User manual
ComProbe software’s Virtual sniffing feature is a simple and easy way to perform HCI-sniffing. Virtual sniffing is not
limited to just HCI-sniffing, but it is the most common use and this white paper will focus on the HCI-sniffing
application of Virtual sniffing.
It is also important to understand that ComProbe software is a multi-mode product. ComProbe software does
support traditional air sniffing. It also supports serial HCI sniffing (for the H4 (HCI UART), H5 (3-wire UART) , and
BCSP (BlueCore Serial Protocol) protocols), USB HCI (H2) sniffing, SDIO sniffing, and Virtual sniffing. So with
ComProbe software nothing is sacrificed—the product is simply more functional than other Bluetooth protocol
analyzers.
A.3.3 Bluetooth Sniffing History
Frontline has a strong appreciation for the importance of HCI sniffing because of the way we got involved with
Bluetooth. Because of our company history, we are uniquely qualified to offer a multi-mode analyzer that provides
many ways to sniff and supports a wide variety of protocols. This brief Bluetooth sniffing history should help you
understand our approach to Bluetooth protocol analysis.
In the early days of Bluetooth, there were no commercially available Bluetooth protocol analyzers, so developers
built their own debug tools and/or used protocol analyzers that weren’t built for Bluetooth. Many developers built
homegrown HCI analyzers—basically hex dumps and crude traces—because they recognized the need for
visibility into the HCI interface and because it was too difficult to build air sniffers. Several companies developed
air sniffers because they saw a market need and because they realized that they could charge a high price (USD
$25,000 and higher).
Two Bluetooth chip companies, Silicon Wave and Broadcom were using Frontline’s Serialtest® serial analyzer to
capture serial HCI traffic and then they would manually decode the HCI byte stream. This manual decoding was far
too much work and so, independently, Silicon Wave and Broadcom each requested that Frontline produce a serial
HCI Bluetooth analyzer that would have all the features of Serialtest. In response to these requests Frontline
developed SerialBlue®—the world’s first commercially available serial HCI analyzer.
The response to SerialBlue was very positive. When we asked our Bluetooth customers what they wanted next we
quickly learned that there was a need for an affordable air sniffer that provided the same quality as SerialBlue. We
also learned that the ultimate Bluetooth analyzer would be one that sniff air and sniff HCI simultaneously.
As work was progressing on our combination air sniffer and HCI sniffer the functional requirements for Bluetooth
analyzers were changing. It was no longer good enough just to decode the core Bluetooth protocols (LMP, HCI,
L2CAP, RFCOMM, and OBEX). Applications were beginning to be built on top of Bluetooth and therefore
application level protocol decoding was becoming a requirement. For example, people were starting to browse
the Internet using Bluetooth-enabled phones and PDAs therefore a good Bluetooth analyzer would need to
support TCP/IP, HTTP, hands-free, A2DP, etc.
For Frontline to support for these higher levels protocols was no problem since they were already in use in other
Frontline analyzer products. People have been using Frontline Serialtest serial analyzers and Ethertest™ Ethernet
analyzer to troubleshoot TCP/IP and Internet problems for many years.
As we continued to work closely with the Bluetooth community we also came across one other requirement:
sniffing itself had to be made easier. We took a two-pronged approach to this problem. We simplified air sniffing
(and we continue to work on simplifying the process of air sniffing) and we invented Virtual sniffing.
A.3.4 Virtual Sniffing—What is it?
Historically, protocol analyzers have physically tapped the circuit being sniffed. For example, an Ethernet circuit is
tapped by plugging into the network. A serial connection is sniffed by passively bridging the serial link. A Bluetooth
air sniffer taps the piconet by synchronizing its clock to the clock of the piconet Master.
TELEDYNE LECROY Appendicies
229 Frontline BPA low energy Hardware & Software User Manual