Getting mqtt data from wifi

MQTT
wifi

asked 2019-11-25 16:28:08 +0000

gitterekim
1 ●1 ●1 ●1

Need to look at mqtt packets from various devices. Packets come in as 802.11 and I have seen two examples of them being broken down into regular packets that can be filtered, but can't figure out how. One example is https://medium.com/@alexharasic/hijac..., the other one is https://iotbytes.wordpress.com/captur.... Must be something in the configuration I'm missing, but don't know what

edit retag flag offensive close merge delete

Comments

Are you capturing on the device transmitting and receiving the MQTT data or are you capturing on another device and attempting to sniff the WiFi transmissions?

grahamb ( 2019-11-25 16:46:09 +0000 )edit

Ultimate goal is to decode LG HVAC communication. Right now I'm using a Raspberry Pi3 with Kali Linux and modified kernel for monitor mode. Home network is Mosquitto talking to other Pis and Wemos temperature sensors and Sonoff switches running Tasmota firmware. Used Wireshark about 5 years ago, but never for 802.11.

gitterekim ( 2019-11-25 23:10:46 +0000 )edit

To confirm, "for monitor mode" means you're sniffing transmissions on other devices.

If that's the case then you should look at the Wiki page on WLAN capturing.

Sharing a capture on a public fileshare, e.g. Google Drive, DropBox etc.), and posting a link to it back here will help others to analyse your issue.

grahamb ( 2019-11-26 09:21:06 +0000 )edit

Had to make another network for sending a trace....

Devices:

192.168.1.1 - Enigma Netgear N150 Router (not connected to internet) 
192.168.1.2 - Lenovo Android (sending On/Off commands via Node-Red dashboard)
192.168.1.3 - Sonoff (tasmota firmware, turns light On/Off)
192.168.1.4 - HP Not doing anything - just on network
192.168.1.6 - Wemos DS18b20 temp sensor TelePeriod set for 15 seconds
192.168.1.7 - Pi3+ running Node-Red and Mosquitto

Trace was captured while I cycled power to the Sonoff 5 times. Temperature from Wemos then was raised from 68.3 to 69.2 F, (TelePeriod sends data every 15 seconds), then the trace was terminated.

Terminal command:

tcpdump -1 wlan0mon -w tcdump

Trace run from Raspberry Pi3+ Kali Linux with patched kernel for monitor mode on internal wifi controller.

https://www.dropbox.com/s/bp7s3z9u155...

gitterekim ( 2019-11-28 09:58:54 +0000 )edit

add a comment

answered 2019-11-28 15:39:32 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●976 ●227 https://www.wireshark.org

I simply applied a display filter of "mqtt" and could see the traffic between the devices.

You may wish to modify the MQTT dissector preferences to display the data as required.

Checking the "Show Messages as text" option shows the data as a text string.
Adding a message decoding setting can use other dissectors, e.g. adding a decoding of "Equal to | tele/Wemos1/SENSOR | none | json" shows the data as a json object.

edit flag offensive delete link

Comments

Well, that makes me look like a real fool. I loaded the file on my Mint box and it worked fine just as you said. (I swear I put mqtt in the filter field before but it did nothing for me.) Unfortunately in trying to 'upgrade' my Kali system today I broke it and have to re-create the system in order to try it again. Thanks for looking at this for me.

gitterekim ( 2019-11-29 01:02:24 +0000 )edit

add a comment

Getting mqtt data from wifi

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Getting mqtt data from wifi edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Getting mqtt data from wifi