Ellisys
Item = "HCI Create Connection"||"HCI Remote Name Request"||"L2CAP Connection"||"L2CAP Disconnection"||"SDP Service Search Attribute Transaction"||"HCI Authentication Requested"||"HCI Set Connection Encryption"||"RFCOMM Connect"||"AT"||"AVDTP"||"AVRCP"||"HCI Delete Stored Link Key"||"HCI Disconnect"||"HCI Disconnection Complete"||"RFCOMM Disconnect"||"HCI Connection"||"L2CAP Configure"||"HCI Synchronous Connection Complete"||"HCI Enhanced Setup Synchronous Connection"||"HCI Reset"||"HCI Read BDADDR"||"HCI Authentication"||"HCI Simple Pairing Complete"||"HCI Sniff Mode"||"HCI Exit Sniff Mode"||"HCI Link Key"||"RFCOMM DLC Parameter Negotiation"||"HCI Remote Name"||"RFCOMM Modem"
Wireshark
bthci_evt.opcode == 0x0405 || bthci_cmd.opcode == 0x0405 || bthci_evt.code == 0x03 || bthci_cmd.opcode == 0x0c12 || bthci_evt.opcode == 0x0c12 || bthci_cmd.opcode == 0x0419 || bthci_evt.opcode == 0x0419 || bthci_evt.code == 0x07 || bthci_cmd.opcode == 0x0411 || bthci_evt.opcode == 0x0411 || bthci_evt.code == 0x17 || bthci_cmd.opcode == 0x040c ||bthci_evt.opcode == 0x040c || bthci_evt.code == 0x31 || bthci_cmd.opcode == 0x042b || bthci_evt.opcode == 0x042b || bthci_evt.code == 0x32 || bthci_evt.code == 0x33 || bthci_cmd.opcode == 0x0c1a || bthci_evt.opcode == 0x0c1a || bthci_cmd.opcode == 0x042c || bthci_evt.opcode == 0x042c || bthci_evt.code == 0x36 || bthci_evt.code == 0x18 || bthci_evt.code == 0x06 || bthci_cmd.opcode == 0x0413 || bthci_evt.opcode == 0x0413 || bthci_evt.code == 0x08 || bthci_cmd.opcode == 0x1408 || bthci_evt.opcode == 0x1408 || bthfp || frame[10:1] == 3f || frame[10:1] == 73 || btsdp.pdu == 0x06 || btsdp.pdu == 0x07 || btl2cap.cmd_code == 0x02 || btl2cap.cmd_code == 0x03 || btl2cap.cmd_code == 0x06 || btl2cap.cmd_code == 0x07 || btavdtp || btavctp
L2CAP
btl2cap.cmd_code == 0x02 || btl2cap.cmd_code == 0x03 || btl2cap.cmd_code == 0x06 || btl2cap.cmd_code == 0x07
SDB
btsdp.pdu == 0x06 || btsdp.pdu == 0x07
RFCOMM
frame[10:1] == 3f || frame[10:1] == 73
HFP
bthfp
AVDTP
btavdtp
AVCTP/AVRCP
btavctp