One minute to understand BLE MTU data package

1.Profile

  • MTU: ATT Maximum Transmission Unit (MTU) is the maximum length of an ATT packet. The ATT MTU is defined by the L2CAP and can be anywhere between 23 and infinity. The implementation of the Bluetooth stack is the key factor of determining the ATT MTU on both client and peripheral. A generic ATT packet has the following structure:

image description

MTU exchange happens after master and slave device build up connection, refer: "One minute to understand BLE connection data package"

[link text](http://www.viewtool.com/forum/vi ... &extra=page%3D1)

Below is the comparison of few of major wireless protocol (units: bytes)


Ethernet:1500 IEEE 802.3/802.2: 1492 X.25: 576 BLE: 23 (for BLE4.0/4.1), 251 (for BLE4.2) => that's why wifi could be used to transfer video,traditional bluetooth(BT) could be used to transfer audio, and BLE only could be used to transfer control data.


  • MTU exchange command: is ATT command
  • MTU exchange procedure see below:

image description

  • MTU tow commands(“MTU request”and“MTU response”)description in detail(see“4”)

2.Keyword: Hollong BLE Sniffer, BLE Data Analyzer,BLE Data Capture

3.Preparation before capturing BLE data

  • Hardware:One BLE device (as slave device) and one master device(such as lightblue or redwoods app in iOS or Android); One HOLLONG BLE SNIFFER
  • Software:Hollong BLE sniffer and protocol analyzer download link:

http://www.viewtool.com/index.ph ... hollong-4-0-4-1-ble

  1. MTU REQEUST Complete data (marked by blue color)

image description

1) Access Address: 0xaf9a8c69
Fixed 4 bytes,specified by CONNECT_REQ(see:http://www.viewtool.com/forum/vi ... &extra=page%3D1)

image description

  1. Header Info  Data Header: 0x0706 000. .... = RFU: 0 ...0 .... = More Data: False .... 0... = Sequence Number: 0 .... .1.. = Next Expected Sequence Number: 1 .... ..10 = LLID: Start of an L2CAP message or a complete L2CAP message with no fragmentation (0x2)
  1. .... = RFU: 0 ...0 0111 = Length: 7

image description

 3) L2CAP Length In BLE protocol layer,All of GAP,GATT and SMP use L2CAP channel to transfer command to LINK LAYER,L2CAP packing need to specify L2CAP length and channel ID Length: 3

image description

  1. L2CAP CID:channel ID CID: Attribute Protocol (0x0004)

image description

5) ATT command
 standard:    

image description

 actual data package:
Opcode: Exchange MTU Request (0x02)
0... .... = Authentication Signature: False
.0.. .... = Command: False
..00 0010 = Method: Exchange MTU Request (0x02)

image description

  1. MTU value (requested) Client Rx MTU: 185

image description

  1. CRC

image description

  1. MTU RESPONSE completed data package: image description

    1. Access Address: 0xaf9a8c69 Fixed 4 bytes,specified by CONNECT_REQ(see:http://www.viewtool.com/forum/vi ... &extra=page%3D1)

image description

  1. Header Info  Data Header: 0x0706 000. .... = RFU: 0 ...0 .... = More Data: False .... 0... = Sequence Number: 0 .... .1.. = Next Expected Sequence Number: 1 .... ..10 = LLID: Start of an L2CAP message or a complete L2CAP message with no fragmentation (0x2)
  1. .... = RFU: 0 ...0 0111 = Length: 7

image description

3). L2CAP length
    same as MTU request.
    Length: 3

image description

4).L2CAP CID: channel ID
    same as MTU request.
   CID: Attribute Protocol (0x0004)

image description

5). ATT command
   standard:

image description

   For this example:
   Opcode: Exchange MTU Response (0x03)    0... .... = Authentication Signature: False
.0.. .... = Command: False
..00 0011 = Method: Exchange MTU Response (0x03)

image description

 6) MTU value
  Server Rx MTU: 23

image description

  7)CRC
   CRC: 0xf4767e
[Expert Info (Note/Checksum): CRC unchecked, not all data available]

image description

Know more please visit www.viewtool.com