Decrypting encrypted XBee3 traffic - wireshark

Question: How do I decode encrypted Zigbee traffic from Xbee3 modules using Wireshark, preferably.

I have encrypted messages transmitted from Xbee3 ZEDs to the network’s ZC (Xbee3 - IX15 Gateway). A python script on the ZC receives the messages and displays the message and Zigbee attributes (Cluster ID, etc).

I’ve implemented a Nordic nRF52840 dongle as a Zigbee sniffer in conjunction with Wireshark(WS). XBees are configured with EE = 1, and the Link Key (KY) = 5A6967426565416C6C69616E63653039. Wireshark’s Zigbee protocol is set up up with the same key.

Per the nrf sniffer instructions, this configuration should successfully decrypt the data. This configuration successfully captures the IEEE 802.15.4 and Zigbee traffic, but the data is not displayed decrypted in WS. I found a single article (Zigbee Network Key Sniffing | digiblurDIY) that describes additional steps required to decrypt Zigbee data, but I ran into problems trying to replicate the described process.

I realize this may be more of a Wireshark configuration issue, but I also figured since Wireshark is such a common capture tool and the hardware is specifically Digi, I’d try to leverage the Digi forums community.



Yes, this would be a wireshark issue and it is something they should address.