nRF Sniffer for 802.15.4 v0.7.2

Configuring decryption keys for Thread

You must configure IEEE 802.15.4 decryption keys to decode packets exchanged on the network and display the data in a readable format.

You need to know the Thread decryption key before you start configuring it in Wireshark. For example, if one of the devices in the Thread network has the OpenThread CLI enabled, you can check the decryption key by calling the masterkey CLI command.

To configure the decryption keys:

  1. In Wireshark, go to Edit > Preferences....
  2. In the Preferences section list, go to Protocols > IEEE 802.15.4.
    Screenshot of the Wireshark Preferences section for IEEE 802.15.4
  3. Click the Edit... button next to Decryption Keys.
  4. In the Keys window:
    1. Click + and add the Decryption key value with Decryption key index set to 0 and Key hash set to Thread hash.
      For example, for the Thread network that includes devices based on Thread examples from nRF5 SDK for Thread and Zigbee v4.2.0, set the decryption key value to 00112233445566778899aabbccddeeff.
      Screenshot of the Wireshark Keys section for IEEE 802.15.4 for a Thread network running an example from nRF5 SDK for Thread and Zigbee
    2. Click OK to close the window.
  5. Click OK to save the decryption keys for Thread.
Now you can start capturing data from the Thread network and display the information in a readable format.
Parent topic: Configuring Wireshark for Thread