The document details the Bluetooth Low Energy (BLE) packet format, including link layer specifications for advertising, data, and isochronous physical channel packets. It describes the structure and characteristics of various protocol data units (PDUs), including preamble, access address, payload length, and message integrity checks. Additionally, it outlines specific functionalities related to advertising and connection processes using different types of PDUs in BLE communication.

1. Bluetooth Low Energy (BLE)
Packet Format
Winfred LU
Power Discrete & Sub-Analog APAC
STMicroelectronics

2. BLE Packet Format
Link Layer Packet Format
Advertising Channel Packets
Data Channel Packets
Isochronous Physical Channel Packets

3. BLE Protocol Stack

4. Link Layer Packet Format (Uncoded)
1|2 bytes 4 bytes 2 – 39 | 33 | 257 | 258 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
Data Channel PDU
Advertising Channel PDU
2 bytes 1 – 37 | 255 bytes
Header Payload
2 | 3 bytes 0 – 27 | 251 bytes
Header Payload
• Maximum length of PDU
• 39 : Advertising Channel PDUs without DLE
• 33 : Data Channel PDUs without DLE
• 257/258 : with LE data length extension (DLE) feature supported
* MIC: Message Integrity Check (option)
• Advertising PDU
• Scanning PDU
• Initiating PDU
• Extended Advertising Event Payload
• LL Data PDU
• LL Control PDU
LSB is the first bit sent over the air
10101010b 1...
1010101010101010b 1…
or
01010101b 0…
0101010101010101b 0…
4 bytes
MIC*
16 – 160 μs
Constant Tone
Extension
2 bytes 0 – 251 bytes
Header Payload
4 bytes
MIC*
Isochronous Physical Channel PDU
• Connected Isochronous PDU
• Broadcast Isochronous PDU
• BIG Control PDU

5. Packet Format for the LE Coded PHY
80 μs 256 μs
32 bits
16 μs
2 bits
24 μs
3 bits
32 – 4112 μs (S=2)
128 – 16448 μs (S=8)
16 – 2056 bits
48 μs (S=2)
192 μs (S=8)
24 bits
6 μs (S=2)
24 μs (S=8)
3 bits
Preamble Access Address CI TERM1 Protocol Data Unit (PDU) CRC TERM2
uncoded FEC block 1, S=8 coding FEC block 2, S=2 or S=8 coding
00111100b
repeat 10 times
00 FEC block 2 coded using S=8
01 FEC block 2 coded using S=2
Data Channel PDU
Advertising Channel PDU
2 bytes 1 – 37 | 255 bytes
Header Payload
2 | 3 bytes 0 – 27 | 251 bytes
Header Payload
4 bytes
MIC*
2 bytes 0 – 251 bytes
Header Payload
4 bytes
MIC*
Isochronous Physical Channel PDU
• Advertising PDU
• Scanning PDU
• Initiating PDU
• Extended Advertising Event PDU
• LL Data PDU
• LL Control PDU
• Connected Isochronous PDU
• Broadcast Isochronous PDU
• BIG Control PDU

6. Bit stream processing
LE Uncoded PHY
LE Coded PHY

7. Bit processing for LE Uncoded PHY
1|2 bytes 4 bytes 2 – 258 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
16 – 160 μs
Constant Tone
Extension
2 | 3 bytes 0 – 251 bytes
Header Payload
4 bytes
MIC (MAC)
AES CCM (CBC-MAC) encrypted
Protected by MIC
Protected by CRC
Whitened
8 bits

8. BLE Packet Format
Link Layer Packet Format
Advertising Channel Packets
Data Channel Packets
Isochronous Physical Channel Packets

9. Advertising Physical Channel PDU
2 bytes 1 – 37 | 255 bytes
Header Advertising payload
Advertising Channel PDU
0x8E89BED6
4 bits 2 bits 1 bit 1 bit 6 bits 2 bits
PDU type RFU TxAdd RxAdd Length RFU
0xAA
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
4.2 Spec
5.0 Spec
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
Scanning PDUs
Advertising PDUs Initiating PDUs
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC

