Personally, I would spin up a test node that was printing out both raw and encrypted hex dumps and frequency / spreading factor of everything it transmitted.
I’d check the gateway logs for the corresponding raw packets, modifying the packet forwarder to log them if it was not doing so already.
And I’d check the TTN console for that raw traffic.
If I was seeing raw traffic, but not application messages, I’d get the relevant keys (from the node if not the server) and decode the traffic myself and see if I though it was valid.