0

I have packets captured during not encrypted MQTT communication:

Treat

Protocol is detected as TCP. How to ask Wireshark to analyze packets as MQTT?

enter image description here

UPD

In case I set MQTT server work on default 1883 port I Wireshark treats packets like MQTT. But how to ask Wireshark treat packets lime MQTT when it runs on on default port?

enter image description here

Improve this question
4
  • Can you check if your MQTT port is set at 1883? You can check it from - Edit -> Preferences -> Protocols -> MQTT. Commented Jan 20, 2020 at 16:04
  • Yes, it recognizes packets on 1883 port, but how to do the same on not default port? Commented Jan 20, 2020 at 16:40
  • Can you give it a try by unticking - Edit -> Preferences -> Protocols -> TCP -> 'allow subdissector to reassemble tcp streams' ? Commented Jan 20, 2020 at 17:00
  • Unticking Edit -> Preferences -> Protocols -> TCP -> 'allow subdissector to reassemble tcp streams' not helps Commented Jan 20, 2020 at 20:07

1 Answer 1

Reset to default
1

Right click on a packet, and select Decode as.... A dialog appears, which should contain rules for the port you've selected. In the "Current" column, it will contain (none). Double click that cell, and the contents will change to a drop-down list. From that, select "MQTT", and press OK.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.