiator Side 1 Figure 119 3 SMP F3 eld 1 Farg Randi 3b D DOO ieee Code Encryption Information 39610 2 Paring Random 36 DUDU DOA ONG 798838 LIK Uedd tec N3383 IU eb bbe BE 5 Encnepbon inio 40 Moo OO Coie 065841 367 5 Wasia daie 34 iiidid 0005 02 125541 33 604 5 Idervity Informa 4D OOOO 000502165842 3 706 5 Sigrang riwa 40 00 00 00 1 DO DOS N5843 ami M identity Informa 40 BAADA Ones 335613 39712 M ideny Addes 31 OOOO OCG 338273 F3 714 kd Sagrang riwa 40 00 00 00 0 00 DE NI Figure 120 SMP Key Distribution Frames A 1 2 2 Link Layer The Lin
155. k Layer LL protocol manages the Bluetooth low energy radio transmissions and is involved in starting link encryption To observe the decoded LL commands click on the Frame Display LE LL tab search for and select ControlPkt LL ENC REQ This command should originate with Side 1 the initiator of the encryption link In Figure 11 Frame 39 617 is selected in the Summary pane and we see the decoded LE LL frame is dis play in the Decoder pane Shown in this frame packet is the SKDm that is the Master Session Key Diversifier SKDmaster In Frame 39 623 you will find SKDslave that is combined with SKDmaster to create the Session Key SK Both SDKs were created using the LTK Frame 39 635 through 39 649 in the LE LL tab completes starting of the encryption process After the slave sends LL_START_ENC_RSP Frame 36 649 the Bluetooth devices can exchange encrypted data and the ComProbe sniffing device can also receive and decrypt the encrypted data because the appropriate key is provided in the BPA 600 Datasource window SLE LL 35 025 Dxal3aSbdd Waze 1 UL CHANNEL MAP RED Random vector Randi Ooo00000000000000 29817 Daa OMS 1 LLENCREQ Encypted diversifer EDIT 00000 3673 bal Said D450 2 LIL ENC ASP Master session key identiba SEDmi Oxcs68cIdde cStdb HES Dala ibid CMe 2 LL START ENC REQ Masher rratakration vecio Wim Chede Sided 33 539 Chal ated DES M LL START ENC RSP F3 649 bwal SaEbdd Da 5 LL START ENC RSP 23 EN Ph ae a YE Pati Hi hil id
156. king on Frame 39 617 dis plays the LL ENC REQ command from the master to the slave In the MSC below this command you will see the data transferred that includes SKD ter used to generate the LTK At Frame 39 623 the slave responds with LL_ENC_RSP sending SKD ave to generate LTK at the master Up to this point all transmissions are unencrypted For this example the slave sends the request to start encryption LL START ENC REQ at Frame 39 635 The master responds with LL_START_ENC_RSP at Frame 39 639 and finally the slave responds with LL_START_ ENC_RSP at Frame 36 649 At this point the session link is encrypted All Layers Ciri Summary Non Msg Summary LE BB LE ADV LE DATA LE LL LaCAP ATT SMP 319 617 Enoyplion request ap li a yl tana 1 GE i EI AOU oc nao Hamd SOO EDA SEM Deco aoa 39622 LL_ENC_ASP USED ea ai Na ibil7adabiD LL START NC RED 394 635 si Stan enery pon request LL 5TAAT ENG RED Li START ENC ASP 39 639 Fiat LL START EMC ASP 19 649 Baseband connection encrypted Figure 123 MSC link Layer Encryption BPA 600 low energy capture 169 fte com rontline Debug Communications Faster A 1 7 4 Viewing Decrypted Data In the ComProbe software Frame Display click on the LE BB tab Search in the Summary pane for Decryption Initiated Yes frames In the example depicted in the following figure Frame 39723 is selected In the Decoder pane LE BB shows that the decrypt
157. later be used in a wireless encrypted capture session that requires prior knowledge of encryption keys 5 To start capture click on the Start Sniffing button O on the BPA 600 datasource toolbar A 1 7 2 Use Frame Display to View Encryption Decryption Process A 1 7 2 1 Security Manager Protocol The Security Manager Protocol SMP controls the process for pairing and key distribution The results of a pair ing and key distribution can be observed in the ComProbe software Frame Display Activate the Frame Display by clicking on the icon on the Control window toolbar On the Frame Display low energy protocols are shown in light green tabs Click on the SMP protocol tab that will show only the SMP commands from the full data set EEN S eN VPS Re Pe E PE COE y Le Le ge LE BB LE PKT LE ADV LE DATA LE LL L2CAP ETO Data 5MP B Fiara Sila Code Frome Sire Dela Tiresia wage rina 33 140 i Pang Hegt 25 00 04 24 206469 ika F 33 147 2 PanngFaled zi OOOO 000424235700 ODE dats Asg COB Autres ul i oa penile aici sa 1 ParingRequet 26 DADA 000439335518 R 35 545 Panng Response 25 DA dw A 00 04 38 EHS Bonding Flags Bonding MITH PAMAN Wag 39 551 1 Panny Contre 3 wi 00 08 01 08605 Mmm Encppbon Key Sie 16 Octets 7 600 Faning Conte a Oo COCA OO 0501 735835 3 nisha Key Distribution 79 604 I Pang Random 00 Oog DO CE 765807 EncKay Initiator shall dibibute LTE followed by EDIV and Rand 39 610 Panng Fandom 36 OOOO AA
158. ld only be changed on advice of technical support 7 1 1 4 System Settings Disabled Enabled Options Some of the System Settings options are disabled depending upon the status of the data capture session e As the default all the options on the System Settings dialog are enabled e Once the user begins to capture data by selecting the Start Capture button some of the options on the System Settings dialog are disabled until the user stops data capture and either saves or erases the cap tured data e The user can go into the Startup options and Advanced system options on the System Settings dialog and make changes to the settings at any time 7 1 1 5 Advanced System Options These parameters affect fundamental aspects of the software and it is unlikely that you ever have to change them If you do change them and need to return them to their original values the default value is listed in par entheses to the right of the value box Most technical support problems are not related to these parameters and as changing them could have serious consequences for the performance of the analyzer we strongly recommend contacting technical support before changing any of these parameters To access the Advanced System Options 1 Go to the Control A window 2 Choose System Settings from the Options menu 3 On the System Settings window click the Advanced button 149 fte com frontline Debug Communications Faster Advanced
159. lect from among the following file formats Text File txt CSV File csv HTML File html Binary File bin 4 Select the range of events to include in the file from either All or Selection in the Event Range sec tion of the Event Display Export dialog e Selecting more than one event in the Event Display window defaults the radio button in the Event Display Export dialog to Selection and allows the user to choose the All radio button e When only one event is selected Something must be selected the All radio button in the Event Display Export dialog is selected by default 5 Next you need to select the Side variable for serial communications e is used to determine whether you want to export data from or both e Choose Host Function Control or Both to determine how you want to export the data 5 Choose Host Function Control or Both to determine how you want to export the data 6 Choose whether you want to display multiple events or single events per row 143 fte com contline Debug Communications Faster Events Per Row You can choose to display Multiple Events Per Row but this method contains no timestamps If you select One Event Per Row you can display timestamps multiple events or single events per row Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time The timestamp data types displayed in co
160. les and opened a file from a location other than the default directory All subsequent capture files will be saved to that location Suppose however the next time you want to save a capture file the new file loc ation is not available because the directory structure has changed a folder has been moved a drive has been reassigned a flash drive has been disconnected etc In the case of a lost directory structure subsequent cap ture files will be saved to the default location ComProbe software will always try to save a file to the folder 152 fte com rontline Debug Communications Faster where the last file was opened from or saved to if Use Last Opened Folder for Capture Files is checked If however the location is not accessible files are saved to the default directory that is set at installation If the checkbox is unchecked then the system always defaults to the directory listed in the File Locations dialog 7 1 3 Side Names The Side Names dialog is used to change the names of objects and events that appear in various displays The Side Names dialog will change depending on the sniffing technology in use at the time the software was loaded Changes to the Names are used throughout the program Side Names Default Hames Current Namez Slave Master OK Cancel Figure 108 Example Side Names Where Slave and Master are current 1 To open the Side Names dialog choose Side Names from th
161. line Debug Communications Faster 6 2 2 Importing Capture Files 1 From the Control window A go to the File menu and select Open Capture File or click on the Open icon on the toolbar 2 Left of the File name text box select from the drop down list Supported File Types box to All Importable File Types or All Supported File Types cfa log txt csv cap Select the file and click Open The analyzer automatically converts the file to the analyzer s format while keeping the original file in its original format You can save the file in the analyzer s format close the file without saving it in the analyzer s format or have the analyzer automatically save the file in the analyzer s format see the System Settings to set this option All of these options keep your original file untouched When you first open the file the analyzer brings up the Protocol Stack window and ask you what protocol decodes if any you want to use You must choose a protocol decode at this point for the analyzer to decode the data in the file If you open a file without using any decodes and decide later that you want to apply a decode choose Reframe from the File menu on the Control window At present the analyzer supports the following file types e Frontline Serialtest Async and Serialtest ComProbe for DOS requires the byt for data and the tim for timestamps see note on importing DOS timestamps e Greenleaf ViewComm 3 0 f
162. line ComProbe Protocol Analysis System This dialog lists all the methods ComProbe supports in a tree control See Protocol List Three buttons appear at the bottom of the dialog Run Cancel and Help When the dialog first opens Cancel and Help are active and the Run button is inactive grayed out starts the selected protocol stack Cancel closes the dialog and exits the user back to the desktop Heb takes the user to this help file as does pressing the F1 key 3 Expand the folder and select the data capture method that matches your configuration 4 Click on the Run button and the ComProbe Control Window will openconfigured to the selected capture method VA Note If you don t need to identify a capture method then click the Run button to start the ana lyzer Creating a Shortcut A checkbox labeled Create Shortcut When Run is located near the bottom of the dialog This box is un checked by default Select this checkbox and the system creates a shortcut for the selected method and fte com rontline Debug Communications Faster places it in the Frontline ComProbe Protocol Analysis System lt version gt desktop folder and in the start menu when you click the Run button This function allows you the option to create a shortcut icon that can be placed on the desktop In the future simply double click the shortcut to start the analyzer in the associated protocol Supporting Documentation Th
163. lors oe ieee eee eee eee cece eee eeeees 86 Figure 61 Right Click in Ctrl Summary to Display Show in MSC 86 Figure 62 MSC View of Selected Packet from Ctrl Summary 2222 e eee ee eee cece eee eeeee 87 Figure 63 Return to Text View Using Right Click Menu 87 Figure 64 Highlighted First Search Result 88 Figure 65 Message Sequence Chart Print Preview cece cece eee cece c cece ce eeceeeeees 90 Figure 66 Print Preview Toolbar e cece cece ce ce cece ee eee eee cece cece arana 90 Figure 67 Bluetooth low energy PER Stats Window 2 2 22 cece eee eee ee cee mmama meme mu 92 Figure 68 Bluetooth low energy Packet Error Rate Channels 92 Figure 69 PER Stats Scroll Bar gs ccccccrcwecmondddtudnchwdineescensetdeSacecuuesdcddinahubbdasevaetcsesbedees 97 Figure 70 Example Excluded Packets Message in Scroll Bar Classic Bluetooth 99 Figure 71 Data Audio Extraction Settings dialog 2 2 22 eee e eee cece cece eee c ee eeceeeeees 100 Figure 72 Data and Audio Extraction Status ieee ee eee eee cece eee ee eeeeeeee 101 Figure 73 Rename To in the bottom section of Data Extraction Status 102 Figure 74 Find Diaglog 22 22 cece cee ccc cee ee ec eee c
164. lowed by its address 3 LTK 128 bit key used to generate the ses Sign Responder shall distribute CSAK sion key for an encrypted connection 4 Encrypted Diversifier EDIV 16 bit stored Figure 110 Sample Initiator Pairing Request value used to identify the LTK Anew Decode ComProbe Frame Display BPA 600 low EDIV is generated each time a new LTK is energy capture distributed 5 Random Number RAND 64 bit stored value used to identify the LTK A new Rand is gen erated each time a unique LTK is distributed Of particular importance to decrypting the encrypted data on a Bluetooth low energy link is LTK EDIV and Rand A 1 3 Pairing Methods The two devices in the link use the IO capabilities from Pairing Request and Pairing Response packet data to determine which of two pairing methods to use for generation of the Temporary Key TK The two methods are Just Works and Passkey Entry An example of when Just Works method is appropriate is when the IO cap ability input None and output None An example of when Passkey Entry would be appropriate would be if input Keyboard and output Display There are 25 combinations that result in 13 Just Works method and 12 Passkey Entry method In Just Works the TK O In the Passkey Entry method TK 6 numeric digits Input Keyboard 6 random digits Input Display SMP Code Pairing Confirm Contin Value Oxfade3 9494094 cbedbblfeeSiS9ScSd5 Initiator Pairing Confirm
165. lp you Curent Poison Slack Remove Selected Item From List decide if you need to define your own custom stack Defin ing a custom stack means that the analyzer uses the stack for every frame Frames that do not conform to the stack are decoded incorrectly Click Next to continue Select a Protocol Stack Choose one at a time by Protocol Decode Stack Select Protocols RA tsa All additional stack layers Baseband GB can be determined AMP Manager automatically RP There are no additional 1 Select a protocol from the list on the left 5 stack layers AVDTP arn 2 Click the right arrow button to A AVDTP Report move it to the Protocol AVDTP Sawang Decode Stack box on the AVRCP Move Up F AVRCP Browsing right or double click the pro Baseband Move Down tocol to move it to the right BP 3 ma BlueCore Serial Protocol 7 3 To remove a protocol from the iling stack double click it or select it and click the left arrow but ton 4 If you need to change the order of the protocols in the stack select the protocol you want to move and click on the Move Up and Move Down buttons until the protocol is in the correct position 5 The lowest layer protocol is at the top of the list with higher layer protocols listed underneath Auto traversal Have the analyzer Determine Higher Layers If you need to define just a few layers of the protocol stack and the remaining layers can be determined based on the lower lay
166. lternatively you can choose Set Subsequent Decoder Parameter from the Options menu 3 This option brings up a dialog showing all the places where context data was overridden 4 If you know that information is missing you can t provide it and you don t want to see dialogs asking for it un check Automatically Request Missing Decoding Information 5 When unchecked the analyzer doesn t bother you with dialogs asking for frame information that you don t have In this situation the analyzer decodes each frame until it cannot go further and then simply stop decoding 4 3 Analyzing Byte Level Data 4 3 1 Event Display To open this window click the Event Display icon P on the Control window toolbar The Event Display window provides detailed information about every captured event Events include data bytes data related information such as start of frame and end of frame flags and the analyzer information 35 fte com rontline Debug Communications Faster such as when the data capture was paused Data bytes are displayed in hex on the left side of the window with the corresponding ASCII character on the right 9 Event Display Homer cfa File Edit View Format Bookmarks B Window Help AKIT Ely Ad Ue Event Number 2 at gj 9 40 11 12 13 14 15 437 Slave 00 01 5a 03 f 4a 04 a5 23 6b be DO 01 MM Master 4237 k 46 56 20 23 Slave A PALES a6 23 6b be 00 00 01 amp Master 4353 0b Sd 5c 120008
167. lumns for One Event Per Row Timestamp Delta Event Number Byte Number Frame Number Type Hex Dec Oct Bin Side ASCII 7 bit ASCII EBCDIC Baudot RTS CTS DSR DTR CD RI UART Overrun Parity Error Framing Error 7 Ifyou select csv as the file type choose whether you want to hide display Preambles or Column Headings in the exported file 8 Click Save The Event Display Export file is saved to the locations you specified in File name 144 fte com rontline Debug Communications Faster A B C D E F G H J K 1 Timestamp Delta Event Number Byte Number Frame Number Type Hex iDec Oct Bin ASCII 632 11 30 2012 12 20 02 895166 PM 0 00 00 00 631 626 3 Data 0 0 0 0 633 11 30 2012 12 20 02 895166 PM 0 00 00 00 632 627 3 Data oi 0 0 0 634 11 30 2012 12 20 02 895166 PM 0 00 00 00 633 628 3 Data oi 0 0 0 635 11 30 2012 12 20 02 895166 PM 0 00 00 00 634 629 3 Data 98 152 230 10011000 636 11 30 2012 12 20 02 895166 PM 0 00 00 00 635 630 3 Data 70 112 160 1110000 p 637 11 30 2012 12 20 02 895166 PM 0 00 00 00 636 631 3 Data 94 148 224 10010100 638 11 30 2012 12 20 02 895166 PM 0 00 00 00 637 632 3 Data 22 34 42 100010 639 11 30 2012 12 20 02 895166 PM 0 00 00 00 638 633 3 Data 211 33 41 100001 640 11 30 2012 12 20 02 895166 PM 0 00 00 00 639 634 3 Data ic i 28 34 11100 641 11 30 2012 12 20 02 895166 PM 0 00 00 00 640 635 3 Data 80 128 200 10000000 642 11 30 2012 12 20 02 895166 PM 0 00 00 00 641
