• State Not Answered
  • Replies 2 replies
  • Subscribers 74 subscribers
  • Views 79 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 348326
Options

Odd random L2CAP Fragment packets observed in Wireshark trace

Blue Five

Greetings! 

I am using Wireshark along with an nRF52840 dongle to monitor BLE traffic between a mobile app and connected peripheral and periodically I see some "L2CAP Fragment" packets that don't appear to correlate to any (obvious) BLE transmissions my app is trying to send. I know this because I use Xcode's PacketLogger in parallel and there is nothing being sent (from Packet Logger's perspective) at the time these L2CAP fragments show up in Wireshark.

By periodically, I mean every few seconds to every few minutes. One or two here and there.

These fragment packets don't seem to break anything but it would be insightful to know what might be causing them. I always like to minimize noise whenever possible.

Attached is an illustration of one random L2CAP Fragment packet that just showed up in the middle of nowhere many seconds removed from any other packet either before or after (not counting Empty PDUs). The central and peripheral addresses shown are legitimate.

Any thoughts on what could be causing these?

Parents
  • 0

    During normal operation the peripheral’s BLE controller will occasionally send L2CAP signaling messages, most commonly connection-parameter update requests that get split across multiple link-layer packets. Your over-the-air sniffer sees these, but Xcode’s PacketLogger (which logs only HCI-level host traffic on the central) does not. They are perfectly normal behavior and harmless transmissions. If you would like to suppress them in Wireshark, simply filter out “L2CAP Fragment” PDUs or the specific L2CAP signaling codes you don’t need to see.

Reply
  • 0

    During normal operation the peripheral’s BLE controller will occasionally send L2CAP signaling messages, most commonly connection-parameter update requests that get split across multiple link-layer packets. Your over-the-air sniffer sees these, but Xcode’s PacketLogger (which logs only HCI-level host traffic on the central) does not. They are perfectly normal behavior and harmless transmissions. If you would like to suppress them in Wireshark, simply filter out “L2CAP Fragment” PDUs or the specific L2CAP signaling codes you don’t need to see.

Children
Related
Terms of service