Ask Your Question
0

why can I see the mqtt traffic only in the info column? (same for http)

asked 2018-03-06 11:53:26 +0000

Mari1234 gravatar image

updated 2018-03-06 11:56:30 +0000

Hello, I am writting my thesis and I connected a Raspberry Pi via Hotspot to my laptop.

I want to caputre the mqtt traffic for the Raspberry Pi. It works but I only can see the MQTT traffic in the info column. Why is it no own Protocol in the protocol column?

I would really appreciate it, if someone can help me.

Best regards

edit retag flag offensive close merge delete

Comments

What ports is your traffic running on, and what ports have you configured in wireshark for MQTT and HTTP?

Can you share a capture file with a public link, e.g. CloudShark, Google Drive, DropBox etc?

grahamb gravatar imagegrahamb ( 2018-03-06 12:24:20 +0000 )edit

I am completely new in wireshark.

https://www.dropbox.com/s/yvqqkktjqfm...

This ist the link for the captured traffic. In the info column is mqtt but I want it in the protocol column. I don't know where I can fix the right filter. And the mqtt port is 8883.

Thank you for the fast answer.

Mari1234 gravatar imageMari1234 ( 2018-03-06 12:32:53 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-03-06 12:55:27 +0000

Uli gravatar image

updated 2018-04-06 13:46:51 +0000

cmaynard gravatar image

It looks like you're running MQTT encrypted inside TLS (SSL). I guess the TLS Application data (e.g. frame 145) contains your MQTT messages. However only encrypted.

=> To be able to see the MQTT payload you have to be able to decrypt the TLS session (e.g. by having the session key or the RSA key).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-06 11:53:26 +0000

Seen: 1,303 times

Last updated: Apr 06 '18