168. maps HID kbd cant decrypt Edit View Format Filter Bookmarks Options Window Go Live Open Capture File Close Save Save Selection Reframe 1 le modified channel maps HID_kbd cant_decrypt_GATT cfa 2 example_btsnoop_hcilog cfa 3 C Users BPA500 cfa 4 C Users SDIO_20121005 cfa Print Print Preview Export Byte Export HTML Export Reload Decoders Recreate Companion File Figure 33 Frame Display File menu Byte Export 2 From the Byte Export window specify the frames to export e All Frames exports all filtered in frames including those scrolled off the Summary pane Filtered in frames are dependent on the selected Filter tab above the Summary pane Filtered out frames are not exported e Selected Frames export is the same as All Frames export except that only frames selected in the Summary pane will be exported Byte Export L pg Export raw bytes from the currently selected filter tab All Frames O Selected Frames Figure 34 Byte Export dialog 56 fte com rontline Debug Communications Faster Click the OK button to save the export Clicking the Cancel button will exit Byte Export 3 The Save As dialog will open Select a directory location and enter a file name for the exported frames file 3 Save As X OU z Desktop gt v 4 Search Desktop p Organize v New folder Sr Favorites Name Size Item type gt B
169. mats e Chapter 7 General Information This chapter provides advanced system set up and configuration inform ation timestamping information and general reference information such as ASCII baudot and EBCDIC codes This chapter also provides information on how to contact Frontline s Technical Support team should you need assistance 1 2 Minimum System Requirements e PC with Windows XP 32 bit Service Pack 2 or higher Windows 7 32 or 64 bit e Pentium 2 GHz processor e RAM Requirements 2 GB minimum 4 GB recommended e 100 MB free Hard Disk Space e USB 2 0 High Speed enabled port 1 3 Software Installation 1 3 1 From CD Insert the ComProbe installer disc into your DVD drive Click on the Install CPAS shortcut and follow the dir ections 1 3 2 From Download Download the latest CPAS installer from FTE com Once downloaded double click the installer and follow the directions fte com rontline Debug Communications Faster Chapter 2 Getting Started In this chapter we introduce you to the ComProbe hardware and show how to start the ComProbe analyzer soft ware and explain the basic software controls and features for conducting the protocol analysis 2 1 BPA low energy Hardware The following sections describe the ComProbe BPA low energy hardware connectors and hardware setup 2 1 14 Connecting Powering 1 Insert the USB cable mini connector into the USB port on the ComProbe BPA low energy hard ware 2
170. me Display What do I see on the dialog D D N At the top of the dialog you see four icons that you use to zoom in and out of the dis play vertically and horizontally The same controls are available under the View menu There are three navigation icons also on the toolbar a This takes you to the first Information Frame This takes you to first Protocol State Message X This takes you to the first Error Frame Click here to learn more about this option If there is both Classic and low energy packets there will be a Classic and LE tab at the top of the dialog 83 fte com frontline Debug Communications Faster File Edit View Help PARAN ANOSO BSB Classic LE All Layers Ct Summary Non Msg Summary LE BB LE ADV LE DATA LE LL Classic and LE Tabs shown if both Classic and LE packets are available NESN 0 no MD 0 Length 0 Figure 56 Classic and LE tabs If the Classic tab is selected you will see Classic protocols If you select the LE tab you will see LE Protocols If there is only Classic or only LE the Classic and LE tabs will not appear All Layers BB LMP L CAP AVDTP AVDTP Signaling AZDP Also along the top of the dialog are a series of pro tocol tabs The tabs will vary depending on the pro tocols Clicking on a tab displays the messaging between the master and slave for that protocol For example if you select RFCOMM you will see the m
171. me box followed by the date and time The date and time are when the series was opened 7 1 1 3 Common Options e Restart Capturing After Saving or Clearing Capture File If the Automatically Restart feature is enabled the analyzer restarts capture to the file immediately after the file is closed e Wrap File When enabled the analyzer wraps the file when it becomes full The oldest events are moved out of the file to make room for new events Any events moved out of the file are lost When disabled the analyzer stops capture when the file becomes full Either reset the file or close your capture file to continue e File Size The size of the file will depend of the available hard disk space 1 Click the Min button to see set the minimum acceptable value for the file size 2 Click the Max button to see set the maximum acceptable value for the file size Darin A Enter an integer between 1096 and 1843257 Ca You can accept these values or you can enter a unique file size But if you try to close the dialog after entering a value greater than the maximum or less than the minimum you will see the following dialog Start up 148 fte com rontline Debug Communications Faster Opens the Program Start up Options window Start up options let you choose whether to start data capture immediately on opening the analyzer e Advanced Opens the Advanced System Options window The Advanced Settings shou
172. ment in all the other panes 63 fte com frontline Debug Communications Faster 4 4 1 11 9 Change Text Highlight Color Whenever you select text in the Binary Radix or Char acter panes in Frame Display the text is displayed with t Highlight Color Selector a highlight color You can change the color of the high light Select Color 1 Select Change Text Highlight Color from the Cancel Options menu You can also access the option by right clicking in any of the panes Defaults 2 Select a color from the drop down menu 3 Click OK The highlight color for the text is changed Select Cancel to discard any selection Select Defaults to return the highlight color to blue 4 4 1 12 Protocol Layer Colors 4 4 1 12 1 Data Byte Color Notation The color of the data in the panes specifies which layer of the protocol stack the data is from All data from the first layer is bright blue the data from the second layer is green the third layer is pink etc The protocol name for each layer in the Decode pane is in the same color Note that the colors refer to the layer not to a specific protocol In some situations a protocol may be in two different colors in two different frames depending on where it is in the stack You can change the default colors for each layer Red is reserved for bytes or frames with errors In the Summary pane frame numbers in red mean there is an error in the frame Also the Errors tab i
173. meters eee eee ee cece eee eee e ence eee ee eeeee 13 fte com rontline Debug Communications Faster 3 2 1 Decoder Parameter Templates 2 lice ec ccc eee eee eee eee naana 16 3 2 1 1 Select and Apply a Decoder Template aaan aandaa aana daaa aaan anaana 16 3 2 1 2 Adding a New or Saving an Existing Template aada aaa nananana 16 3 2 1 3 Deleting a Template _ 1 00 22 lee ne ccc ec eect eee ee eeeeeee 17 3 2 2 Selecting A2DP Decoder Parameters _ 2 222 eee eee cece cece cece ee eeeeee 17 3 2 3 AVDTP Decoder Parameters eee ce cece cece cece eee eeeeeee 18 3 2 3 1 About AVDTP Decoder Parameters 0000000000000 0000an 18 3 2 3 2 AVDTP Missing Decode Information 2 eee c eee cee aoaaa aaa aoaaa adanan 19 3 2 3 3 AVDTP Override Decode Information 02 occ eee ee ee ce eee ee ee ee ee ee ee eee 20 3 2 4 L2CAP Decoder Parameters 2 2 22 ec cece ee eee eee ence cece eeeeeeeeeees 22 3 2 4 1 About L2CAP Decoder Parameters eee eee eeeeeee 22 3 2 4 2 L2CAP Override Decode Information 00000000000 23 3 2 5 RFCOMM Decoder Parameters eee eee ee eee ee ee eee ee cece eee ees 24 3 2 5 1 About RFCOMM Decoder Parameters eee ee ee eee eee 24 3 2 5 2 RFCOMM Missing Decode Information _ 2 222 2 eee eee eee cee cece eee eeee 26 3 2 5 3 RFCOMM
174. mmmmmn 124 5 3 1 3 Named Display Filters 2 ccc cece cece eee ee aa 124 5 3 1 4 Using Compound Display Filters a aaaaa oaaao naaa a0 aaao oaaao oaao 222a noa 124 5 3 1 5 Defining Node and Conversation Filters 126 5 3 1 6 The Difference Between Deleting and Hiding Display Filters 127 5 3 1 7 Editing Filters II 129 5 3 2 Protocol Filtering From the Frame Display 222 2 c eee eee eee eee eee eee cece 131 5 3 2 1 Filtering On the Summary Layer Protocol 132 5 3 2 2 Filtering on all Frames with Errors from the Frame Display 132 Chapter 6 Saving and Importing Data __ _ _ 2 2 22 2 eee ccc eee eee eee ee 133 Bak Saving VOU DAA IAE 133 6 1 1 Saving the Entire Capture File using File Save or the Save icon 133 6 1 2 Saving the Entire Capture File with Save Selection 134 6 1 3 Saving a Portion of a Capture File 135 6 1 4 Confirm Capture File CFA Changes 2 22 eee eee ee cee ee cece eee aoaaa oaaao 135 6 1 5 Adding Comments to a Capture File 136 6 2 Loading and Importing a Capture File 136 Vi fte com rontline Debug Communications Faster Als ae je oe i ee hee eed 136 6 2 2 Importing Capture Files 137 Bo PIMC AI AAA AI
175. mmunications Faster e When the selected frame is still being captured all Frame Display panes except the Summary pane dis play Frame incomplete 4 4 1 1 Frame Display Toolbar The buttons that appear in the Frame Display window vary according to the particular configuration of the ana lyzer For controls not available the icons will be grayed out P Control Brings the Control window to the front Ky Open File Opens a capture file ya I O Settings Opens the I O Settings dialog Start Capture Begins data capture to a user designated file pg Capture Closes a capture file and stops data capture to Save Save the currently selected bytes or the entire buffer to file m fl Clear Discards the temporary file and clears the display Event Display Brings the Event Display window to the front Show Message Sequence Chart Message Sequence Chart MSC displays information about the messages passed between protocol layers Duplicate View Creates a second Frame Display window identical to the first qe D5 Apply Modify Display Filters Opens the Display Filter dialog 48 fte com rontline Debug Communications Faster Quick Protocol Filter brings up a dialog box where you can fil ter or hide one or more protocol layers Protocol Stack brings up the Protocol Stack Wizard where you can change the stack used to decode framed data Reload Decoders When Reload Decoders is click
176. mode chips that do BR EDR and LE at the same time Time markers snap to the beginning of the first data packet by default but they can be snapped to the beginning or end of any packet by right clicking on a packet and selecting Align Time Marker to Beginning of Packet or Align Time Marker to End of Packet All other markers will shift relative to that new reference point OxGecobed6 Addr Markersnapped to end of pasan theselected packet creatinga new reference point for all other markers Oxaf9ab45e MarkerIntenal 1 25M5 Figure 49 Timeline Markers Shown Snapped to End of Packet e Timestamp The beginning and ending timestamp for each segment is displayed beneath each segment When showing multiple segments the beginning timestamp is the same as the ending timestamp of the pre vious segment In addition to the timestamps the segment information bar shows the zoom value in the center of the bar ST aC oO Ya Sc rem 2 e napo Bpo YT 5077 Ha a ra Ng Ch i mg o i a Za Addr Oxa faGbhdd Figure 50 Bluetooth le Timeline Segment Timestamp and Zoom Value Note The raw timestamp value is the number of 100 nanosecond intervals since the begin ning of January 1 1601 This is standard Windows time 76 fte com rontline Debug Communications Faster e Packet Info Line The packet info line appears just above the timeline and displays information for the cur rently selected pack
177. monitoring previous traffic However when this fails to occur the Missing Decoding Information Detected dialog appears and requests that the user supply the missing information The following are the most common among the many possible reasons for a failure to determine the traversal 1 The capture session started after transmission of the vital information 2 The analyzer incorrectly received a frame with the traversal information 3 The communication monitored takes place between two players with implicit information not included in the transmission In any case either view the AVDTP payload of this frame and other frames with the same channel as hex data or assist the analyzer by selecting a protocol using this dialog Note You may use the rest of the analyzer without addressing this dialog Additional inform ation gathered during the capture session may help you decide how to respond to the request for decoding information If you are not sure of the payload carried by the subject frame look at the raw data shown data in the Decoder pane on the Frame Display You may notice something that hints as to the profile in use In addition look at some of the frames following the one in question The data may not be recognizable to the analyzer at the current point due to connection setup but might be discovered later on in the capture 19 fte com rontline Debug Communications Faster Frame 93
178. munications Faster 43 ComProbe Protocol Analysis System Bluetooth low energy o E EA File View Live Options Window Help CEA BENFA Configuration lt No Device gt Capture file C Users Public Documents Frontline Test Equipment My Capture Files Capture 2013 05 23_07420 Lcfa Capture Status Paused Capture to Single File lt 1 used Packets on h w 0 For Help Press F1 Packet Decoder 0 pps 0 100 Because the Control window can get lost behind other windows every window has a Home icon that brings the Control window back to the front Just click on the Home icon to restore the Control window 2 3 1 Control Window Toolbar Toolbar icon displays vary according to operating mode and or data displayed Available icons appear in color while unavailable icon are not visible Grayed out icons are available for the ComProbe hardware and software configuration in use but are not active until certain operating conditions occur All toolbar icons have cor responding menu bar items or options Ky Open File Opens a capture file O Settings Opens settings Stop Capture Available after data capture has started Click to stop data capture Data can be reviewed and saved but no new data can be captured Save Saves the file the capture file Clear Clears or saves the capture file Event Display framed data only Opens a Event Display wit
179. n effect and wish to change that parameter 14 fte com rontline Debug Communications Faster e Select the frame where the change should take effect e Select Set Subsequent Decoder Parameters from the Options menu and make the needed changes You can also right click on the frame to select the same option ptions Window Help Directories Yo Check for New Releases at Startup Side Names Protocol Stack Set Initial Decoder Parameters Set Subseguent Decoder Parameters Automatically Request Missing Decoding Information Figure 9 Set Subsequent Decoder Parameters from Control window mate TARRI Unfiltered Info Configured BT low energy devices Errors Baseband LMP PreConnection FH5 Bluetooth FHS L2CAP SDP RFEOMM B Frame Role Addr OLCI Channel Frame Type PAF Bt Cmd CmdType AO Master 1 0x00 o SABM 1 FH Slave 1 0400 0 Ly 1 WA Fa Masher 1 0x00 0 UIH o Com Param Neg Ba Slave 1 0x00 a UIH oO Res Param Nag Set Subsequent Decoder Parameters 52 RFCOMM Rules in effect from frame 52 onward until redefined here for a later frame On the Slave side with Server Channel 13 RFCOMM is carying Hands Free Ovemdden by user Change the Selected tem to Cany Remove Overnide Renove Al Cg Figure 10 Example Set Subsequent Decode for Frame 52 RFCOMM e Fach entry in the Set Subsequent
180. n in the analyzer and what they mean 4 3 7 2 Switching Between Hex Decimal Octal or Binary On the Event Display window the analyzer displays data in Hex by default There are several ways to change the radix used to display data 1 An event is anything that happens on the circuit or which affects data capture Data bytes con trol signal changes and long and short breaks are all events as are I O Settings changes and Data Capture Paused and Resumed The base of a number system Binary 1s base 2 octal is base 8 decimal is base 10 and hexa decimal is base 16 40 fte com rontline Debug Communications Faster Go to the Format menu and select the radix you want A check mark next to the radix indicates which set is cur rently being used Bookmarks Hexadecimal Decimal Octal Binary ASCI 7 bit ASCI EBCDIC Baudot Figure 25 Format Menu 1 Right click on the data display header labels and choose a different radix dg QO a __s i Wa Display numbers in Binary Display numbers in Octal Display numbers in Decimal Display numbers in Hexadecimal Figure 26 Header labels right click 2 Or right click anywhere in the data display and select a different radix xw wa UV wa YA LV WA l Oa 9a Mm 30 Copy the selection and put it on the 24 Save As Go to an Event Number 5e El Find 197 Oc V Display Only Numbers 44 Di
