6

I'm playing around with my Philips Hue and an AVR Raven but the packets displayed by Wireshark are not matching with the specification of Light Link v1.

enter image description here

For example on scanning for lights, the device should send scan requests (I think 60-65 are scan requests) with a payload length of 6 (4 byte of transaction ID + ZigBee info + ZLL info). The Transaction ID is needed for the bulb to compute the transport key.

In my pcap the packets 60-65 have a payload between 10-14 bytes and are encrypted with a networking key (which at this point should not exist because no bulb is paired).

After pairing, packet 75 is already encrypted with the transport key: Where did the bulb got the Transaction ID neccessary for computing that key? Also no Scan Response was ever sent, so the bulb also does not know the Response ID.

What am I missing here?

Improve this question

1 Answer 1

Reset to default
7

I had the same issue when scanning for zigbee packets with Ikea Tradfri. The solution on my end I found by chance when switching the scanning channel from 11 to 15. Apparently the commissioning process switches channels during ZLL touchlink. My Ikea bulb responded to the "Scan Request" with "Scan Response" on channel 15, whereas all the other traffic happened on channel 11. On channel 15 I could see the "Identify Request", "Network Join Router Request" and "Network Join Router response". You might encounter the same issue.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.