Next, we can begin sniffing using zbwireshark (on channel 11):# zbwireshark -f 11 -i '002:005'This starts up the Wireshark tool to capture ZigBee traffic.
As shown in Figure 1-15, the hue bridge continuously sends out beacon broadcast requests
on channel 11 (ZigBee channels range from 11 to 26). A candidate device (lightbulb) can
respond to the beacon request to join the network.
FIGURE 1-15. Wireshark capture of beacon requests
In this case, in addition to beacon requests, ZLL traffic was found operating on channel
20, as shown in Figure 1-16. The Security Control Field in the ZigBee Security Header is set to
0x01, which indicates that a message authentication code (MAC) is in use (AES-CBC-MAC-3/
MIC-32). The transmission of the MAC is also captured and illustrated.
CHANGING LIGHTBULB STATE 31