181. n the left side of the dialog The y axis num bers appear in green e Selecting Include MIC will include the transmitted 32 bit Message Integrity Check data in the through put You may want to include Message Integrity Checks in your throughput even though MIC is not application data MICs are transmitted and you may want to included in the throughput as a measure of how active your radio was Average Payload Throughput Average Payload Throughput In this example the 1 Second Payload 514 bits s 638 bits s Throughput is 1 360 bits sec when 1 Second Payload Throughput 1 Second Payload Throughput Include MIC is not checked By check aed N i ai ing the Include MIC box the MIC data Width peak 1 840 Na Width peak 1 840 NAG is included in the throughput data and N bou 1 Second Payload Throughput i B increases to 1 840 bits sec This cap With MIC not selected With MIC selected ture file has 15 MICs in the last second payload is 1360 bits sec payload is 1840 bits sec of the file A MIC is 32 bits for a total of j f 32 bits X 15 MICs 480 bits T Frame 1 280 Len 28 oo Errors a B he easiest way to view MIC data is to use the Frame Display Eon EEE Bool l l LE PKT LE BB LE PKT 1 Using the Decoder pane scroll through the frames until LE PANN aS pamana Access Address 0x50655521 B Framett Data shows Encrypted MIC CRC Ox110063 ae LE DATA j HG 1 273 2 Place the cursor on the Encrypt
182. n the link and is not transmitted between devices STK is formed by combining Mrand and Srand which were formed using device information and TKs exchanged with Pairing Confirmation Pairing Confirm A 1 5 Encryption Key Generation and Distribution To distribute the LTK EDIV and Rand values an LE LL encrypted session needs to be set up The ini Control Pkt LL_LENC_REQ tiator will use STK to enable encryption on the Random vector Rand b277c02fb15517993 link Once an encrypted link is set up the LTK Encrypted diversiher ED Ox838e is distributed LTK isa 128 bit random number Master session key identiher SKO Mm Ox21db6 dd0l d3za that the slave device will generate along with Master indialzation vector Mmk b034efc33 EDIV and Rand Both the master and slave devices can distribute these numbers but Bluetooth low energy is designed to conserve Figure 112 Encryption Request from Master Example energy so the slave device is often resource ComProbe Frame Display BPA 600 low energy capture constrained and does not have the database storage resources for holding LTKs Therefore 164 fte com frontline Debug Communications Faster the slave will distribute LTK EDIV and Rand to the master device for storage When a new encrypted session with a previously linked master device it will request distribution of EDIV and Rand and will regenerate LTK LE LL Control Pkt LL ENC RSP Slave session key identiher SKD Dn
183. nd configurations are put in My Configurations These locations are set at installation Follow the steps below to change the default locations 1 Choose Directories from the Options menu on the Control window to open the File Locations win dow File Locations File Types Location My Capture Files C Users Public Documents Frontlne Test Equipment4My Capture Files My Configurations C Users Public Documents Frontline Test Equipment My Configurations My Decoders C Users Public Documents Frontline Test Equipment My Decoders My Log Files C Users Public D ocuments Frontline Test Equipment My Log Files My Methods C Users Public Documents Frontline Test Equipment My Methods 4 m j OK Cancel Help Use Last Opened Folder for Capture Files Figure 106 File Locations dialog 2 Select the default location you wish to change 3 Click Modify 151 fte com rontline Debug Communications Faster 4 Browse to anew location Browse for Folder Specify My Decoders directory a Ji Public di Desktop 4 J Public Documents di Frontline Test Equipment d My Capture Files di My Configurations Dd My Decoders di My Log Files i My Methods i My Node Databases PC o J cane Figure 107 File Locations Browse dialog 5 Click OK 6 Click OK when finished If a user sets the My Decoders directory such that it is up directory from
184. nel IDs 4 2 6 Providing Context For Decoding When Frame Information Is Missing There may be times when you need to provide information to the analyzer because the context for decoding a frame is missing For example if the analyzer captured a response frame but did not capture the command frame indicating the command The analyzer provides a way for you to supply the context for any frame provided the decoder supports it The decoder writer has to include support for this feature in the decoder so not all decoders support it Note that not all decoders require this feature If the decoder supports user provided context three items are active on the Options menu of the Control win dow and the Frame Display window These items are Set Initial Decoder Parameters Automatically Request Missing Decoding Information and Set Subsequent Decoder Parameters These items are not present if no decoder is loaded that supports this feature Set Initial Decoder Parameters is used to provide required information to decoders that is not context dependent but instead tends to be system options for the protocol Choose Set Initial Decoder Parameters in order to provide initial context to the analyzer for a decoder A dia log appears that shows the data for which you can provide information If you need to change this information for a particular frame 1 Right click on the frame in the Frame Display window 2 Choose Provide lt context name gt A
185. nformation Frames Side Rievinchon 2 Search without regand to data origin O Search only these sides MOTE mia Figure 76 Find Decode Tab Side Restriction There are several options for error searching on the Decoder tab 104 fte com rontline Debug Communications Faster e Search For String in Decoder allows you to enter a string in the text box You can use characters hex or binary digits wildcards or a combination of any of the formats when entering your string Every time you type in a search string the analyzer saves the search The next time you open Find the drop down list will contain your search parameters e Search for All Errors finds frame errors as well as frames with byte level errors such as parity or CRC errors e Search for Frame Errors Only finds frame specific errors such as frame check errors e Search for Information Frame only searches information frames 1 Enter the search string 2 Check Ignore Case to do a case insensitive search 3 When you have specified the time interval you want to use click on the Find Next or Find Pre vious buttons to start the search from the current event The result of the search is displayed in the Decode pane in Frame Display Side Restrictions Side Restriction means that the analyzer looks for a pattern coming wholly from the DTE or DCE side If 24 Event Display KIBR you choose to search without regard for data origin the analyzer mie Edt
186. ng SMP On the Master side with CID b004e Address 0 LACAP is camying Raw Data Figure 17 Parameters Added to Decoder 4 To delete a parameter from the Initial Connections window select the parameter and click on the Delete button 5 Decoder parameters cannot be edited The only way to change a parameter is to delete the ori ginal as described above and recreate the parameter with the changed settings and selections and then click on the Add button 6 L2CAP parameters are saved when the template is saved as described in Adding a New or Saving an Existing Template on page 16Adding a New or Saving an Existing Template on page 16 3 2 4 2 L2CAP Override Decode Information The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 23 fte com rontline Debug Communications Faster 1 Select the frame where the change should take effect 2 Select Set Subsequent Decoder Parameters from the SIEGE ee Options menu or by selecting a frame in the frame Copy Selection to Clipboard display and choosing from the right click pop up Save Selection menu and make the needed changes Refer to Go To Yo Show Frame Size Column 3 Change the L2CAP parameter by selecting from the Show Timestamp Column Change the Selected Item to Carry drop down l
187. ng and Bluetooth Mobile Phone Makers Case Study 1 A Bluetooth mobile phone maker had been using a homemade HCI trace tool to debug the link between the Host CPU in the phone the Bluetooth chip They also were using an air sniffer They replaced their entire sniffing setup by moving to ComProbe software In the original test setup the Host CPU in the phone would send debug messages and HCI data over a serial link A program running on a PC logged the output from the Host CPU To implement the new system using Virtual sniffing a small change was made to the PC logging program and it now sends the data to ComProbe software using the Live Import API The HCI traffic is fully decoded and the debug messages are decoded as well The decoder for the debug messages was written using ComProbe software s DecoderScript feature Decoder Script allows ComProbe software user to write custom decodes and to modify decodes supplied with ComProbe software DecoderScript is supplied as a standard part of ComProbe software In this case the cus tomer also created a custom decoder for HCI Vendor Extensions The air sniffer that was formerly used has been replaced by the standard ComProbe software air sniffer Case Study 2 A second Bluetooth mobile phone maker plans to use Virtual sniffing in conjunction with a Linux based custom test platform they have developed Currently they capture serial HCI traffic on their Linux system and use a set of homegrown utilities t
188. ng on whether the data is being captured live or whether you are looking at a cfa file You will see File Edit View Filter Bookmarks Live Options Window and Help Most of the options are self explan atory e Many of the File Edit menu items are standard Windows type commands Open Close Save Recent Files etc There are however several of these menu items that have unique functionality e Recreate Companion File This option is available when you are working with decoders If you change a decoder while working with data you can use Recreate Companion File to recreate the frm file the companion file to the cfa file Recreating the frm file helps ensure that the decoders will work properly e Reload Decoders When clicked the plug ins are reset and received frames are decoded again e Under the View menu you can choose which Frontline windows are available to open e Live contains commands that are used in capturing data e Under Options you have opportunities to set modify various system settings These include o Hardware Settings o T O Settings o System Settings o Check for New Releases at Startup When this is enabled the application automatically checks for the latest Frontline releases If a new version is detected a dialog appears similar to the sample below The system and version will vary dependent upon the ComProbe hardware being used e The Window menu displays the open Frontline dialogs and standar
189. nge the res olution you need to exit the analyzer and restart in order for the change to take effect 154 fte com rontline Debug Communications Faster 1 4 1 2 1_ Performance Issues with High Resolution Timestamp There are two things to be aware of when using high resolution timestamps The first is that high resolution timestamps take up more space in the capture file because more bits are required to store the timestamp Also more timestamps need to be stored than at normal resolutions The second issue is that using high res olution timestamping may affect performance on slower machines For example if 10 bytes of data are captured in 10 milliseconds at a rate of 1 byte per millisecond and the timestamp resolution is 10 milliseconds then only one timestamp needs to be stored for the 10 bytes of data If the resolution is 1 millisecond then 10 timestamps need to be stored one for each byte of data If you have two capture files both of the same size but one was captured using normal resolution timestamping and the other using high resolution the normal resolution file has more data events in it because less room is used to store timestamps You can increase the size of your capture file in the System Settings 7 1 4 1 3 Switching Between Relative and Absolute Time With Timestamping you can choose to employ Relative Time or Absolute time 1 Choose System Settings from the Options menu on the Control window and
190. nothing that can fail With Virtual sniffing all data is always captured A 2 6 How Virtual Sniffing Works ComProbe software Virtual sniffing works using a feature called Live Import Any application can feed data into ComProbe software using Live Import A simple API provides four basic functions and a few other more advanced functions The four basic Live Import functions are e Open a connection to ComProbe software e Close a connection to ComProbe software e Send an entire packet to ComProbe software e Send a single byte to ComProbe software All applications that send data to ComProbe software via Live Import use the first two functions Usually only one of the two Send functions is used by a particular application When ComProbe software receives data from the application via Live Import the data is treated just as if it had been captured on a Frontline ComProbe sniffer The entire protocol stack is fully decoded With Virtual sniffing the data can literally be coming from anywhere ComProbe software does not care if the data being analyzed is being captured on the machine where ComProbe software is running or if the data is being captured remotely and passed into ComProbe software over an Internet connection A 2 7 Virtual Sniffing and Bluetooth Stack Vendors As the complexity of the Bluetooth protocol stack increases Bluetooth stack vendors are realizing that their cus tomers require the use of a powerful Bluetooth protocol analyze
191. ns are complete 5 3 1 6 The Difference Between Deleting and Hiding Display Filters If you wish to remove a filter from the system permanently then use the Delete procedure However if all you want to do is remove a filter as a means to un clutter the display then use the Hide procedure Deleting a saved filter removes the filter from the current session and all subsequent sessions In order to retrieve a deleted filter the user must recreate it using the Set Conditions dialog Hiding a filter merely removes the filter from the display A hidden filter can be reapplied using the Show Hide procedure 5 3 1 6 1 Deleting Saved Display Filters 1 Select Delete Display Filters from the Delete Named Conditions Fa Filter menu in the Frame Display User Detined Conditions window to open the Delete Named Aa Condition dialog The system displays ited 5 the Delete Named Condition dialog Fiter with a list ofall user defined filters Filter Filter Role Slave 2 Select the filter to be deleted from the SCO link Supported list 3 Click the Delete button 4 Click OK The Delete Named Condition dialog box closes and the system deletes the filter 5 3 1 6 2 Hiding Showing a Display Filter Hiding a Display Filter If a display filter is showing the following steps will hide that filter but will not delete it 127 fte com frontline Debug Communications Faster 1 Select Hide Show Display Fil ters from th
192. ntrol characters as Cc matches any byte or hex or binary digit To enter 8677 of prefix with character Figure 77 Find Pattern Tab 106 fte com rontline Debug Communications Faster aL Decode Paltem Time GoTo SpecisEvents Signal Enoc Bor Patten w Find Ned Enter Has vah as ha L Ignore care Binary values 53 kbbbbbbbb Control characters ac C matches ang beta or hazi o binay digit To ember 97 or peii wath chacie Side Resinction 3 Search eathoul regard to data ongni Search only these sidez F DTE DCE Figure 78 Find Pattern Tab Side Restrictions Pattern allows you to enter a string in the text box You can use characters hex or binary digits control char acters wildcards or a combination of any of the formats when entering your string Every time you type ina search string the ComProbe analyzer saves the search The next time you open Find the drop down list will contain your search parameters 1 Enter the search pattern 2 Check Ignore Case to do a case insensitive search 3 When you have specified the pattern you want to use click on the Find Next or Find Previous buttons to start the search from the current event The result of the search is displayed in the in Frame Display and Event Display Refer to Searching by Decode on page 103 for information on Side Restrictions 5 1 3 Searching by Time Searching with Time allows you search on timestamps on the
193. o Special Events Bookmark Seach fee mestami Yeu Day Hou Go lo the bmesi5mp On ot before the pecihed ima On of alter the pecihed Ime Figure 74 Find Diaglog Find as the name suggests is a comprehensive search function that allows users to search for strings or pat terns in the data or in the frame decode You can search for errors control signal changes bookmarks special events time and more Once the information is located you can easily move to every instance of the Find res ults 5 1 1 Searching within Decodes Searching within decodes lets you to do a string search on the data in the Decode Pane of the Frame Display window To access the search within decodes function 103 fte com rontline Debug Communications Faster 1 Open a capture file to search 2 Open the Event Display P or Frame Display e window 3 Click on the Find icon a8 or choose Find from the Edit menu 4 Click on the Decode tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the con tent of the capture file you are viewing Search Fa Sting In Decode C lge case C Search Foe All Eiros Search Foe Frama are O Search Foe Infcematiqn Frames Figure 75 Find Decode Tab Search for String Decode Patter Time GoTo SpecalEvents Seal Ero 2 Search For Sting In Decode O Search For All Errore O Search For Frame Enor Only O Search For I