10. PDU Types v.s. Permitted PHYs

11. Undirected Advertising Indication
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 6 – 37 bytes
Header Advertising payload
Advertising Channel PDU
0x8E89BED6
0xAA
0 | 2 | 6
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP
6 bytes 0 – 31 bytes
Advertiser Address Advertising Data
AD0 AD … … ADn
1 byte 1 byte (AD Length – 1) bytes
AD Length AD Type AD Data

12. Directed Advertising Indication
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 12 bytes
Header Advertising payload
6 bytes 6 bytes
Advertiser Address Target Address
Advertising Channel PDU
0x8E89BED6
0xAA
12
1
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP

13. Device Address
Address
Public Device Address
TxAdd | RxAdd = 0
Random Device Address
TxAdd | RxAdd = 1
24 bits 8 bits 16 bits
LAP UAP NAP
company assigned Company ID
EUI-48
24 bits 22 bits 1b 1b
hash random 1 0
46 bits 1b 1b
Random part 1 1
46 bits 1b 1b
Random part 0 0
Static Address
Private Address
Non-Resolvable
Resolvable
the known secret is Identify Resolving Key (IRK)
hash = AESIRK (random)

14. (Auxiliary) Scan Request
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 12 bytes
Header Scan Request payload
6 bytes 6 bytes
Scanner Address Advertiser Address
Advertising Channel PDU
0x8E89BED6
0xAA
12
3
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP

15. Scan Response
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 6 – 37 bytes
Header Scan Response payload
6 bytes 0 – 31 bytes
Advertiser Address Scan Response Data
Advertising Channel PDU
0x8E89BED6
0xAA
4
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
AD0 AD … … ADn
1 byte 1 byte (AD Length – 1) bytes
AD Length AD Type AD Data
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP

16. (Auxiliary) Connection Request
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 34 bytes
Header Connection Indication payload
6 bytes 6 bytes 22 bytes
Initiator Address Advertising Address Link Layer Data
Advertising Channel PDU
0x8E89BED6
0xAA
5 34
4 bytes 3 bytes 1 byte 2 bytes 2 bytes 2 bytes 2 bytes 5 bytes 5 bits 3 bits
AA CRCInit WinSize WinOffset Interval Latency Timeout ChM Hop SCA
5 - 16
the link layer connection’s
Access Address
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
channel bit map
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP

17. Common Extended Advertising Payload
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes < 255 bytes
Header Payload
6 bits 2 bits 0 – 63 bytes 0 – 254 bytes
Extended
Header
Length
AdvMode Extended Header AdvData
Advertising Channel PDU
0x8E89BED6
0xAA
4 | 7 | 8
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
0000 ADV_IND
0001 ADV_DIRECT_IND
0010 ADV_NONCONN_IND
0110 ADV_SCAN_IND
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0011 SCAN_REQ
0100 SCAN_RSP
0011 AUX_SCAN_REQ
0111 AUX_SCAN_RSP
0101 CONNECT_IND
AUX_CONNECT_REQ
1000 AUX_CONNECT_RSP

18. Common Extended Advertising Payload (cont.)
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes < 255 bytes
Header Payload
6 bits 2 bits 0 – 63 bytes 0 – 254 bytes
Extended
Header
Length
AdvMode Extended Header AdvData
0x8E89BED6
0xAA
4 | 7 | 8
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length
0111 ADV_EXT_IND
AUX_ADV_IND
AUX_SYNC_IND
AUX_CHAIN_IND
0100 SCAN_RSP
1000 AUX_CONNECT_RSP
00 non-connectable, non-scannable
01 connectable, non-scannable
10 non-connectable, scannable
1 byte 6 bytes 6 bytes 1 byte 2 bytes 3 bytes 18 bytes 1 byte Var
Flags AdvA TargetA CTEInfo ADI AuxPtr SyncInfo TxPower ACAD
b0 AdvA
b1 TargetA
2 CTEInfo
3 AdvDataInfo
4 AuxPtr
5 SyncInfo
6 TxPower
12 bits 4 bits
Advertising Data ID
(DID)
Advertising Set
ID (SID)
6 bits 1 bit 1 bit 13 bits 3 bit
Channel Index CA Offset Units AUX Offset AUX PHY
13 bits 1 bit 1 bit 1 bit 2 bytes 37 bits 3 bits 4 bytes 3 bytes 2 bytes
Offset
Base
Offset
Units
Offset
Adjust
RFU Interval ChM SCA AA CRCInit
Periodic
Event
Counter
5 bits 1 bits 2 bits
CTE Time RFU CTE Type

