Wireshark not capturing MQTT data over Ethernet with port mirroring
I have a setup where I am using Mosquitto server and Node-RED on a single machine, which is configured with the machine's IP address. The connection is via Ethernet, and I have a switch and two machines connected to each other. The machines can ping each other without any issues.
To monitor the MQTT traffic, I used the port mirroring feature of my switch, and I mirrored the machine running Node-RED and Mosquitto (Port 1) to another machine where I have Wireshark (Port 8)installed.
However, when I start capturing traffic on Wireshark using the Ethernet interface, I don't see any MQTT traffic (no packets using port 1883). Here's a summary of my setup: - Mosquitto server and Node-RED on the same machine. - Machines connected through Ethernet, using a switch. - Port mirroring set up to mirror traffic to a machine running Wireshark. - Machines can successfully ping each other.
I expected to see MQTT data on Wireshark, but it's not showing up. What could be the reason for Wireshark not capturing the MQTT packets? Am I missing any configuration or step in Wireshark or port mirroring?
Things I've tried: - Checked the port mirroring configuration on the switch. - Verified that the machines are on the same network and can communicate (ping works fine). - Filtered for MQTT packets in Wireshark (mqtt or tcp.port == 1883).
Any insights or suggestions would be greatly appreciated!
This is a continuation of Why is my network traffic visible on loopback interface but not Ethernet in Wireshark capture? ?
no, this is not a continuation
Can you see the ping (icmp) traffic in the packet capture?
Yes I can see protocols such as ICMP(only when pinging from M1 to M2), ARP, STP.
I assume either M1 or M2 is the Moquitto server?
Are you using any capture filters? Is there vlan tagging involved? Are you using encrypted MQTT (port 8883)? Are you using a custom port for MQTT? Do you see any other traffic between your test machine and the MQTT machine in the packet capture on the machine on port 8?