Do you have multiple bulbs it would be nice with 2 dumps, one where you turn off 1 light and another where you turn off the other.
Also it could be usefull if you provide multiple dumps turning off the same light, just to see if it sends the exact same data each time.
But the good news is that it seems to send the data directly from the phone to the gateway instead of using some cloud service.
Also could you include the response the app sends?
Now i have never used tcpdump but couldn’t you write something like (dst 192.168.0.129 and src 192.168.0.188) or (src 192.168.0.129 and dst 192.168.0.188)?
Also the following might be usefull the java documentation for wolfSSL https://www.wolfssl.com/documentation/wolfssl-jni-javadocs/index.html
Edit: It seems the WolfSSLContext controls the encryption and it is created in the /com/ikea/tradfri/lightning/coap/WolfConnector.java class, the problem is if DTLS works the same way that TLS does then we wont be able to decrypt it even if we manage to find the key as that key is only used to encrypt not decrypt…
At least i managed to find the cipherlist PSK-AES128-CCM-8:PSK-AES128-CBC-SHA256;