19. Advertising Packet : iBeacon
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 36 bytes
Header Advertising payload
6 bytes 30 bytes
ADV Address Advertising Data
AD0 AD1
Advertising Channel PDU
0x8E89BED6
1 byte 1 byte 1 byte
AD
Length
AD
Type
Flags
0xAA
0x02 0x01 0x06
1 byte 1 byte 2 bytes 1 byte 1 byte 16 bytes 2 bytes 2 bytes 1 byte
AD
Length
AD
Type
Com. ID
iBcn
Type
iBcn
Length
Proximity UUID Major Minor
TX
power
0x1A 0xFF 0x004C 0x02 0x15
Manufacturer specific Apple, Inc.
b0: LE limited discoverable
b1: LE general discoverable
b2: BR/EDR not supported
b3: BR/EDR controller
b4: BR/EDR host
Proximity beacon
Tx Power
• at 1 m for iBeacon
• at 0 m for Eddystone
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length

20. Advertising Packet : Eddystone Beacon
1 byte 4 bytes ≤ 39 | 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes ≤ 37 bytes
Header Advertising payload
6 bytes ≤ 31 bytes
ADV Address Advertising Data
AD0 AD1 AD2
Advertising Channel PDU
0x8E89BED6
1 byte 1 byte 1 byte
AD
Length
AD
Type
Flags
0xAA
0x02 0x01 0x06
1 byte 1 byte 2 bytes ≤ 20 bytes
AD
Length
AD
Type
Eddystone
UUID
Eddystone Frame
1 byte 1 byte 2 bytes
AD
Length
AD
Type
Eddystone
UUID
0x03 0x03 0xFEAA • UID frame
• URL frame
• TLM frame
0x16 0xFEAA
4 bits 1 bit 1 bit 1 bit 1 bit 8 bits
PDU type RFU ChSel TxAdd RxAdd Length

21. Eddystone Beacon (Cont.)
6 bytes ≤ 31 bytes
ADV Address Advertising Data
AD0 AD1 AD2
1 byte 1 byte 1 byte
AD
Length
AD
Type
Flags
0x02 0x01 0x06
1 byte 1 byte 2 bytes ≤ 20 bytes
AD
Length
AD
Type
Eddystone
UUID
Eddystone Frame
1 byte 1 byte 2 bytes
AD
Length
AD
Type
Eddystone
UUID
0x03 0x03 0xFEAA 0x16 0xFEAA
1 byte 1 byte 2 bytes 2 bytes 4 bytes 4 bytes
Frame
Type
Version
Battery
Voltage
Beacon
Temp
Adv PDU Count
since boot
Time since boot
1 byte 1 byte 1 byte 0 – 17 bytes
Frame
Type
Tx
Power
URL
Schem
Encoded URL
1 byte 1 byte 10 bytes 6 bytes 2 bytes
Frame
Type
Tx
Power
Namespace ID Instance ID RFU
0x00
0x10
0x20 0x00
UID frame
URL frame
TLM frame
Tx Power
• at 1 m for iBeacon
• at 0 m for Eddystone
To be continued:
• EID frame
• Type = 0x30
• Encrypted TLM
• Version = 0x01

