2020-03-02 13:47:49 +0000 | received badge | ● Popular Question (source) |
2019-04-30 10:16:45 +0000 | commented answer | Wireshark incorrectly interpreting the format of MQTT PUBLISH payload data Thank you, I opened a bug report, I'll leave a link here's if someone stumbles across this later on: https://bugs.wiresh |
2019-04-30 10:16:35 +0000 | marked best answer | Wireshark incorrectly interpreting the format of MQTT PUBLISH payload data I'm not sure if this is a good place to post this, please let me know if it's not and I'll post it where it's appropriate. The current version (v3.0.1-0-gea351cd8) of WireShark seems to interpret MQTT publish messages as null-terminated strings, and consumes them in the process. Here is an example of a PUBLISH containing bytes
As you can see, the current MQTT dissector treats the message as a null-terminated string, parsing The MQTT 3.1.1 standard states, that:
Since the payload format is application specific, I think that the correct behavior would be similar to for example TCP - to not consume the payload at all and instead leave it as "Data", allowing for other application specific dissectors to consume and parse the data. I'm not sure what's the correct term for this, but I was able to reproduce this behavior by going to Edit > Preferences > Protocol > MQTT > Edit, and manually adding an entry to not decode payloads on any topics. This makes the dissector correctly pass on the payload as "Data", but the warning message still remains. This should be the default behavior without configuring, and the warning message should probably be removed. Here's a capture file with an example of the publish packet. Is there any chance of getting this fixed? |
2019-04-30 10:16:35 +0000 | received badge | ● Scholar (source) |
2019-04-30 10:16:31 +0000 | commented answer | Wireshark incorrectly interpreting the format of MQTT PUBLISH payload data Thank, you I opened a bug report, I'll leave a link here's if someone stumbles across this later on: https://bugs.wiresh |
2019-04-30 08:15:01 +0000 | received badge | ● Editor (source) |
2019-04-30 08:15:01 +0000 | edited question | Wireshark incorrectly interpreting the format of MQTT PUBLISH payload data Wireshark incorrectly interpreting the format of PUBLISH payload data I'm not sure if this is a good place to post this, |
2019-04-30 08:14:47 +0000 | asked a question | Wireshark incorrectly interpreting the format of MQTT PUBLISH payload data Wireshark incorrectly interpreting the format of PUBLISH payload data I'm not sure if this is a good place to post this, |