Which ZigBee sniffer do I have?

Recently I have been working with some ZigBee hardware on a number of projects.  It's useful to be able to sniff ZigBee traffic while developing an application, so two devices are needed: one device on which to develop the application, and one device to sniff ZigBee traffic.

My USB sniffer of choice is the Atmel RZUSBstick, because it has well-documented open source firmware, and I usually use it with the KillerBee tools, using the custom KillerBee firmware.

However, I also have a USB dongle based on a TI chipset, which is compatible with their Packet Sniffer software.  Now, the reason I say "a TI chipset" rather than being more specific is that I had intended to buy a TI CC2531 USB dongle (CC2531EMK) but these are quite expensive in the UK (about £40-£45) so I bought something that was described as a CC2531 USB dongle from a Chinese vendor on eBay (around £10).

When I received it, I ran it with the TI Packet Sniffer, which is only available on Windows.  It worked fine, so I didn't think any more of it.  However, most of my ZigBee work is done on Linux, so I wanted to find and use a packet sniffing utility on Linux that would work with my TI dongle.  I found the following projects that will do ZigBee packet sniffing with a CC2531 dongle:

• https://github.com/mitshell/CC2531
• https://github.com/christianpanton/ccsniffer
• https://github.com/andrewdodd/ccsniffpiper (this is based on ccsniffer above)

It turned out that none of these recognised my dongle, and expected different USB idVendor and idProduct than those Linux was reporting for my dongle.  Linux reports the following when I plug my dongle in:

  [ 5301.740468] usb 2-2.2: New USB device found, idVendor=11a0, idProduct=eb20

  [ 5301.740472] usb 2-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0

  [ 5301.740474] usb 2-2.2: Product: SmartRF04EB

  [ 5301.740475] usb 2-2.2: Manufacturer: Chipcon AS

Whereas the CC2531 and ccsniffer utilities were expecting:

  idVendor=0451, idProduct=16ae

So it looks like I have something different.  Closer inspection of the USB dongle itself shows that it is based on a CC2530 rather than a CC2531:

Unsurprisingly, the SmartRF04EB + CC2530 is supported by the Windows TI Packet Sniffer, but I'm unable to find a Linux packet sniffer that will work with the SmartRF04EB + CC2530.

After some investigation, it seems that the source code for the packet sniffer is not published by TI (see this forum post), and my guess is that the Linux utilities for the CC2531 above are using the results of reverse-engineering the USB protocol by observing the packet sniffer in use under Windows.

It looks like I may have to do this myself for my USB dongle if I want to use it for packet sniffing under Linux.