22. BLE Packet Format
Link Layer Packet Format
Advertising Channel Packets
Data Channel Packets
Isochronous Physical Channel Packets

23. Link Layer Packet Format – Data Channel PDU
1|2 bytes 4 bytes 2 – 33 | 258 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
Data Channel PDU
Advertising Channel PDU
LL Control PDU
LSB is the first bit sent over the air
LL Data PDU (L2CAP)
LE L2CAP Signaling packet Security Manager protocol packet Attribute protocol packet
2 | 3 bytes 0 – 27 | 251 bytes
Header Payload
4 bytes
MIC*
* MIC: optional Message Integrity Check, present in an encrypted ACL connection
10101010b 1...
1010101010101010b 1…
or
01010101b 0…
0101010101010101b 0…
Isochronous Physical Channel PDU

24. Link Layer Control Packet
1 byte 4 bytes 2 – 29 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
Data Channel PDU
2|3 bytes 1 – 27 bytes
Header Data payload
2 bits 1 bit 1 bit 1 bit 1 bit 2 bits 8 bits
LLID NESN SN MD CP RFU Length
0xAA 1~
or
0x55 0~
01: LL Data PDU – Continuation or Empty PDU
10: LL Data PDU – Start of message
11: LL Control PDU
3
1 byte 0 – 26 bytes
Opcode Control Data
8 bites
CTEInfo
0x00: LL_CONNECTION_UPDATE_IND
0x01: LL_CHANNEL_MAP_IND
0x02: LL_TERMINATE_IND
0x03: LL_ENC_REQ
0x04: LL_ENC_RSP
0x05: LL_START_ENC_REQ
0x06: LL_START_ENC_RSP
0x07: LL_UNKNOWN_RSP
0x08: LL_FEATURE_REQ
0x09: LL_FEATURE_RSP
0x0A: LL_PAUSE_ENC_REQ
0x0B: LL_PAUSE_ENC_RSP
0x0C: LL_VERSION_IND
0x0D: LL_REJECT_IND
0x0E: LL_PERIPHERAL_FEATURE_REQ
0x0F: LL_CONNECTION_PARAM_REQ
0x10: LL_CONNECTION_PARAM_RSP
0x11: LL_REJECT_EXT_IND
0x12: LL_PING_REQ
0x13: LL_PING_RSP
0x14: LL_LENGTH_REQ
0x15: LL_LENGTH_RSP
0x16: LL_PHY_REQ
0x17: LL_PHY_RSP
0x18: LL_PHY_UPDATE_IND
0x19: LL_MIN_USED_CHANNELS_IND
0x1A: LL_CTE_REQ
0x1B: LL_CTE_RSP
0x1C: LL_PERIODIC_SYNC_IND
0x1D: LL_CLOCK_ACCURACY_REQ
0x1E: LL_CLOCK_ACCURACY_RSP
0x1F: LL_CIS_REQ
0x20: LL_CIS_RSP
0x21: LL_CIS_IND
0x22: LL_CIS_TERMINATE_IND
0x23: LL_POWER_CONTROL_REQ
0x24: LL_POWER_CONTROL_RSP
0x25: LL_POWER_CHANGE_IND
0x26: LL_SUBRATE_REQ
0x27: LL_SUBRATE_IND
0x28: LL_CHANNEL_REPORTING_IND
0x29: LL_CHANNEL_STATUS_IND

25. L2CAP for Different Data Payloads
CID on LE-U logical link
0x0000: Null identifier
0x0004: Attribute Protocol
0x0005: Low Energy L2CAP Signaling Channel
0x0006: Security Manager Protocol
0x0020-3E: Assigned Numbers
0x0040-7F: Dynamically allocated
others: RFU
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes ≤ 251 bytes
Header Data payload
4 bytes
Basic L2CAP Header
L2CAP protocol PDU
Data Channel PDU
0xAA 1~
or
0x55 0~
4 bytes
MIC
2 bytes 2 bytes
Length Channel ID
• Attribute Protocol payload
• Low Energy L2CAP Signaling payload
• Security Manager Protocol payload
LLID = 1 | 2
01: LL Data PDU – Continuation or Empty PDU
10: LL Data PDU – Start of message
11: LL Control PDU

