How to sniff IKEA Trådfri with nRF Sniffer?

Question

Hello, 
 I'd like to look at the Zigbee network traffic to/from/between IKEA Trådfri devices, but am unable to see any traffic when using nRF Sniffer from Wireshark. Unfortunately, I have only a single nRF52840 DK, so I can't attempt sniffing any other Zigbee device... I am however relatively confident the Wireshark setup is working, since I'm able to use nRF Sniffer for BLE successfully (although that seems to use the other USB port on the DK). 
 I've tried all the channels I can choose from, and have attempted several factory resets of the bulb and the dimmer I'm trying to use to control them, but don't see any traffic on any of the channels at any time. I've also added the network keys as the documentation instructs, but I would expect that even without those I'd at least see encrypted traffic (and I guess the default keys aren't useful to decrypt Trådfri traffic anyway). What am I missing? What channel is Trådfri using?

Ole Morten · Accepted Answer

The root issue here turned out to be a mistake of my own, in that I had forgotten to close my serial terminal application (gtkTerm) when running the sniffer. Even though Wireshark didn't give any errors, and seemed to be pretending sniffing was ongoing, and no data showed up in the terminal program, it just didn't work. Not even the LED supposed to indicate packets received toggled. 
 However, once I made sure the terminal application was not running and restarted Wireshark, I was able to see packets arriving.

How to sniff IKEA Trådfri with nRF Sniffer?

Top Replies