I shared a .pcap with my colleague who is running Wireshark 4.2.3 on a Mac. The packet capture showed expected MQTT traffic. However when I looked at the same .pcap using the latest Wireshark available for Ubuntu (4.2.2) I see SOME of the MQTT packets as being malformed.
For example here I see a particular packet as an expected MQTT "Connect Command" on my colleagues machine. However on my machine I see it summarized as a "Publish Received (id=20312), Publish Message[Malformed Packet], Publish Release (id=30796), Publish Message[Malformed Packet], Publish Ack (id=23145), Publish Ack (id=26728)..."
I have verified we are both looking at the same packet by comparing packet numbers, times, stream IDs, Source and Destination IPs, Source and Destination Ports etc.
To add to the confusion, for MOST MQTT clients all appears the same for both of us. The discrepancies are only for ONE MQTT client. So at this moment we are not sure if his machine is erroneously accepting a malformed packet as valid. Or mine is erroneously rejecting a valid packet as malformed.
Thanks for your help!