26. Low Energy L2CAP Signaling Packet
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes ≤ 251 bytes
Header Data payload
4 bytes ≤ 247 bytes
L2CAP Header
L2CAP protocol PDU
Data Channel PDU
0xAA 1~
or
0x55 0~
4 bytes
MIC
CID = 5
1 byte 1 byte 2 bytes var
Code Identifier Length Data
0x00: RFU
0x01: Command reject
0x06: Disconnection request
0x07: Disconnection response
0x12: Connection Parameter Update request
0x13: Connection Parameter Update response
0x14: LE Credit Based Connection request
0x15: LE Credit Based Connection response
0x16: LE Flow Control Credit
others: RFU

27. Security Manager Protocol Packet
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes ≤ 251 bytes
Header Data payload
4 bytes 0 – 23 or 65 bytes
L2CAP Header
1 byte 0 – 22 or 64 bytes
Code Data
L2CAP protocol PDU
Data Channel PDU
Security Manager PDU
0xAA 1~
or
0x55 0~
4 bytes
MIC
00: RFU
01: Pairing Request
02: Pairing Response
03: Pairing Confirm
04: Pairing Random
05: Pairing Failed
06: Encryption information
07: Master Identification
08: Identity Information
09: Identity Address Information
0A: Signing Information
0B: Security Request
0C: Pairing Public Key
0D: Pairing DHKey Check
0E: Pairing Keypress Notification
others: RFU
CID = 6

28. SM: Pairing Request / Response
1 byte 0 – 22 or 64 bytes
Code Data
Security Manager PDU
1 byte 1 byte 1 byte 1 byte 1 byte 1 byte 1 byte
0x01 or
0x02
IO
capability
OOB data
flag
AuthReq
Max Encryption
Key size
Initiator Key
Distribution
Responder Key
Distribution
2 bits 1 bit 1 bit 1 bit 1 bit 2 bits
Bonding flags MITM SC Keypress CT2 RFU
00: DisplayOnly
01: DisplayYesNo
02: KeyboardOnly
03: NoInputNoOutput
04: KeyboardDisplay
05-FF: RFU
00: OOB Authentication data not present
01: OOB Authentication data from remote
device present
02-FF: RFU
00: No Bonding
01: Bonding
other: RFU
Request for
MITM protection
LE Secure Connections
is supported
for Passkey Entry protocol
h7 function is supported
7 – 16
1 bit 1 bit 1 bit 1 bit 4 bit
EncKey IdKey SignKey LinkKey RFU

29. Attribute (ATT) Protocol Packet
1 byte 4 bytes 2 – 257 (33*) bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes ≤ 251 (27*) bytes
Header Data payload
* 39,33,27,23,20: without DLE
4 bytes ≤ 247 (23*) bytes
L2CAP Header of ATT_MTU size
1 – 3 bytes ≤ 246 – 244 (22–20*) bytes
Opcode Data
L2CAP protocol PDU
Data Channel PDU
ATT protocol PDU
0xAA 1~
or
0x55 0~
4 bytes
MIC
CID = 4

30. LE Data Length Extension (DLE)
1 byte 4 bytes 2 – 257 (33*) bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bits 1 bit 1 bit 1 bit 3 bits 5 bits 3 bits
LLID NESN SN MD RFU Length RFU
Data Channel PDU
2 bytes ≤ 255 (31*) bytes
Header Data payload, including optional MIC
2 bits 1 bit 1 bit 1 bit 3 bits 8 bits
LLID NESN SN MD RFU Length
Core Spec 4.1
• Max length = 11111b = 31
Core Spec 4.2
• Max length = 11111111b = 255
0xAA 1~
or
0x55 0~
01: LL Data PDU – Continuation or Empty
10: LL Data PDU – Start of message
11: LL Control PDU
* 33, 31: without DLE

