Understanding encryption in zb packet

I’m working to communicate with some PIR sensors using an XStick dongle. The sensors are made to work with a ‘base station’ from the same company but their methods are a bit too restrictive for what I need to do.

I’ve been using the TI packet sniffer to look at the communications process between the sensors and base and am wondering about how the encryption of the ‘NWK Payload’ occurs. I’ve watched the whole cycle of the sensors negotiating with the base and haven’t seen anything that looks like an encryption key getting passed around. Am I thinking about this the wrong way? Is the encryption something built into the devices rather than a by product of the connection negotiation?

ZigBee networks are secured by 128 bit symmetric encryption and it is inbuilt in the ZigBee modules itself.
When you use ZigBee modules, separate encryption is not required i think.