194. o decode the captured data They plan to send the captured serial HCI traffic out of the Linux system using TCP IP over Ethernet Over on the PC running ComProbe software they will use a simple TCP IP listening program to bring the data into the PC and this program will hand the data off to ComProbe software using the Live Import API A 2 9 Virtual Sniffing and You If you are a Bluetooth stack vendor a Bluetooth chip maker or a maker of any other products where integrating your product with ComProbe software s Virtual sniffing is of interest please contact Frontline to discuss your requirements There are numerous approaches that we can use to structure a partnership program with you We believe that a partnership with Frontline is an easy and cost effective way for you to add value to your product offering If you are end customer and you want to take advantage of Virtual sniffing all you need to do is buy any Front line Bluetooth product Virtually sniffing comes standard with product 175 fte com rontline Debug Communications Faster Author Eric Kaplan Publish Date May 2003 Revised December 2013 176 Index A A2DP Decoder Parameters 17 Aborted Frame 150 About L2CAP Decoder Parameters 22 Absolute Time 155 Adaptive Frequency Hopping PER Stats 93 Add a New or Save an Existing Template 16 Adding a New Predefined Stack 32 Adding Comments To A Capture File 136 Advanced Settings 147 Advanced System Opti
195. of the segments will scroll the view through the timeline 4 4 3 Message Sequence Chart The Message Sequence Chart MSC displays information about the messages passed between protocol lay ers MSC displays a concise overview of a Blutetooth connection highlighting the essential elements fo the con nection At a glance you can see the flow of the data including role switches connection requests and errors You can look at all the packets int he capture or filter by protocol or profile the MSC is color coded for a clear and easy view of your data 82 fte com rontline Debug Communications Faster H Message Sequence Chart MSC of z File ALAL AMOSCOHB Boe All Layers Ctrl Summary Non Msg Summary BB LMP L2CAP SDP RFCOMM RFCOMM_SABM 3 635 11 57 15 345497 Open signaling channel a Channel Signaling Length 0 3 640 11 57 15 348624 RFCOMM channel s that are Open Signaling Parameter Negotiation 3 645 11 57 15 351747 Command gt Channel Signaling Length 10 FC Sender Supports CF 3 650 11 57 15 354874 3 640 11 57 15 348624 nanaman Baseband connection encryption 3 723 11 57 15 461124 started RFCOMM_SABM 3 730 11 57 15 465497 Open OBEX channel For Help Press FL Figure 55 Message Sequence Chart Window How do access the chart You access the Message Sequence Chart by selecting the icon H or MSC Chart from the View menu from the Control window or Fra
196. ol but are assigned to the layer The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes Click the Toggle Expand Decode Pane icon iE to make the Decode pane taller This allows for more of a lengthy decode to be viewed without needing to scroll 4 4 1 11 5 Radix or Hexadecimal Pane The Radix pane displays the logical bytes in the frame in Ria C s o 7 TE O k DA either hexadecimal decimal or octal The radix can be g i Thi ce the Radix Pane changed from the Format menu or by right clicking on the 7 pane and choosing Hexadecimal Decimal or Octal i Copy Selection to Clipboard A Because the Radix pane displays the logical bytes rather than N Select Entire Frame 3 E the physical bytes the data in the Radix pane may be dif Change Tat adik Coo ferent from that in the Event pane See Physical vs Logical n E Bia Byte Display for more information Hexadecimal A Decimal Colors are used to show which protocol layer each byte C belongs to The colors correspond to the layers listed in the E Octal Decode pane The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an ele ment in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 6 Character Pane The Character pane represents the
197. ollowing are the most common among the many possible reasons for a failure to determine the traversal e The capture session started after transmission of the vital information e The analyzer incorrectly received a frame with the traversal information e The communication monitored takes place between two players with implicit information not included in the transmission In any case either view the RFCOMM payload of this frame and other frames with the same channel as hex data or assist the analyzer by selecting a protocol using this dialog Note that you may use the rest of the analyzer without addressing this dialog Additional information gathered during the capture session may help you decide how to respond to the request for decoding information If you are not sure of the payload carried by the subject frame look at the raw data shown under data in the Decode pane in the Frame Display You may notice something that hints as to the profile in use In addition look at some of the frames following the one in question The data may not be recognizable to the analyzer at the current point due to connection setup but might be discovered later on in the capture 3 2 5 3 RFCOMM Override Decode Information The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 26 l
198. ons 149 Apply Capture Filters 124 Apply Display Filters 122 124 126 127 129 130 ASCII 42 character set 157 viewing data in 42 ASCII Codes 157 ASCII Pane 62 Auto Sizing Column Widths 60 Automatically Request Missing Decoding Inform ation 35 Automatically Restart 146 Automatically Restart Capturing After Clear Cap ture Buffer 146 Automatically Save Imported Capture Files 146 Autotraversal 32 34 AVDTP 18 20 AVDTP Override Decode Information 20 177 fte com ontline Debug Communications Faster Baudot 42 145 Baudot Codes 157 Begin Sync Character Strip 44 Binary 40 107 Binary Pane 63 BL 159 Bookmarks 119 121 Boolean 124 129 130 BPA low energy I O Settings 10 Broken Frame 43 BS 159 Buffer 134 146 Buffer Overflow 146 Buffer File Options 146 Byte 39 40 63 157 Searching 109 byte export 56 C Calculating Data Rates and Delta Times 39 Capture Buffer 134 146 149 Capture Buffer Size 146 Capture File 28 134 137 146 149 auto save imported files 146 capture to aseries of files 146 capture to one file 146 changing default location of 151 changing max size of 146 149 framing captured data 33 importing 137 loading 136 reframing 33 removing framing markers 34 saving 134 135 starting capture to file 28 Capturing 28 Data to Disk 28 CFA file 135 136 Changing Default File Locations 151 Character 107 159 Character Pane 62 Character Set 42 157 158 Choosing a Dat
199. ontinue to enter the requested parameters in the fields provided until the condition statement 1s complete 5 Click OK The system displays the Save Named Condition dialog Provide a name for the filter condition or accept the default name provided by the system and click OK Prohibited characters are left bracket right bracket and equal sign The Set Condition dialog box closes creates a tab on the Frame Display with the filter name and applies the filter The filter also appears in the Quick Filtering and Hiding Protocols dialog When a display filter is applied a description of the filter appears to the right of the toolbar in the Frame Dis play windows 123 fte com rontline Debug Communications Faster Notes e The system requires naming and saving of all filters created by the user e The OK button on the Set Condition dialog box is unavailable grayed out until the condition selec tions are complete e When you have multiple Frame Display windows with a display filter or filters those filter do not auto matically appear in other Frame Display windows You must use the Hide Reveal feature to display a filter created in one Frame Display in different Frame Display window 5 3 1 2 Including and Excluding Radio Buttons All filter dialog boxes contain an Include and an Exclude radio button These buttons are mutually exclusive The Include Exclude selection becomes part of the filter definition and
200. ontline Debug Communications Faster 4 3 6 Switching Between Live Update and Review Mode The Event Display and Frame Display windows can update to display new data during live capture or be frozen to allow data analysis By default the Event Display continually updates with new data and the Frame Display is locked 1 Make sure the Lock icon a is active so the display is locked and unable to scroll 2 Click the Unlock icon again to resume live update The analyzer continues to capture data in the background while the display is locked Upon resuming live update the display updates with the latest data You can have more than one Event Display or Frame Display window open ata time Click the Duplicate View icon ig to open additional Event or Frame Display windows The lock resume function is independent on each window This means that you can have two Event Display windows open simultaneously and one win dow can be locked while the other continues to update 4 3 7 Data Formats and Symbols 4 3 7 1 Switching Between Viewing All Events and Viewing Data Events By default the analyzer on the Event Display dialog shows all events that include e Data bytes e Start of frame e End of frame characters e Data Captured Was Paused Click on the Display All Events icon to remove the non data events Click again to display all events See List of all Event Symbols on page 42 for a list of all the special events show
201. ooann ronron ronnan 166 A 1 7 2 Use Frame Display to View Encryption Decryption Process 167 A 1 7 3 Viewing Encryption in the Message Sequence Chart 169 A 1 7 4 Viewing Decrypted Data _ _ 0 22 oie ee cc eee cece cece eee eens 170 A 1 8 Technical Support eee ee ee cece eee eee eee cece cence scenes 170 A 2 Bluetooth Virtual Sniffing 22 eee cee eee cece eee cece eeeeee 172 A 2 1 Introduction mmmm noo me AAP 172 A 2 2 Why HCI Sniffing and Virtual Sniffing are Useful 172 A 2 3 Bluetooth Sniffing History 22 22 eee cc cee cece cece ee nunu 172 A 2 4 Virtual Sniffing What is it 22 22 ee ccc ee cee cece eee cece onnon 173 A 2 5 The Convenience and Reliability of Virtual Sniffing 174 A 2 6 How Virtual Sniffing Works 20 222i eee cc ce cece eee eee eee eeeeeeeee 174 A 2 7 Virtual Sniffing and Bluetooth Stack Vendors _ 2 2 2 22 e eee eee eee cece eee cece eee 174 A 2 8 Case Studies Virtual Sniffing and Bluetooth Mobile Phone Makers 175 vili fte com rontline Debug Communications Faster aasa a Want ees a eee 175 Bea che see crn NAE as tes te ee he eee ee eee 177 List of Figures Figure 1 BPA low energy Hardware USB PortComProbe 802 11 Q
202. ops capture when the file becomes full Either reset the file or close your capture file to continue e File Size 1 Click the Min button to see set the minimum acceptable value for the file size 2 Click the Max button to see set the maximum acceptable value for the file size 146 fte com frontline Debug Communications Faster You can accept these values or you can enter a unique file size But if you try to close the dialog after entering a value greater than the maximum or less than the minimum you will see thls dialog FTS48T Default A Enter an integer between 1096 and 100560 Enter a name for the capture file in the Default text box Each GK saved file will begin with this name The name of each file is the name you give it in the Name box followed by the date time and a number The date and time are when the series was opened The number increments with each file This guar antees unique file names are created Append Series Start Date amp File Number Select this radio button to automatically append a start date yyyy mm dd_hhmmss and file number 001 when capturing a series of files Append File Start Date Time Select this radio button to automatically append a start date yyyy mm dd_hhmmss when capturing a single file Maximum number of files Set the maximum number of files in the series in the Maximum number of files box The next file starts when the currently open file is full
203. or DOS requires the byt for data and the tim for timestamps see note on importing DOS timestamps e Frontline Ethertest for DOS requires 3 files filename cap filename ca0 and filename cal e Sniffer Type 1 supports files with the enc extension Does not support Sniffer files with a cap exten sion e Snoop or Sun Snoop files with a cap extension based on RFC 1761 For file format see http www faqs org rics ric1761 html e Shomiti Surveyor files in Snoop format files with a cap extension For file format contact Technical Support e CATC Merlin files with a csv extension Files must be exported with a specific format See File Format for Merlin Files for information e CATC Chief files with a txt extension 6 3 Printing 6 3 1 Printing from the Frame Display HTML Export The Frame Display Print dialog and the Frame Display HTML Export are very similar This topic discusses both dialogs Frame Display Print The Frame Display Print feature provides the user with the option to print the capture buffer or the current selection The maximum file size however that can be exported is 1000 frames 137 fte com rontline Debug Communications Faster When Print Preview is selected the output displays in a browser print preview window where the user can select from the standard print options The output file format is in html and uses the Microsoft Web Browser Control print options fo
204. ortion of that file to another file This feature is useful if someone else needs to see only a portion of the data in your capture file On the Control toolbar you can set up to capture a single file or series of files Click here to see those settings There are two ways to save portions or all of the data collected during a data capture Click here to see how to capture data 6 1 1 Saving the Entire Capture File using File Save or the Save icon This option is only available when you select Single File from the Capture Mode on System Settings Click here to learn more about selecting Save options from System Settings 1 Ifyou are capturing data click on the Stop icon to stop data capture You cannot save data to file while it is being captured p 2 Open the Event Display or Frame Display window 3 Click the Save kd icon or select Save from the File menu 133 fte com contline Debug Communications Faster TT Ct 23 Save in i Desktop N7 ABA MA itty Documents O OFTST Tomas David ig My Computer QF TS4 Control DH Plus video i ld My Network Places CIFT54Corkrol DH Video st Frontline Etherbest 7 FTS4Cortrol No Capture bo Buffer mi SS Frontline FTS48T 7 11 5 0 COFT54Contral Intro M 1 Ef 5 Frontline FTS4Cortrol Demo 7 10 13 0 J FTS54Cortrol Intro Video 1 F Frontline FT54Cortrol Demo 7 10 16 0 E FTS4Cortrol_Modbus_video ae l Frontline FTS4U56 7 6 11 0 3FTS Help System Ef C3 Adobe C53
205. ow many frames have been lost There are several things that you can do to try and solve this problem e Use capture filters to filter out data you don t need to see Capture filters reduce the amount of data pro cessed by the analyzer Ethernet Only e Close all other programs that are doing work while the analyzer is running Refrain from doing searches in the Event Display window or other processor intensive activities while the analyzer is capturing data e Timestamping takes up processor time primarily not in timestamping the data but in writing the timestamp to the file Try turning off timestamping from the Timestamping Options window e For Driver Buffer Overflows change the size of the driver buffer This value is changed from the Advanced System Settings Go to the Control window and choose System Settings from the Options menu Click on the Advanced button Find the value Driver Receive Buffer Size in Operating System Pages Take the number listed there and double it e The analyzer s number one priority is capturing data updating windows is secondary However updat ing windows still takes a certain amount of processor time and may cause the analyzer to lose data while the window is being updated Some windows require more processing time than others because the information being displayed in them is constantly changing Refrain from displaying data live in the 156 fte com rontline Debug Communications Faster
206. ox 2 Select the desired protocol 3 To filter on a different layer just select another tab or change the layer selection in the combo box 4 4 1 13 1 2 Filtering on all Frames with Errors from the Frame Display To filter on all frames with errors E 1 Open the Frame Display Bo cow 2 Click the starred Quick Filter icon Y or select Quick Filtering from the Filter menu 3 Check the box for All Frames With Errors in the Protocols To Filter In pane and click OK 4 The system creates a tab on the Frame Display labeled Errors that displays the res Errors ults of the All Frames With Errors filter Ss Note When you have multiple Frame Display windows open and you are capturing data you may receive an error message declaring that Filtering cannot be done while receiving data this fast If this occurs you may have to stop filtering until the data is captured 4 4 2 low energy Timeline The Bluetooth low energy Timeline displays packet information with an emphasis on temporal information and payload throughput The timeline also provides selected information from Frame Display The timeline provides a rich set of diverse information about low energy packets both individually and as a range Information is conveyed using text color packet size and position 67 fte com rontline Debug Communications Faster Bluetooth low energy Timeline le Sniffer Capture_GB6900AA_2 cfa e PA Fil
207. perator broadens the filter and the NOT operator excludes conditions from the filtered results Include parentheses in a compound filter to nest condition sets within lar ger condition sets and force the filter processing order 124 fte com rontline Debug Communications Faster There are two steps to using a compound filter Define the filter conditions and then apply the filter to the data set The analyzer combines both filter definition and application in one dialog 10 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Dis play Filters from the filter menu to open the Set Condition dialog box Click the Advanced button on the Set Condition dialog box Select Include or Exclude radio button Now you can set the conditions for the filter Select the initial condition for the filter from the combo box at the bottom of the dialog for Select each frame Condition Select each frame where the protocol bd where the protocol Set the parameters for the selected con with the conversation dition in the fields provided The fields Ha NG tanga that appear in the dialog box are depend ent upon the previous selection Continue to enter the requested parameters in the fields provided until the conditions statement is complete with the size NOT Condition where the protocol 7777 exists Figure 90 Two Filter Conditions Added with an AND Operator Click t
