Ask Your Question

MQTT5 publish packets not dissected correctly unless Connect command packet is captured [closed]

asked 2020-07-26 15:55:55 +0000

veracl gravatar image

updated 2020-07-26 16:07:04 +0000

MQTT5 packets include properties right before the message. MQTT3 packets do not include properties. See:

When capturing MQTT5 traffic, the properties are not dissected properly. E.g., a "property length" byte of zero is displayed as a zero byte at the start of the message, resulting in a "Trailing stray characters" warning:

image description

Only when the Connect command packet is also captured, which includes the version number 5, are the properties displayed correctly:

image description

image description

Is there any way to get Wireshark to display MQTT5 packets correctly even when the Connect command packet is not part of the capture? Is there a setting for "MQTT version"? I did not find anything like that.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by veracl
close date 2020-07-27 12:19:02.724898

1 Answer

Sort by ยป oldest newest most voted

answered 2020-07-26 17:00:46 +0000

Jaap gravatar image

Yes, download the development version of Wireshark, which has a fix for bug 16722 addressing just this.

edit flag offensive delete link more


Great, thanks. That works.

veracl gravatar imageveracl ( 2020-07-27 12:18:09 +0000 )edit

Question Tools


Asked: 2020-07-26 15:55:55 +0000

Seen: 327 times

Last updated: Jul 26 '20