Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MQTT packet capture

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PM_13
      last edited by

      Hi,
      I am running a dedicated Home Assistant machine on home LAN, the same machine also runs an instance of Mosquitto (MQTT broker) that is used by few IoT devices (switches) on the same LAN. I tried packet capture on the LAN for the Home Assistant host and at the same time I toggled few of the IoT switches to generate MQTT traffic.

      But to my surprise the captured file did not contain a single packet for MQTT or any IP related to the switches. At first I thought I made a mistake so systematically eliminated following factors:

      1. Picked the correct interface for capture
      2. Used promiscuous mode
      3. Used the right IP for Home Assistant machine
      4. Removed number of packets from default 100 to 0 (for unlimited)
      5. No other filters used for capture
      6. Used MQTT explorer to connect to Home Assistant machine and see the payload change for topics as I was toggling switches

      And I still cannot understand why there are no MQTT related packets in the capture, please advise if I overlooked anything from above check list that might explain this discrepancy.

      Thanks!

      bingo600B 1 Reply Last reply Reply Quote 2
      • bingo600B
        bingo600 @PM_13
        last edited by

        @pm_13

        If/when the packets "flow" on the same subnet (pure Layer 2 traffic) , they never pass pfSense. That is basic IP , and pfSense is not to be "blamed".
        The MQTT trace has to be done where the data flows.

        If you have managed switches , you could create a "Mirror port" , and ie. "miror" your MQTT machines data , to the mirror port.
        Then you put a wireshark machine into the mirror port, and all data flowing to/from the MQTT machine will be visible.

        If you don't have any managed switches (get them..) , or move "One of the ends" to another subnet , now traffic has to pass pfSense , and will be visible there.

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        P 1 Reply Last reply Reply Quote 1
        • P
          PM_13 @bingo600
          last edited by

          @bingo600 Thanks, that makes total sense. Seems like I was chasing my own tail for last few hours šŸ˜“

          bingo600B 1 Reply Last reply Reply Quote 2
          • bingo600B
            bingo600 @PM_13
            last edited by bingo600

            @pm_13
            I'm working on getting your reputation to 5.
            Then i think the posting limit (time delay) is removed

            You're at 5 now

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            P 1 Reply Last reply Reply Quote 1
            • P
              PM_13 @bingo600
              last edited by

              @bingo600 Thanks :-)

              Also noticed the Qotom in your signature block, I bought Qotom-Q515G6 late last year and very pleased with its performance so far!!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.