208. play updates as new data is captured Event Display is synchronized with the Frame Display and Mesage Sequence Chart dialogs Selecting a byte in Event Display will also select the related frame in the Frame Display and the related message in the Mes sage Sequence Chart 4 3 2 The Event Display Toolbar A Home Brings the Control window to the front Ka Home Brings the Control window to the front 36 T E fo wb H K b H lt B BE SB SG fte com rontline Debug Communications Faster Start Capture Begins data capture to disk Stop Capture Closes a capture file and stops data capture to disk Save Prompts user for a file name If the user supplies a name a cfa file is saved Clear Discards the temporary file and clears the display MSC Chart Opens the Message Sequence Chart Lock In the Lock state the window is locked so you can review a portion of data Data cap ture continues in the background Clicking on the Lock icon unlocks the window Unlock In the Unlock state the screen fills in the data captured since the screen lock and moves down to display incoming data again Clicking on the Unlock icon locks the window Duplicate View Creates a second Event Display window identical to the first Frame Display framed data only Brings up a Frame Display with the frame of the cur rently selected bytes highlighted Display Capture Notes Brings up the Capture Notes window where
209. ponse EIR is a tab that appears automatically on the Frame Display window when you capture data 29 fte com contline Debug Communications Faster Fr amo D ipla iry Ti it AP ai BI pina a mwana edsa PO ka pArA YAWE Bon 48COCOO Sumy Tomced Nga moose 2 Baseband wth kuto travesa Unlitered Baseband Extended Inguay Roaperee Snilherbobug Farah Matin Leno Goidiiai 2121111 OOOWHOD 10111009 11100110 Baseband 01011101 11010011 0010011 00200000 00000001 No kngu Fos 0000600000 DONDOOOO DOODODIO O0M000000 D0000000 Extended Ingay Reiponie LI L1001000 PO000110 00001001 O1010000 ii kagua Bweri OLIO1OOD 01101111 01101110 01100101 00000111 Eeit HO Banii Arsu 00000011 00010101 00010001 00011111 00010001 Tad Leng 2 00001001 00012001 DOO0000R DONDOO 00000000 aay Repose Data Type Conta et of 18 sit KILI MANE IKWA Phone AKUN b Liat tit Sern Class ULO ee Pt a WAA sau 3 s RARUA Aan AA RANAN RAAUA A PAP ringed Jab ih nev VU EVEN NUE VUE UU EEUU AI fess Tekehory LARNER RTS nG Pa tata a Z Paa aa seen BH Frames Fitered In End Frans 5 Selects di A7 ty total 757 by ee Figure 22 Frame Display Extended Inquire Response EIR displays extensive information about the Bluetooth devices that are discovered as data is being captured Before the EIR tab was created this type of information was not available until a connection was made to a device Therefore EIR can be used
210. ponse 29 F F F 159 FCSs 38 Field Width 60 File 133 136 146 179 fte com ontline Debug Communications Faster File Locations 151 File Series 146 File Types Supported 136 Filtering 65 67 131 132 Filters 65 67 122 124 126 132 Find 104 106 108 110 111 115 Find Bookmarks 118 Find Introduction 103 Font Size 44 Frame Display 45 48 51 52 54 55 60 64 Frame Display Change Text Highlight Color 64 Frame Display Find 52 Frame Display Status Bar 51 Frame Display Toolbar 48 Frame Display Window 46 Frame Recognizer Change 43 Frame Symbols 61 Frame Display Right Click Filtering 66 Frame Information on the Control Window 7 Freeze 40 FS 159 FTS Serial Driver 160 Go To 109 Green Dots in Summary Pane 61 GS 159 Hex 40 Hexadecimal 62 Hiding Display Filters 127 Hiding Protocol Layers 51 High Resolution Timestamping 155 HT 159 I O Settings Change 43 Icons in Data on Event Display 42 Importable File Types 137 Importing Capture Files 136 INCLUDE 124 Include Exclude 124 L2CAP 22 L2CAP Override Decode Information 23 Layer Colors 64 LF 159 Live Update 40 Logical Byte Display 52 Logical Bytes 52 Long Break 43 low energy Timeline Introduction 67 Low Power 43 Main Window 5 Menus 8 Message Sequence Chart 82 Message Sequence Chart Find and Go To 87 Message Sequence Chart Go To 88 Minimizing 8 Missing Decode Information 19 26 Mixed Channel Sides 42
211. protocols displayed change depending on the data received Quick Filtering and Hiding Protocols Protocols To Filter In Protocols To Hide Named Filters All Frames With Errors All But the Last Layer 77 FilterO All Frames With Information All Frames With Information Filter1 CIAYDTP AVDTP Signaling Baseband Bluetooth FHS Headset 7 L2CAP LMP AYDTP Filter2 AVDTP Signaling SCO link Supported Baseband Filter3 Bluetooth FHS Role Slave Headset Configured BT low energy devic L2CAP Exclude NULLs and POLLs LMP a a Non Captured Info Non Captured Info PreConnection FHS PreConnection FHS RFCOMM RFCOMM C SDP SDP Og Filtering shows only frames that contain the protocol desired but it shows the entire frame Hiding removes any protocol layers from displaying in any frame Figure 40 Frame Display Quick Filtering and Hiding Protocols Dialog The box on the left is Protocols To Filter In When you select the checkbox for a protocol in the Protocols to Filter In the Summary pane will only display those frames that contain data from that protocol If you filter on more than one protocol the result are all frames that contain at least one of those protocols For example if you filter on IP and IPX NetBIOS you receive all frames that contain either IP or IPX NetBIOS or both A Quick Filter tab then appears on the Frame Display Changing the filter de
212. ption is accomplished prior to transmission using a shared secret key A 1 2 Pairing A Bluetooth low energy device that wants to share secure data with another device must first pair with that device The Security Manager Protocol SMP carries out the pairing in three phases 1 The two connected Bluetooth low energy devices announce their input and output capabilities and from that information determine a suitable method for phase 2 2 The purpose of this phase is to generate the Short Term Key STK used in the third phase to secure key distribution The devices agree on a Temporary Key TK that along with some ran dom numbers creates the STK 3 In this phase each device may distribute to the other device up to three keys a the Long Term Key LTK used for Link Layer encryption and authentication b the Connection Signature Resolving Key CSRK used for data signing at the ATT layer and c the Identity Resolving Key IRK used to generate a private address This paper will focus on the LTK Bluetooth low energy uses the same pairing process as Classic Bluetooth Secure Simple Pairing SSP During SSP initially each device determines its capability for input and output IO The input can be None Yes No or Keyboard with Keyboard having the ability to input a number The output can be either None or Display with Dis play having the ability to display a 6 digit number For each device in a paring link the IO capability determine
213. r Change he Sete temto Cory Hei Remove All HS HF Undecoded RFCOMM Frames VCP Figure 20 Set Subsequent Decoder Parameters selection list Note If the capture has no user defined overrides then the system displays a dialog stating that no user defined overrides exist 27 rontline fte com rontline Debug Communications Faster Chapter 4 Capturing and Analyzing Data The following sections describe the various ComProbe software functions that capture and display data packets 4 1 Capture Data 4 1 1 Capturing Data to Disk VA Note Capture is not available in Viewer mode 1 Click the Start Capture icon a to begin capturing to a file This icon is located on the Control Event Display and Frame Display windows Files are placed in My Capture Files by default and have a cfa extension Choose Directories from the Options menu on the Control window to change the default file location Note For the Dashboard when you capture to series of files the window displays the data from the beginning of the first capture even when a new file in the series is created This is because the Dash board is a Session Monitor which means that even if you capture to a series of files the data from the first file is always displayed The display does not refresh when a new capture file in a series is created 2 Watch the status bar on the Control window to monitor how full th
214. r Day Hour Minute Second 1 10000000 E Note Month and Year are not available if you select Relative 108 fte com rontline Debug Communications Faster 3 When you have specified the time interval you want to use click on the Go To Move Forward or Move Backward buttons to start the search from the current event Note When you select Absolute as Search for Go To is available When you select Relative as Search for Move Forward or Move Backwardis available Go to the timestamp On or before On or after The analyzer searches for an event that matches the time specified If no event is found at the time specified the analyzer goes to the nearest event either before or after the specified time Choose whether to have the analyzer go to the nearest event before the specified time or after the specified time by clicking the appro priate radio button in the Go to the timestamp box If you are searching forward in the buffer you usually want to choose the On or After option If you choose the On or Before option it may be that the analyzer finishes the search and not move from the current byte if that byte happens to be the closest match When you select Absolute as Search for the radio buttons are On or before the specified time or On or after the specified time When you select Relative as Search for the radio buttons are On or before the specified time relative to the first selected item or On or after the specifi
215. r Even if the stack vendor s stack is bug free there are interoperability issues that must be dealt with The homegrown hex dumps and trace tools from the early days of Bluetooth just are not good enough any more And building a good protocol analyzer is not easy So stack vendors are partnering with Frontline This per mits the stack vendors to concentrate of improving their stack The typical Bluetooth stack vendor provides a Windows based SDK The stack vendor interfaces their SDK to ComProbe software by adding a very small amount of code to the SDK somewhere in the transport area right about in the same place that HCI data is sent to the Host Controller 174 fte com rontline Debug Communications Faster If ComProbe software is installed on the PC and the Virtual sniffer is running then the data will be captured and decoded by ComProbe software in real time If ComProbe software is not installed or the Virtual sniffer is not running then no harm is done Virtual sniffing is totally passive and has no impact on the behavior of the SDK One Frontline stack vendor partner feels so strongly about ComProbe software that not only have they built Vir tual sniffing support in their SDK but they have made ComProbe software an integral part of their product offer ing They are actively encouraging all customers on a worldwide basis to adopt ComProbe software as their protocol analysis solution A 2 8 Case Studies Virtual Sniffi
216. r and are described together These options are searching for an event where o One or more control signals changed o One or more control signals changed from off to on o One or more control signals changed from on to off e Searching for an event where one or more signals changed means that the analyzer looks at every control signal that you checked and see if any one of those signals changed state at any time o If you want to look at just one control signal m Check the box for the signal m Uncheck all the other boxes m Choose to search for an event where one or more signals changed m The analyzer notes the state of the selected signal at the point in the buffer where the cursor is search the buffer and stop when it finds an event where RTS changed state m Ifthe end of the buffer is reached before an event is found the analyzer tells you that no matches were found e Searching for events where control signals changed state from off to on or vice versa is most useful if the signals are usually in one state and you want to search for occasions where they changed state For example o If DTR is supposed to be on all the time but you suspect that DTR is being dropped o Tell the analyzer to look only at DTR by checking the DTR box and unchecking the others o Doa search for where one or more control signals changed from on to off o The analyzer would search the DTR signal and stop at the first event where DTR dropped from on to
217. r background colors and images Print Background Colors Using Internet Explorer 1 Open the Tools menu on the browser menu bar 2 Select Internet Options menu entry 3 Click Advanced tab 4 Check Print background colors and images under the Printing section 5 Click the Apply button then click OK Configure the Print File Range in the Frame Display Print Dialog Selecting more than one frame in the Frame Display window defaults the radio button in the Frame Display Print dialog to Selection and allows the user to choose the All radio button When only one frame is selected the All radio button in the Frame Display Print dialog is selected How to Print Frame Display Data 1 Select Print or Print Preview from the File menu on the Frame Display window to display the Frame Display Print dialog Select Print if you just want to print your data to your default printer Select Print Preview if you want access to printer options 2 Choose to include the Summary pane check the box in the print output The Summary pane appears at the beginning of the printed output in tabular format If you select All layers in the Detail Section the Data Bytes option becomes available 3 In the Detail Section choose to exclude No decode section the decode from the Detail pane in the Frame Display or include All Layers or Selected Layers Only If you choose to include selected layers then select click on and highlight the layers from the l
218. rame Any other panes which are being viewed are updated accordingly If you use one pane to select a subset of the frame then only that subset of the frame is highlighted in the other panes Protocol Tabs Protocol filter tabs are displayed in the Frame Display above the Summary pane e These tabs are arranged in separate color coded groups These groups and their colors are General white Classic Bluetooth blue Bluetooth low energy green 802 11 orange USB purple and SD brown The General group applies to all technologies The other groups are technology specific Classic Bluetooth blue N Bookmarks info La Baseband LZCAP TES LE BB LE PET LEAD B02 11 Aadio B0211 MAC Data ee Bluetooth low energy green 15 60 i a nes 302 11 orange Figure 37 Example Protocol Tags e Clicking on a protocol filter tab in the General group filters in all packets containing that protocol regardless of each packet s technology e Clicking on a protocol filter tab in a technology specific group filters in all packets containing that pro tocol on that technology e A protocol filter tab appears in the General group only if the protocol occurs in more than one of the technology specific tab groups For example if L2CAP occurs in both Classic Bluetooth and Bluetooth low energy there will be L2CAP tabs in the General group the Classic Bluetooth group and the Bluetooth low energy group Sel
219. rame Display HTML Export The Frame Display HTML Export feature provides the user with the option to export the capture buffer to an html file The maximum file size however that can be exported is 1000 frames How to export display data to an html file 1 Select HTML Export from the File menu on the Frame Display window to display the Frame Dis play HTML Export 139 fte com contline Debug Communications Faster Frame Display HTML Export Prowde infomation to export dala trom the currently selected fiber tab include Detal Sechon Data Byte CA layers Ce Selected lupen only i IFZ SFX Bl ISAKMP Ce Selectii LACAP LLC ae 2 LHF CE Ti 3 Note Browse pent options map affect whether ary gray background is parked See Help las info Figure 98 Frame Display HTML Export Dialog 2 From this point the procedure is the same as steps 2 through 5 in How to Print Frame Display Data above 3 Click the OK button The Save As dialog appears bora AA San O Wo leah orom Filename See Save arte Web Page Hm gt Cancel Figure 99 Save As Dialog 4 Enter a name for the file you want to save The htm extension is automatically added 5 Select Save 140 fte com rontline Debug Communications Faster The file is saved as a htm file in the file location you chose 6 3 2 Printing from the Event Display The Event Display Print feature provides the user with
220. rand Type SCAN RSP Chan 33 Ler Radio Frame Display is synchronized with the selected packet File Edit View Form 3 0 2 PHY Vise MD A rene 30 958 Len 49 no EB 8 oO k CET Find X Be 13 O Summary LE ADV CP 2 OEE Bookm As Configured BT low energy devices Errors Channel Index 33 2480 MHz LE BB LE PKT VA ADV LE DATA LE LL L2CAP SMP ATT iw Meets Predefined Filter Criteria for BT low ene zi s Event Status Recieved without errors B Framett VA Chan Type Add Init amp Scan4 Add AdvA Len Fram Delte i PDU Length 36 6B LE PKT SCAN RSP rand Dxffe24c209871 30 359 37 ADV IND pub x727272727272 37 52 00 0 Preamble Oxaa i Access Address Ox6e 9bed6 30 960 38 ADY IND pub Ox727272727272 37 52 00 0 CRC Ox7 40076 30 961 39 ADY IND pub Ox727272727272 37 52 00 0 LE ADV 30 962 39 SCAN_REQ frand O0x482a51082fde pub 08727272727272 12 27 00 0 ee ea ae an ara aq crAM pep inubl u797979797979 2 P3 nnn 75 fte com rontline Debug Communications Faster Figure 48 low energy Timeline and Frame Display Packet Synchronization 4 4 2 5 low energy Timeline Visual Elements The low energy Timeline consists of the following visual elements e Time Markers Time markers indicated by vertical blue lines are shown at 1 25 ms intervals The markers are provided to help visualize the timescale and are also useful when using dual
