Mixing Nodes S2 Authenticated and Nodes with No Security

Paddy707 · March 29, 2026, 4:52am

I am getting these errors in my logs. Because the nodes are repeating will these errors cause me problems, I am unaware of? Do I need to exclude and reinclude all nodes as S2 Authenticated?

2026-03-28 21:45:35.323 ZNIFFR « [001 › 013 › 015 » 017] [c0ae7d36]
│ sequence no.: 1
│ channel: 0
│ protocol/data rate: Z-Wave, 100 kbit/s
│ RSSI: 44
│ ack requested: false
└─[Security2CCMessageEncapsulation] [INVALID]
error: Security2CC_CannotDecode

freshcoast · March 29, 2026, 4:13pm

It’s fine to mix different security classes in Z-Wave network. It’s designed to function that way.

Those logs are from the Zniffer, it just means they’re unable to decrypt the S2 messages. To do so requires both 1) configuring the Zniffer keys with the exact same key as your main Z-Wave JS, and 2) capturing the nonce synchronization process (basically a temporary encryption key) that allows the Zniffer to decode the messages. The easiest way to solve the latter is restart Z-Wave JS, or power-cycle the individual device, while the Zniffer is still capturing.

Paddy707 · March 30, 2026, 4:05am

Restart it on the zniffer laptop?