Hi after following the documents QSG102 and UG116, I managed to run Border router on thread stack 2.3.0 and I have a dev kit, i.e Mighty Gecko kit having efr32mg1p232 and a EFR32 2.4 GHz 19.5 dBm radio Board, running on sensor-actuator-node example on it that too is based on thread stack 2.3.0 .
In simplicity studio when I selected "Start capture" under Network Analyzer, I didn't get what I was expecting.
First of all I powered up the border router then I started capture mode in SS4 and in the last I joined dev kit.
I noted that,
1) even though I had only 4 device connected to the border router i.e laptop, mobile phone, dev kit and the border router itself but still on console it shows 7 id/devices.
2) Decryption fails each time.
3) Hex Dump shows some junk codes.
Is this is the expected behavior ?
How to see the actual devices on the network and how to decrypt the payload ?
PFA for reference .
1. Only the nodes on the Thread network will show up in network analyzer. What you are seeing is nodes changing from end devices to routers. The nodes will have the same generated EUI though (as can be seen in the capture). The laptop and mobile phone will not show in the capture.
2. In order to decrypt Thread traffic, the master key must be known. By default in our Border Router implementation, the master key is set to be randomly generated. It is possible to form the network with a known master key. Please take a look at section 3.2.2 in UG116. The master key then can be added to Simplicity Studio via the menu Window -> Preferences -> Network Analyzer -> Decoding -> Security Keys. Then the capture needs to be refreshed or started over.
3. The Hex Dump is encrypted due to not knowing the master key.
For point 1, as you said it only shows the nodes present on the network. I have only one node then why I am getting 7 nodes/devices .
As per my understanding, it should show two devices first is border router and second evalkit running sensore-actuator-node example as this will be considered as an end node.
The node view is showing your node multiple times. This is because the device is assigned a nodeID more than once when it transitions between a child and parent (or leaves and returns to the network). As seen in your screen capture some of the dots have the same EUI64 so therefore it is the same device. Network Analyzer does not remove the dots when it transitions to a different nodeID and that is why you have more dots in this view. The transition between child and parent can be seen in the Events view.