221. rd Frontline moves forward 10 events See Event Numbering for why the Data Event Number and All Events Number may be different As a general rule if you have the Show All Events icon depressed on the Event Display window or Frame Display Event pane choose All Events Number If the Show All Events button is up choose Data Event Number 5 1 5 Searching for Special Events Frontline inserts or marks events other than data bytes in the data stream For example the analyzer inserts start of frame and end of frame markers into framed data marking where each frame begins and ends If a hardware error occurs the analyzer shows this using a special event marker You can use Find to locate single or multiple special events To access the search for special events function 1 Open a capture file to search tb 2 Open the Event Display P or Frame Display window 3 Click on the Find icon da or choose Find from the Edit menu 4 Click on the Special Events tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content of the capture file you are viewing 111 fte com rontline Debug Communications Faster Decode Palen Time GoTo Speca Everti Bookmark Aboe Begin Char Sinp C Broken Frans C Butar Overilow C Capture Paused C Capture Resumed C Dropped Frames C Dropping Sync End Char Sinp J End of Frame C Flow Control Active Flow
222. re fore application level protocol decoding was becoming a requirement For example people were starting to browse the Internet using Bluetooth enabled phones and PDAs therefore a good Bluetooth analyzer would need to support TCP IP HTTP hands free A2DP etc For Frontline to support for these higher levels protocols was no problem since they were already in use in other Frontline analyzer products People have been using Frontline Serialtest serial analyzers and Ethertest Ethernet analyzer to troubleshoot TCP IP and Internet problems for many years As we continued to work closely with the Bluetooth community we also came across one other requirement sniffing itself had to be made easier We took a two pronged approach to this problem We simplified air sniff ing and we continue to work on simplifying the process of air sniffing and we invented Virtual sniffing A 2 4 Virtual Sniffing What is it Historically protocol analyzers have physically tapped the circuit being sniffed For example an Ethernet circuit is tapped by plugging into the network A serial connection is sniffed by passively bridging the serial link A Bluetooth air sniffer taps the piconet by synchronizing its clock to the clock of the piconet Master Not only is there a physical tap in traditional sniffing but the sniffer must have some knowledge of the physical characteristics of the link being sniffed For example a Bluetooth air sniffer must know the BD ADDR of
223. re all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 8 Event Pane The Event pane shows the physical bytes in the frame You can choose T Fis Ja 786 4r 1f Oh a5 he between displaying only the data events E 0 This is the Event Pane or displaying all events by clicking the All 7 1 l 5 Copy Selection to Clipboard Events icon t29 ki Select Entire Frame E Displaying all events means that special Change Text Highlight Color events such as Start of Frame End of nak Frame and any signal change events are w Display All Events displayed as special symbols within the data The status lines at the bottom of the pane give the same information as the status lines in the Event Display window This includes physical data errors control signal changes if appropriate and timestamps Because the Event pane displays the physical bytes rather than the logical bytes the data in the Event pane may be different from that in the Radix Binary and Character panes See Physical vs Logical Byte Display for more information Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the Decode pane The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding ele
224. ry Non Mag Summary BB LMP L2CAP SDP RFCOMM HF f AVDTP AWDTF Signaling sata Figure 62 MSC View of Selected Packet from Ctrl Summary You can return to the text version by using a right click and selecting Show in Text All Layers Cul Summary Non Msg Summary BB LMP L2CAP SDP RFCOMM HF AVDTP AVDTP Signaling Shaw ini Tent Sho Time ony Show both Frame and Time Hide both Framed ard Tine Suspend streaming to stream end point 1 Figure 63 Return to Text View Using Right Click Menu You can also choose to show e Frame only e Time only e Show both Frame and Time e Hide both Frame and Time 4 4 3 1 Message Sequence Chart Search The Message Sequence Chart has a Search function that makes it easy to find a specific type message within the layers 87 fte com frontline Debug Communications Faster When you select the 1 Search icon Ha or 2 Select layer and message use F3 key the Select layer and message dialog appears From this dialog you can search for specific pro tocol messages or search for the first error frame 1 On the MSC dialog select one of the protocol tabs at the top Note If you select All Layers in Step 1 the Protocol Layers drop down list is active If you select any of the other single protocols the Protocol Layers drop down is grayed out 2 Or Open the Search dialog using the Search icon or the F3 key 3 Select a specific Protocol Message
225. s their ability to create encryption shared secret keys The Pairing Request message is transmitted from the initiator containing the IO capabilities authentication data availability authentication requirements key size requirements and other data A Pairing Response message is transmitted from the responder and contains much of the same information as the initiators Pairing Request message thus confirming that a pairing is successfully negotiated 162 fte com rontline Debug Communications Faster SMP In the sample SMP decode in the figure at the right Code Pairing Request note the keys identified Creating a shared secret key IO Capabilities KeyboardDisplay a f s DDE data flag OOB Authentication data not present is an evolutionary process that involves several inter 4 AuhRea mediary keys The resulting keys include Bonding_Flags Bonding MITH MITM Protection Yes Maximum Encryption Key Size 16 Octets Initiator Key Distnbution 1 IRK 128 bit key used to generate and resolve random address EncKey Initiator shall distribute LTE followed by EDIY and Rand ldKey Initiator shall distribute IAK followed by its address Sign Initiator shall distribute CSRK 2 CSRK 128 bit key used to sign data and pree naa ji ji TS Responder Key Distribution verify signatures on the receiving device EncKey Responder shall distribute LTK followed by EDIV and Rand IdK ey Responder shall distribute IAK fol
226. s Selected 15 400 1 total For Help Press F1 Figure 38 Summay pane right with Decoder pane left Sides in Bluetooth low energy A Bluetooth low energy data connection consists of connection events which are a series of transmissions on the same channel In each connection event the master transmits first then the slave and then the devices take turns until the connection event is finished When the data connection is encrypted and the packets are successfully decrypted the sniffer can determine exactly who sent which packet only non empty encrypted packets empty packets are never encrypted These packets are labeled either M for master or S for slave When the data connection is unencrypted or when encrypted packets are not successfully decrypted by the sniffer the sniffer cannot distinguish the two devices master and slave packets by their content just by the packet timing In those cases we label each device as side 1 or 2 not as master or slave In each connection event packets sent by the device which transmitted first in the connection event are labeled 1 and packets sent by the device which transmitted second are labeled 2 If no packets in the connection event are missed by the sniffer the device labeled 1 is the master and the device labeled 2 is the slave However if we do not capture the very first packet in a connection event i e 59 fte com rontline
227. s affect system performance Display Options v Display Raw Timestamp Value Display Relative Timestamps Number of digits to display to 4 the right of the decimal point Figure 109 Timestamping Options dialog 1 4 1 1 Enabling Disabling Timestam To enable timestamping click to make a check appear in the checkbox Store Timestamps This time takes effect immediately Removing the check will disable timestamping 1 4 1 2 Changing the Timestamp Resolution This option affects the resolution of the timestamp stored in the capture file The default timestamp is 10 mil liseconds This value is determined by the operating system and is the smallest normal resolutions possible Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time It is also possible to use high resolution o _ timestamping High resolution timestamp Store Timestamps This item takes effect immediately values are marked by an asterisk as high Capture Options resolution in the drop down list To Storage Resolution 0 50 Microseconds high resolution change timestamping resolutions Note 1 To apply resolution changes you must restart the program 1 Goto the Capture Options sec tion of the window Note 2 Finer resolutions increase the capture file size 2 Change the resolution listed in the Storage Resolution box i Note If you cha
228. s changed If the ana lyzer does not capture the first frame with the complete header it cannot decode sub sequent frames with partial header information A magenta triangle indicates that a bookmark is associated with this frame Any comments asso ciated with the bookmark appear in the column next to the bookmark symbol 4 4 1 11 4 Decode Pane The Decode pane aka detail pane im is a post process display that provides a detailed decode of each frame transaction sometimes referred to as a frame The decode is presented in a layered format that can be expanded and collapsed depending on which layer or layers you are most interested in Click on the plus sign to expand a layer The plus sign changes to a minus sign Click on the minus sign to collapse a layer Select Show All or Show Layers from the Format menu to expand or collapse all the layers Layers retain their expanded or collapsed state between frames 61 fte com rontline Debug Communications Faster Gg Expand All Nodes Protocol layers can be hidden preventing them from being ji displayed on the Decode pane Right click on any protocol Hide L2CAP Layer In All Frames layer and choose Hide protocol name from the right click menu Provide AVDTP Rules Each protocol layer is represented by a color which is used to highlight the bytes that belong to that protocol layer in the Event Radix Binary and Character panes The colors are not assigned to a protoc
229. s displayed in red This could be a physical error in a data byte or an error in the protocol decode Bytes in red in the Radix Character Binary and Event panes mean there is a physical error associated with the byte 4 4 1 12 2 Changing Protocol Layer Colors You can differentiate different protocol layers in the Decode Event Radix Binary and Character panes 1 Choose Select Protocol Layer Colors from the Options menu to change the colors used The colors for the different layers is displayed 2 To change a color click on the arrow next to each layer and select a new color 3 Select OK to accept the color change and return to Frame Display Select Cancel to discard any selection Select Defaults to return the highlight colors to the default settings 64 fte com frontline Debug Communications Faster Protocol Layer Color Selector Layer 1 Abed ba Layer9 Abed OK Layer Abed Layer10 B Mi NN NO Cancel IT Bm UM Defaults Layer 4 Abcd State Layer 12 TIN Layer 5 Abed Layer 13 gE Layer Abed Layer 14 Layer Abed Layer 15 Abed 7 Laper8 Abcd M Layer 16 Abed O Layer 3 Abcd EUR Layer 11 Figure 39 Frame Display Protocol Layer Color Selector 4 4 1 13 Protocol Filtering From the Frame Display On the Frame Display click the Quick Filtering icon Y or select Quick Filtering from the Filter menu This opens a dialog that lists all the protocols discovered so far The
230. s of a Second 1 Choose System Settings from the Options menu on the Control A window and click the Timestamping Options button or click the click the Timestamping Options icon a from the Event Display P window 2 Go to the Display Options section at the bottom of the window and find the Number of Digits to Display box 3 Click on the arrows to change the number You can display between 0 and 6 digits to the right of the decimal point 7 2 Technical Information 7 2 1 Performance Notes As a software based product the speed of your computer s processor affects the analyzer s performance Buffer overflow errors are an indicator that the analyzer is unable to keep up with the data The information below describes what happens to the data as it arrives what the error means and how various aspects of the analyzer affect performance Also included are suggestions on how to improve performance The analyzer s driver takes data from the driver and counts each byte as they are put into the driver s buffer The analyzer s driver tells the user interface that data is ready to be processed The analyzer takes the data from the driver s buffer and puts the data into the capture buffer Driver Buffer Overflows occur when the user interface does not retrieve frames from the driver quickly enough Buffer overflows are indicated in the Event Display window by a plus sign within a circle Clicking on the buffer overflow symbol displays h
231. shows how much of the buffer or capture file has been filled For example if you are cap turing to disk and have specified a 200 Kb capture file the bar graph tells you how much of the capture file has been used When the graph reaches 100 capture either stops or the file begins to overwrite the old est data depending on the choices you made in the System Settings e Utilization Events The second half of the status bar gives the current utilization and total number of events seen on the net work This is the total number of events monitored not the total number of events captured The analyzer is always monitoring the circuit even when data is not actively being captured These graphs allow you to keep an eye on what is happening on the circuit without requiring you to capture data 2 3 4 Frame Information on the Control Window Frame Decoder information is located just below the Status bar on the Control window It displays two pieces of information For Help Press F1 e Frame Decoder 233 fps displays the number of frames per second being decoded You can toggle this display on off with Ctrl D but it is available only during a live capture e 132911 displays the total frames decoded fte com rontline Debug Communications Faster e 100 displays the percentage of buffer space used 2 3 5 Drop Down Menus The menus that you see on the Control Window and dialogs like Frame Display and Event Display vary dependi
232. splay Only Characters Display Sides Together meee v Display all Event Information numbers in Binary Display numbers in Octal Display numbers in Decimal V Display numbers in Hexadecimal Figure 27 Data display right click menu 41 fte com rontline Debug Communications Faster If you want to see only the numerical values click on the Numbers Only icon 1 on the Event Display tool bar 4 3 7 3 Switching Between ASCII EBCDIC and Baudot On the Event Display window the analyzer displays data in ASCII by default when you click on the Characters Only icon A There are several ways to change the character set used to display data 1 Go to the Format menu and select the character set you want A check mark next to the character set indicates which set is currently being used 2 With the data displayed in characters right click on the data panel header label to choose a dif ferent character set If you want to see only characters click on the Characters Only icon A on the Event Display toolbar 4 3 7 4 Selecting Mixed Channel Sides If you want to get more data on the Event Display window you can switch to mixed sides mode This mode puts all the data together on the same line Data from one side Slave is shown on a white background and data from the other side Master is shown on a gray background l Click once on the Mixed Sides icon to put the display in mixed sides mode 2 Click
233. st Sa1000 a Go to the timestamp CG On or bedove the specified ima O On ov after the specified lime Figure 32 Searh Find Dialog Find on Frame Display only searches the Decode Pane for a value you enter in the text box To use Find 1 Select the frame where you want to begin the search 2 Enter a value in the Find text box Fan Anane Troe E Note Note The text box is disabled during a live capture to begin the search on frames prior to the frame you selec ted or Find Next Occurrence to begin the search on frames following the frame you selec ted db Arterna Signal Trs The next occurrence of the value if it is found will be high Antenna True lighted in the Decode Pane dem T panama Alberwabor Faka db Trani Sterian Fake 4 Select Find Previous Occurrence or Find Next Occurrence to continue the search There are several important concepts to remember with Find 53 fte com rontline Debug Communications Faster e When you enter a search string and select Enter the search moves forward e If you select Find Previous Occurrence when the search reaches the first frame it will then cycle to the last frame and continue until it reaches the frame where the search began e Shift F3 is a shortcut for Find Previous Occurrence e Ifyou select Find Next Occurrence when the search reaches the last frame it will then cycle to the first frame and continue until it reaches