31. L2CAP Fragmentations (w/o DLE)
1 byte 4 bytes ≤ 33 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
0xAA 0~
or
0x55 1~
2 bytes ≤ 27 bytes
Header Data payload
Data Channel PDU
4 bytes
MIC
4 bytes 23 bytes
L2CAP Header ATT protocol PDU
27 bytes
ATT protocol PDU
L2CAP protocol PDU
27 bytes or less
ATT protocol PDU
……..
Fragment 1
Fragment 2
Fragment n
2 bytes 2 bytes
Length Channel ID
L2CAP Header
≤ ATT_MTU (up to 512)
4

32. Attribute (ATT) Protocol PDU
1 byte ≤ ATT_MTU - 1
Opcode Data
ATT protocol PDU
variable length
Attribute Parameters
12 bytes
Authentication Signature
2 bytes 2 or 16 bytes variable length implementation specific
Attribute Handle Attribute Type Attribute Value Attribute Permissions
1 0x2800 0x1801 Read
2 0x2803 20 03 00 05 2a Read
… …
The table is a logical representation of the attributes

33. BLE Packet Format
Link Layer Packet Format
Advertising Channel Packets
Data Channel Packets
Isochronous Physical Channel Packets
LE Isochronous Channels are one of the key features
introduced in Bluetooth Core Spec 5.2

34. Isochronous Physical Channel PDU
1|2 bytes 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
Data Channel PDU
Advertising Channel PDU
LSB is the first bit sent over the air
Connected Isochronous PDU Broadcast Isochronous PDU
BIG Control PDU
2 bytes 0 –251 bytes
Header Payload
4 bytes
MIC*
* MIC: optional Message Integrity Check, present when encryption is enabled
10101010b 1...
1010101010101010b 1…
or
01010101b 0…
0101010101010101b 0…
Isochronous Physical Channel PDU
BIS Data PDU

35. Connected Isochronous PDU
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 0 – 251 bytes
Header Data payload
2 bits 1 bit 1 bit 1 bit 1 bit 1 bit 1 bit 8 bits
LLID NESN SN CIE RFU NPI RFU Length
0xAA 1~
or
0x55 0~
4 bytes
MIC*
00: Unframed CIS Data PDU; end fragment of an SDU or a complete SDU
01: Unframed CIS Data PDU; start or continuation fragment of an SDU
10: Framed CIS Data PDU; one or more SDU segments
11: Reserved
NESN: Next expected Sequence Number
SN: Sequence Number
CIE: Close Isochronous Event
NPI: Null PDU Indication
RFU: Reserved for future use

36. Broadcast Isochronous PDU
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 0 – 251 bytes
Header Data payload
2 bits 3 bit 1 bit 1 bit 8 bits
LLID CSSN CSTF RFU Length
0xAA 1~
or
0x55 0~
4 bytes
MIC*
00: Unframed BIS Data PDU; end fragment of an SDU or a complete SDU
01: Unframed BIS Data PDU; start or continuation fragment of an SDU
10: Framed BIS Data PDU; one or more SDU segments
11: BIG Control PDU
CSSN: Control Subevent Sequence Number
CSTF: Control Subevent Transmission Flag
RFU: Reserved for future use

37. BIG Control PDU
1 byte 4 bytes 2 – 257 bytes 3 bytes
Preamble Access Address Protocol Data Unit (PDU) CRC
2 bytes 0 – 251 bytes
Header Data payload
2 bits 3 bit 1 bit 1 bit 8 bits
LLID CSSN CSTF RFU Length
0xAA 1~
or
0x55 0~
4 bytes
MIC*
11: BIG Control PDU
1 byte 0 – 250 bytes
OpCode CtrData
0x00: BIG_CHANNEL_MAP_IND
0x01: BIG_TERMINATE_IND
5 byte 2 bytes
ChM Instant
1 byte 2 bytes
Reason Instant

38. Thank you!