Here's a way to sniff/capture ZigBee packets w/ a hackRF + GNU Radio while viewing the packets in WireShark. DragonOS FocalX has pretty much everything you need included, with the exception of a flow graph I grabbed that adds the use of GR-RFTap. There's one thing in the video that can be done differently that I learned about after recording (Thanks viperbjk). You do not need to link the LQI to qual block directly to the RFtap Encapsulation. Instead, just open up the PDU Set that I disabled and change the Key to this pmt.to_pmt("value"). Leave the block enabled. This should then get the link quality indicator working.
I used this fork of GR-RFtap for DragonOS
github.com/bke...
You can read more about RFTap and the LQI block in the ZigBee example (bottom of the page)
rftap.github.io
Along with this updated flow graph
github.com/bke...
SDRAngel is used later on in the video to modulate and transmit a 802.15.4 packet with a B205mini that's captured by the hackRF.
github.com/f4e...
More on GR-ieee802-15-4
github.com/bas...
If you're wondering about the Bad FCS like I was, here's an old discussion that seems to be on the topic.
github.com/riv...
If you find this video helpful, please consider the following
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @ / cemaxecuter