234. t LMP host connection req Tran ID Initisated by master LMP accepted ted by master O riginal O peode LMP_host_connection_req LMP setup com plete ran ID Initiated by slave Figure 65 Message Sequence Chart Print Preview The information in the dialog will vary depending on the layer that is selected in the Message Sequence Chart the properties of the printer you select and the amount of data in the layer which will correspond to the num ber of pages displayed You control what you see and when to print using the toolbar at the top of the dialog amp BBL Paeh jos MAD DI EI sav Figure 66 Print Preview Toolbar Print Prints all the pages to the printer you select in Print Setup dialog Cancel Printing Cancels the current printing D D Zoom In Horizontally Zoom Out Horizontally Zoom In Vertically and Zoom D 2 Out Vertically allow you to change the look of the printed page 90 fte com rontline Debug Communications Faster e Zoom In Horizontally expands the data horizontally so it can be easier to read e Zoom Out Horizontally squeezes the data together so that more fits on one page e Zoom in Vertically expands the data vertically so it can be easier to read e Zoom Out Vertically squeezes the data so that more fits on one page The current page text box displays the page number that is currently being shown Page 9 mo of on the dialog You can enter a number in the text box th
235. t HS buttons or 2 F2 and F4 keys to move to the next or previous frame in the chart 4 4 3 3 Message Sequence Chart First Error Frame When you select Go to first error frame from the toolbar Xx the Select layer dialog appears Select layer Select layer A2DP ng You have to select a layer from the drop down list to choose what layer you want to search for the error Select layer Select layer aa Once you selecta layer then OK the first error for that layer will be displayed If no error is found a dialog will announce that event AN Error Frame was not Found 89 fte com rontline Debug Communications Faster 4 4 3 4 Message Sequence Chart Printing There are three standard MSC print buttons Print Preview Print and Cancel Printing Print Preview im 1 When you select Print Preview os the Print Setup dialog appears 2 You next need to select your printer from the drop down list set printer properties and format the print output 3 Then you select OK After you select OK the Message Sequence Chart Print Preview dialog appears 2 Print Preview B lolx DBAL Pesci jos AD DE say Page 1 of5 er VersNr v1 2 J 46T version of Slave v1 1 Tran ID Initiated by master VersNr vl 1 LMP features req e535 Tran ID Initiated by master LMP features res FF eatures response er 4 ran ID Initiated by mas
236. t or previous packet next or previous invalid interframe spacing IFS next or previous error packet and the first or last packet e If there is no selected packet in the timeline First Packet G Next Packet O and Last Packet D are enabled but Previous Packet Q is not e A single packet is selected either by clicking on it navigating to it or selecting it in the Frame Display o Single Segment Navigation m Selecting Previous Packet will select the next packet in time moving back in time to the left regardless of which row it is on If the previous packet is not in the display or if a portion of the packet is visible the display will scroll to the next packet and it will appear selected on the left of the display The timestamp will change with the scrolling of the display m Selecting Next Packet will select the next packet in time moving forward in time to the right If the next packet is not in the display the display will scroll to the next packet and it will appear selected on the right of the display The timestamp will change with the scrolling of the display o Multiple Segment Navigation 78 fte com rontline Debug Communications Faster m Selecting Previous Packet will select the next packet moving back in time to the left on the seg ment and will select the previous packet regardless of which or segment it is in If the selected packet overlaps with the previous segment the display will show the p
237. ta transmissions between the Bluetooth low energy devices the ComProbe analyzer needs to know the LTK because this is the shared secret used to encrypt the ses sion There are two ways to provide this information and which to select will depend on the pairing method Just Works or Passkey Entry Figure 115 ComProbe BPA 600 low energy only data source settings a Passkey Entry is easiest if you have the code LE Encryption that was displayed or entered during device pair Enter New Long Tem Key ing The code is what is used to generate the LTK Under LE Encryption enter the code in the Enter New PIN OOB data text box Si siki akini mani b Just Works is more of a challenge because you must know the LTK thatis created at the time of pairing and identification of an encrypted link Curent Long Term Key If your device was previously used in an encrypted capture session the device inform ation including LTK can be found in the Figure 116 BPA 600 datasource Device Database tab Encryption Key Entry e In a design and development environment the LTK is often known beforehand e Capture of Host Controller Interface HCI events using ComProbe HSU can reveal the LTK which is contained in the HCI Link Key Request Reply command HCI capture 1s through direct connection to the device host controller The information 166 fte com rontline Debug Communications Faster obtained in a direct connection can
238. ter Select Print Preview if you want access to printer options Select the range of events to include from either All or Selection in the Event Range section of the Event Display Print dialog Choosing All prints all of the events in the capture file or buffer Choosing Selection prints only the selected events in the Event Display window Note In order to prevent a Print crash you cannot select All if there are more than 100 000 events in the capture buffer Note Note See Configure the Print File Range in the Event Display Print Dialog above for an explanation of these selections 141 fte com rontline Debug Communications Faster Event Display Print Everi range O Al Selection Note Brosas pani opbons may alfect whether ang gray background e parted Ses Help los mic Figure 100 Event Display Print Dialog 3 Click the OK button If you chose Print Preview the system displays your data in a browser print preview display with options for printing such as page orientation and paper size You can also use your Printer Preferences dialog to make some of these selections When printing your data the analyzer creates an html file and prints the path to the file at the bottom of the page This file can be opened in your browser however it may appear different than the printed version 6 4 Exporting 6 4 1 Frame Display Export You can dump the contents of the Summary pane on the Frame Display
239. th development tools such as Bluetooth stack SDKs Software Devel opment Kits and Bluetooth chip development kits This white paper discusses e Why HCI sniffing and Virtual sniffing are useful e Bluetooth sniffing history e What is Virtual sniffing e Why Virtual sniffing is convenient and reliable e How Virtual sniffing works e Virtual sniffing and Bluetooth stack vendors e Case studies Virtual sniffing and Bluetooth mobile phone makers e Virtual sniffing and you Where to go for more information A 2 2 Why HCI Sniffing and Virtual Sniffing are Useful Because the Bluetooth protocol stack is very complex a Bluetooth protocol analyzer is an important part of all Bluetooth development environments The typical Bluetooth protocol analyzer taps a Bluetooth link by cap turing data over the air For many Bluetooth developers sniffing the link between a Bluetooth Host CPU and a Bluetooth Host Controller also known as HCl sniffing is much more useful than air sniffing HCl sniffing provides direct visibility into the commands being sent to a Bluetooth chip and the responses to those commands With air sniffing a software engineer working on the host side of a Bluetooth chip has to infer and often guess at what their software is doing With HCl sniffing the software engineer can see exactly what is going on HCl sniffing often results in faster and easier debugging than air sniffing ComProbe software s Virtual sniffing
240. the frame where the search began e F3 is a shortcut for Find Next Occurrence e You cannot search while data is being captured e After a capture is completed you cannot search until Frame Display has finished decoding the frames e Find is not case sensitive e The status of the search is dis played at the bottom of the dialog Total Frames 259 Frames Filtered In 259 Frame 5 Selected 201 1 e The search occurs only on the pro Search for Antenna True results found tocol layer selected e To search across all the protocols on the Frame Display select the Unfiltered tab e A drop down list displays the search values entered during the current session of Frame Display Antenna True e The search is cancelled when you select a different protocol tab during gee a search e You can cancel the search at any time by selecting the Cancel Current Search ke button 4 4 1 7 Synchronizing the Event and Frame Displays The Frame Display is synchronized with the Event Display Click on a frame in the Frame Display and the corresponding bytes is highlighted in the Event Display Each Frame Display has its own Event Display As an example here s what happens if the following sequence of events occurs 1 Click on the Frame Display icon e in Control window toolbar to open the Frame Display 2 Click on the Duplicate View icon Ng to create Frame Display 2 3 Click on Event Display icon P in Frame Display 2
241. the framing errors stopped occurring When you click Find Next the analyzer stops at the point when the errors began occurring again Clicking Find Previous will search backwards from the current postion The analyzer takes the current selected byte as its initial condition when running searches that rely on finding events where error conditions changed The analyzer searches until it finds an event where error conditions changed or it reaches the end of the buffer at which point the analyzer tells you that there are no more events found in the buffer If you are searching for an exact match the analyzer asks you if you want to continue searching from the beginning of the buffer Searching for Exact Error Conditions T rch for an ex means that th O searc or an exact state means that the C3 Find BPA500 cfa analyzer finds events that exactly match ba the error conditions that you specify Decode Pattern Time Go To Special Events Error Bookmark e Select the This exactly describes the Search for event where ere g One or more of these changed l state radio button Okie or more ofthese occid Ya This exactly C3 One or more of these was off BBSGULEES ihe siala bind Previous e This changes the normal check boxes eee to a series of radio buttons labeled On Off Don t Care On Off and Don t Care for each error Reserved ere side Restriction gt Search without regard
242. the small box next to the name of each protocol you want to filter in hide or Named Filter to display Then click OK 5 3 2 1 Filtering On the Summary Layer Protocol To filter on the protocol in the Summary in the Frame Display window pane 1 Select the tab of the desired protocol or open the Summary combo box 2 Select the desired protocol 3 To filter on a different layer just select another tab or change the layer selection in the combo box 5 3 2 2 Filtering on all Frames with Errors from the Frame Display To filter on all frames with errors 1 Open the Frame Display window 2 Click the starred Quick Filter icon W or select Quick Filtering from the Filter menu 3 Check the box for All Frames With Errors in the Protocols To Filter In pane and click OK 4 The system creates a tab on the Frame Display labeled Errors that displays the res Errors ults of the All Frames With Errors filter Note When you have multiple Frame Display windows open and you are capturing data you may receive an error message declaring that Filtering cannot be done while receiving data this fast If this occurs you may have to stop filtering until the data is captured 132 fte com rontline Debug Communications Faster Chapter 6 Saving and Importing Data 6 1 Saving Your Data You can save all or part of the data that you have captured You can also load a previously saved capture file and save a p
243. the start of frame 21 Mima 15 marker 00 1500 O00 47 mm ss Bookmarks are easy to create and maintain and are a very valuable tool for data ana lysis When you create or modify a bookmark you have up to 84 characters to explain a problem leave yourself a reminder leave someone else a reminder etc Once you create a bookmark it will be saved with the rest of the data in the cfa file When you open a cfa file the bookmarks are available to you 119 fte com rontline Debug Communications Faster Once you have created a bookmark you can use the Find function or other navigation methods to locate and move among them 5 2 1 Adding Modifying or Deleting a Bookmark You can add modify or delete a bookmarks from Frame Display and Event Display Add 1 Select the frame or event you want to bookmark 2 There are three ways to access the Add Bookmark dialog a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark LJ icon on one of the toolbars or c Right click on the frame event and choosing Add Bookmark 3 In the dialog box add a comment up to 84 characters in the text box to identify the bookmark 4 Click OK Once you create a bookmark it will be saved with the rest of the data in the cfa file When you open a cfa file the bookmarks are available to you Modify 1 Select the frame or event with the bookmark to be edit
244. to daka origin o On means that the error occurred Search only these sides Slave Master o Off means that the error did not occur o Don t Care means that the ana lyzer ignores that error condition e Select the appropriate state for each type of error Example If you need to find an event where just an overrun error occurred but not any other type of error you would choose overrun error to be On and set all other errors to Off This causes the analyzer to look for an event where only an overrun error occurred If you want to look for events where overrun errors occurred and other errors may have also occurred but it really doesn t matter if they did or not choose overrun to be On and set the others to Don t Care The analyzer ignores any other type of error and find events where overrun errors occurred To find the next error click the Find Next button To find an error that occurred earlier in the buffer to where you are click the Find Previous button 117 fte com rontline Debug Communications Faster 5 1 8 Find Bookmarks Searching with Bookmarks allows you search on specific bookmarks on the data in Frame Display and Event Display window Bookmarks are notes reminders of interest that you attach to the data so they can be accessed later To access the search for bookmarks 1 Open a capture file to search D KO 2 Open the Event Display or Frame Display window 3
245. to determine whether a connection can should be made to a device prior to making the connection Note If a Bluetooth device does not support Extended Inquiry Response the tab displays Received Signal Strength Indication RSSI data which is less extensive than EIR data 4 2 Protocol Stacks 30 fte com frontline Debug Communications Faster 4 2 1 Protocol Stack Wizard The Protocol Stack wizard is where you define the protocol stack you want the analyzer to use when Select a Protocol Stack decoding frames Select a protocol stack j Build Your Own To start the wizard BUZI o T 802 11 Radio Air Sniffer BlueCore Serial Protocol BCSP from Cambridge Silicon Radio with autotraverse 1 Choose Protocol Stack from the a a AA H 7 Bluetooth HCI USB with autotraverse Options menu on the Control window or Fictitious Protocol with autotraverse ji 3 H4DS with autotraverse click the Protocol Stack icon 77 on pt Sea the Frame D IS pi ay MWS Wireless Coexistence Interface 2 g Curent Protocol Stack 2 Select a protocol stack from the list and click Finish Bluetooth Virtual Transport with Autotraverse Most stacks are pre defined here If you have special requirements and need to set up a custom stack see Creating and Removing a Custom Stack on page 32 1 Ifyou select a custom stack i e one that was defined by a user and not included with the ana lyzer the Remove Selected
246. tolaT 306 Per5tatsE sport csv v My Network Saveastype CSV Fies os v 3 Select a location where you want to save the file in Save in 4 Enter a file name in File name 5 Select Save The file will be saved to that location 4 4 4 8 Packet Error Rate Scroll Bar The PER Stats Scroll Bar displays stats for all packets divided into equal time intervals 96 fte com rontline Debug Communications Faster Figure 69 PER Stats Scroll Bar Captured data begins to appear on the left and fills the width of the bar left to nght The vertical bars in the Scroll Bar each indicate a fixed duration When data first appears in the Scroll Bar as it is being captured each bar equals one second When the data fills the bar reaching the nght side limit the last bar moves back to the center of the Scroll Bar The bars stay the same size but doubles in duration for example the first time the Scroll Bar fills the bars return to the middle but now each bar represent two seconds of time instead of one Each time the bars cycle to the middle the time they represent doubles When the bars move and the Viewport see below is not maximized the View port moves with the bars so that the same packet range is indicated When the Viewport is maximized it stays maximized regardless of what the bars do This ensures that the display can be made to reflect all packets at all times by maximizing the The Viewport is us
