none
How to read the payload of ETW packet captured with Message Analyzer? RRS feed

  • Question

  • Hi all,

    I am trying to understand the structure of the payload logged in Message Analyzer for bluetooth LE HCI messages.

    For example I have an entry in Message Analyzer for Microsoft_Windows_BTH_BTHPORT "writing HCI paket". The payload is 00020E00001B0017000400000000001F00020E1B00170004005246004B00001131004E422D464552544C2D4E46537C35.

    4B00001131004E422D464552544C2D4E46537C35 is the data I send. I just cannot figure out how the data before should be read:

    00020E00001B0017000400000000001F00020E1B0017000400524600.

    Then I have a entry "reading HCI-paket" with payload 01020E02000A0006000400000000000E00022E0A0006000400050144000229 that does not bubble up to my application.

    How to interpret this? Is there any documentation on this?

    Regards,

    Frank


    Friday, October 12, 2018 2:05 PM

Answers

  • Hi Frank,

    "Is there any documentation on this?"

    Yes this is the raw HCI payload how to parse this is in the Bluetooth Core Spec 4.0 or later should be fine, the current is Core Spec 5.0. Which is available at Bluetooth.com.

    However you may find using btvs.exe from the WDK to be easier if you have access to Frontline Protocol Analysis System (FTE). The last minute of the video 'Bluetooth: Bluetooth GATT Server - Part 3 of 3' shows using it.

    Ellisys and Wireshark support are in the backlog.

    Thanks,
    Frank

    • Marked as answer by Frank Ertl Thursday, October 18, 2018 7:05 AM
    Thursday, October 18, 2018 4:14 AM

All replies

  • Hi Frank,

    "Is there any documentation on this?"

    Yes this is the raw HCI payload how to parse this is in the Bluetooth Core Spec 4.0 or later should be fine, the current is Core Spec 5.0. Which is available at Bluetooth.com.

    However you may find using btvs.exe from the WDK to be easier if you have access to Frontline Protocol Analysis System (FTE). The last minute of the video 'Bluetooth: Bluetooth GATT Server - Part 3 of 3' shows using it.

    Ellisys and Wireshark support are in the backlog.

    Thanks,
    Frank

    • Marked as answer by Frank Ertl Thursday, October 18, 2018 7:05 AM
    Thursday, October 18, 2018 4:14 AM
  • Hi Frank,

    thank you. I never heard of the Frontline tools before and this looks really promising to track down our problems connecting to various Android devices.

    Regarding HCI spec: I am quite familiar with this as I wrote some code to communicate with a BlueGiga dongle via HCI, but I am not able to match the above mentioned data to the command structures I know. However using btsv.exe in connection with the Frontline tools should be sufficient.

    Regards,

    Frank

    Thursday, October 18, 2018 7:05 AM