247. ts that were previously sniffed but not yet read by the ComProbe analyzer This happens when packets are being sniffed faster than the ComProbe analyzer can process them These packets are stored either on the ComProbe hardware itself or ina file on the PC If there are remaining packets to be processed when live capture stops the Transferring Pack ets dialog below is displayed showing the packets yet to be read by the ComProbe analyzer The dialog shows the name of each ComProbe hardware device its process id in square brackets and the number of packets remaining These stored packets are read until they re exhausted or the user clicks the Discard button on the dialog Unlike 802 11 Bluetooth packets never come in faster than the datasource can process them However Bluetooth packets must still be stored so that they can be read in chronological order with the 802 11 packets Transferring Packets Current Packet Transfer Statistics Hardware Packets on hardware ComProbe 802 11 6120 21 084 BPA 500 2720 3 Total 21 057 Live capture has stopped but there are packets buffered on the ComProbe Hardware that have not been decoded These packets will continue bo be transferred and decoded until complete Press the Discard button to stop packet transfer and discard all untransferred packets malansa is 26 complete O seconds remaining Figure 21 Packet Transfer Dialog 4 1 2 Extended Inquiry Response Extended Inquiry Res
248. u select the Update Firmware button e A message box at the bottom of the dialog displays status for devices that are connected 3 1 1 3 Update Firmware When you select the Update Firmware on the Information tab the Update BPA low energy ComProbe firm ware dialog appears You use this dialog to update your low energy analyzer with the latest firmware It is very important that you update the firmware If the firmware versions are not the same you will not be able to start sniffing Update BPA low energy ComProbe firmware C Program Files x86 Frontline Test System II Frontline ComProbe Protocol Analysis System 12 Status Error opening DFU file Figure 6 BPA low enerby Information Tab Update Firmware Dialog 12 fte com rontline Debug Communications Faster 1 Make sure the ComProbe BPA low energy analyzer is attached 2 Select the location of the firmware file 3 Select Flash Device The download begins with the Status bar displaying the progress When the download is complete you can check the firmware version by checking the Status dialog 4 Select Done when the update is finished 3 1 1 4 Datasource Toolbar Menu The Datasource dialog toolbar and menu options are listed below Toolbar Start Sniffing button to begin sniffing All settings are saved automatically when you start sniffing Pause button to stop sniffing When you select the Discover Devices button the software lists all th
249. u wish Note Hiding from the Frame Display affects only the data shown in the Frame Display and not any inform ation in any other window There are two ways to hide a layer 51 fte com rontline Debug Communications Faster 1 Right click on the layer in the Decode pane and choose Hide protocol name Layer In All Frames 2 Click the Set Protocol Filtering button on the Summary pane toolbar In the Protocols to Hide box on the right check the protocol layer s you want hidden Click OK when finished To reveal a hidden protocol layer 1 Right click anywhere in the Decode pane 2 Choose Show protocol name Layer from the right click menu or click the Set Protocol Filtering button and un check the layer or layers you want revealed 4 4 1 4 Physical vs Logical Byte Display The Event Display window and Event Pane in the Frame Display window show the physical bytes In other words they show the actual data as it appeared on the circuit The Radix Binary and Character panes in the Frame Display window show the logical data or the resulting byte values after escape codes or other character altering codes have been applied a process called transformation As an example bytes with a value of less than 0x20 the Ox indicates a hexadecimal value cannot be trans mitted in Async PPP To get around this a Ox7d is transmitted before the byte The 0x7d says to take the next byte and subtract 0x20 to obtain the true val
250. ue In this situation the Event pane displays Ox7d 0x23 while the Radix pane displays 0x03 4 4 1 5 Sorting Frames By default frames are sorted in ascending numerical sequence by frame number Click on a column header in the Summary pane to sort the frames by that column For example to sort the frames by size click on the Frame Size column header An embossed triangle next to the header name indicates which column the frames are sorted by The direction of the triangle indicates whether the frames are in ascending or descending order with up being ascending Note that it may take some time to sort large numbers of frames 4 4 1 6 Frame Display Find Frame Display has a simple Find function that you can use to search the Decode Pane for any alpha numeric value This functionality is in addition to the more robust Search Find dialog Frame Display Find is located below the toolbar on the Frame Display dialog Frame Display bpa bt le cfa Bf TEST npa MAS ww Emm 88 OO Find RA C Sum Figure 31 Frame Display Find text entry field Where the more powerful Search Find functionality searches the Decode Binary Radix and Character panes on Frame Display using Timestamps Special Events Bookmarks Patterns etc 52 fte com rontline Debug Communications Faster Sele Golo Special Everts Bookmark berth serge Month Pugu 2007 Hep Day Hou Hite Second 1 1 000000 Secondi a Sn IB
251. until redefined in this dialog on a later frame If you are unhappy with your changes you can undo them by simply choosing your override from the dialog box and pressing the Remove Override button After pressing OK the capture file will recompile as if your changes never existed so feel free to experiment with desired changes if you are unsure of what configuration to use CPAS Info bl Note If the capture has no user defined over rides then the system displays a dialog stating that no user defined overrides exist This buffer contains no user overridden items 21 fte com rontline Debug Communications Faster 3 2 4 L2CAP Decoder Parameters 3 2 4 1 About L2CAP Decoder Parameters Each entry in the Set Initial Decoder Parameters dialog takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog AVDTP Securty L2CAP Recomm a2DP usa ix Tce UDP Initial Connections in effect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog Stream Master v Channel ID Address DataSource DS No set O for Single DS Caries PSM Raw Data Figure 16 L2CAP Decoder parameters tab The L2CAP Set Initial Decoder Parameters dialog reguires the following user inputs to complete a Parameter Stream This identifies the role of the device initiating the frame
252. us making it possible to put the same field at the front and back for example of a long header line so that the field is visible regardless of where the header is scrolled to An added field can be removed from the Summary pane by selecting Remove New Column from the right click menu The default column layout both membership and order can be restored by selecting Restore Default Columns from the Format or right click menus Changing Column Widths To change the width of a column 1 Place the cursor over the right column divider until the cursor changes to a solid double arrow 2 Click and drag the divider to the desired width 3 To auto size the columns double click on the column dividers Hiding Columns To hide a column 1 Drag the night divider of the column all the way to the left 2 The cursor changes to a split double arrow when a hidden column is present 3 To show the hidden column place the cursor over the divider until it changes to a split double arrow then click and drag the cursor to the right 4 The Frame Size Timestamp and Delta columns can be hidden by right clicking on the header and selecting Show Frame Size Column Show Timestamp Column or Show Delta Column Follow the same procedure to display the columns again Moving Columns Changing Column Order To move acolumn 60 fte com rontline Debug Communications Faster 1 Click and hold on the column header 2 Drag the mouse over the h
253. ve want to transmit encrypted Figure 114 Message Sequence Chart Enoc y pied LL START ENC RSP Baseband Conmection Encrypted data Link Layer Encryption A 1 7 Decrypting Encrypted Data Using ComProbe BPA 600 low energy Capture Note The following discussion uses the ComProbe BPA 600 in low energy capture mode to illustrate how to identify the encryption process and to view decrypted data However any of the ComProbe devices BPA 500 BPA low energy or Sodera that are low energy capable will accomplish the same objectives although the datasource setup will be slightly different for each device 165 fte com frontline Debug Communications Faster A 1 7 1 Setting up the BPA 600 1 Run the ComProbe Protocol Analysis Software and select Bluetooth Clas 2 BPA 600 datasource File View BPA600 Help sic low energy BPA 600 This will HAHA bring up the BPA 600 datasource win Devices Under Test Device Database BPA 600 Information dow This is where the parameters are Pitoy ee Se set for sniffing including the devices csc Device 0001543535362 to be sniffed and how the link is to be gy Stopped vera decrypted 2 Classic Device x00017d870003 2 Select Devices Under Test tab on the Ni Classic Encryption LE Encryption Datasource window WAA PIN Code ASCII 3 Click select LE Only ae Enter New PIN OOB data Current Link Key Current Long Term Key 4 To decrypt encrypted da
254. vent and Frame Displays 54 4 4 1 8 Working with Multiple Frame Displays 22 22 e eee eee eee eee eee ee eee 55 4 4 1 9 Working with Panes on Frame Display 2 eee eee eee eee aaao adaon dinaanan 55 4 4 1 10 Frame Display Byte Export i eee ec cee eee cece e eee ee 56 4 4 1 11 Panes in the Frame Display 00 22 2 eee ee aoaaa aaa aoaaa anana 57 4 4 1 12 Protocol Layer Colors 2 ll eee enc cece cece mm eee eee eeeeee 64 4 4 1 13 Protocol Filtering From the Frame Display 65 4 4 2 low energy Timeline 22 22 eee ence cee ce cece eee eee cece ee eeeeeeeeees 67 4 4 2 1 low energy Timeline Toolbar 2 ee eee eee cece cee cece eect eeeeeee 68 fte com rontline Debug Communications Faster 4 4 2 2 low energy Timeline Legend memmmmmemeee 69 4 4 2 3 Throughput Displays _ 2 222 oe eee cece eee eee aana anaana 69 4 4 2 4 The Timeline cece ce cee ce ce ce ee cece cece cece eee eeeeeeeeeeeees 72 4 4 2 5 low energy Timeline Visual Elements 76 4 4 2 6 low energy Packet Discontinuities 2 22 eee eee cece eee cece cece eee 78 4 4 2 7 low energy Timeline Navigating and Selecting Data 78 4 4 2 8 le Timeline Zooming 2 2
255. vices go encrypted In LE the long term key is generated solely on the slave device and then during pairing is distributed to a mas ter device that wants to establish an encrypted connection to that slave in the future Thus the long term key is transmitted over the air albeit encrypted with a one time key derived during the pairing process and discarded afterward the so called short term key The long term key is directional i e it is only used to for connections from the master to the slave referring to the roles of the devices during the pairing process If the devices also want to connect the other way round in the future the device in the master role during the pairing process also needs to send its own long term key to the device in the slave role during the pairing process also encrypted with the short term key of course so that the device which was in the slave during the pairing process can be a master in the future and connect to the device which was master during the pairing process but then would be in a slave role Since most simple LE devices are only ever slave and never master at all the second long term key exchange is optional during the pairing process WA Note f you use Copy Paste to insert the Long Term Key ComProbe software will auto cor rect remove invalid white spaces to correctly format the key 2 Enter a PIN or out of band OOB value for pairing This optional information offers alternative pair
256. w just one segment or you can zoom out to show multiple segments In multiple segment displays the segments are contiguous from top to bottom Refer to the diagram below The top most segment contains the beginning timestamp on the left The timeline proceeds from left to right in a segment and continues in the next segment down beginning on the left of that segment If you zoom out to show two segments the viewable timeline appears in those two segments You will use the scroll bar on the right to scroll through the timeline In a one segment display the viewable timeline appears in that one segment You will scroll through the timeline using the scroll bar appearing at the bottom of the timeline display e Rows show either the access address of the configured devices or of all discovered devices Because the segments are contiguous in multiple segment displays the rows in each segment are identical In the following diagram we see a three segment display showing the timeline flow 73 fte com rontline Debug Communications Faster Timeline Begining Timestamp End of Segment Timestamp Timeline Segment Timeline Row1 Timeline Row2 Timeline Row3 End of upper segment is beginning of segment below Timeline Row1 Timeline Row2 Timeline Row3 End of upper segment is beginning of segment below Timeline Row1 Timeline Row2 Timeline Row3 Timeline Ending Timestamp Figure 45 Diagram of low
257. which you want to generate a CRC 38 Click on the CRC icon v In the CRC dialog box click on the down arrow to show Choose CRC Method the list of choices for CRC algorithms Choose an algorithm to use Choose CRC 32 Ethernet Choose CRC Sum 1 s comp 32 Ethernet for Ethernet data or the appropriate CRC oe aria type for serial data KOR 1 s comp 0h 2 s com Enter a Seed value in hexadecimal if desired CPC Erev CRC CCITT Click OK to generate the CRC It appears in the byte a information lines at the bottom of the Event Display win dow Whenever you select a range of data a CRC using the algorithm you selected 1s calculated automatically Calculating CRC for interwoven data 4 3 5 Calculating Delta Times and Data Rates Use the mouse to select the data you want to calculate a delta time and rate for Event Display Homer cfa File Edit View Format Bookmarks mirum Window 00 41 00 Ob ef 1d Od Da 7b 43 4 So U woe 2c 30 Od Oa Sa amp 31 amp 200 24 Ob Sd 5f 000 24 6c 00 24 Ob Sd Sc 00 01 5a 05 it 5 3 2011 1 49 04 521786 PM to 5 Rate ae Ac Slave CRC Master Errors Figure 24 Delta fields 39 fte com contline Debug Communications Faster Help Click on the Event Display icon P on the Control window to open the Event Display win The Event Display window displays the delta time and the data rate in the status lines at the bot tom of the window fte com r
258. ws a running average in the Throughput Over Show Running Average Time graph as an orange line 77 fte com rontline Debug Communications Faster 4 4 2 6 low energy Packet Discontinuities The following figure depicts a discontinuity between two packets zi Timestame 11 20 2009 10 49 58 133439 AM 0 00375 is he Tietia 1100S 142 56 1 37189 AM 010075 Figure 53 Bluetooth low energy Packet Discontinuity To keep the timeline and the throughput graph manageable big jumps in the timestamp are not represented linearly Instead they are shown as discontinuities A discontinuity exists between a pair of packets when the timestamp delta the timestamp of the second packet minus the timestamp of the first packet is 1 more than 4 01 seconds or 2 is negative The reason that the discontinuity trigger is set at 4 01 seconds is because the maximum connection interval time is 4 seconds A discontinuity is indicated by a cross hatched pattern drawn between two packets and a corresponding ver tical dashed line in the throughput graph When the timestamp delta is greater than 4 01 seconds the dis continuity is a cosmetic convenience that avoids excessive empty space When the timestamp delta is negative the discontinuity is necessary so that the packets can be drawn in the order that they occur 4 4 2 7 low energy Timeline Navigating and Selecting Data Buttons menu items and keystrokes can be used to go to the nex
259. y for viewing capture files To manually unframe your data 1 Select Unframe from the File menu on the Control window Unframe is only available if a pro tocol stack was used to capture the data and there is currently no protocol stack selected In addition to choosing to Unframe you can also be prompted to Unframe by the Protocol Stack Wizard 1 Load your capture file by choosing Open from the File menu on the Control window 2 Select the file to load 3 Choose Protocol Stack from the Options menu on the Control window 4 Select None from the list 5 Click Finish The Protocol Stack Wizard asks you if you want to unframe your data and put it into a new file 6 Choose Yes The system removes the frame markers from your data puts the unframed data into a new file and opens the new file The original capture file is not altered See Reframing on page 33 for instructions on framing unframed data 4 2 5 How the Analyzer Auto traverses the Protocol Stack In the course of doing service discovery devices ask for and receive a Protocol Descriptor List defining which protocol stacks the device supports It also includes information on which PSM to use in L2CAP or the channel number for RFCOMM or the port number for TCP or UDP The description below talks about how the analyzer auto traverses from L2CAP using a dynamically assigned PSM but the principle is the same for RFCOMM chan nel numbers and TCP UDP port numbers The analyzer
Download Pdf Manuals
Related Search