• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

MQTT packet capture

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 2 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    PM_13
    last edited by Dec 27, 2020, 8:27 AM

    Hi,
    I am running a dedicated Home Assistant machine on home LAN, the same machine also runs an instance of Mosquitto (MQTT broker) that is used by few IoT devices (switches) on the same LAN. I tried packet capture on the LAN for the Home Assistant host and at the same time I toggled few of the IoT switches to generate MQTT traffic.

    But to my surprise the captured file did not contain a single packet for MQTT or any IP related to the switches. At first I thought I made a mistake so systematically eliminated following factors:

    1. Picked the correct interface for capture
    2. Used promiscuous mode
    3. Used the right IP for Home Assistant machine
    4. Removed number of packets from default 100 to 0 (for unlimited)
    5. No other filters used for capture
    6. Used MQTT explorer to connect to Home Assistant machine and see the payload change for topics as I was toggling switches

    And I still cannot understand why there are no MQTT related packets in the capture, please advise if I overlooked anything from above check list that might explain this discrepancy.

    Thanks!

    B 1 Reply Last reply Dec 27, 2020, 8:40 AM Reply Quote 2
    • B
      bingo600 @PM_13
      last edited by Dec 27, 2020, 8:40 AM

      @pm_13

      If/when the packets "flow" on the same subnet (pure Layer 2 traffic) , they never pass pfSense. That is basic IP , and pfSense is not to be "blamed".
      The MQTT trace has to be done where the data flows.

      If you have managed switches , you could create a "Mirror port" , and ie. "miror" your MQTT machines data , to the mirror port.
      Then you put a wireshark machine into the mirror port, and all data flowing to/from the MQTT machine will be visible.

      If you don't have any managed switches (get them..) , or move "One of the ends" to another subnet , now traffic has to pass pfSense , and will be visible there.

      /Bingo

      If you find my answer useful - Please give the post a 👍 - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

      P 1 Reply Last reply Dec 27, 2020, 9:24 AM Reply Quote 1
      • P
        PM_13 @bingo600
        last edited by Dec 27, 2020, 9:24 AM

        @bingo600 Thanks, that makes total sense. Seems like I was chasing my own tail for last few hours 😓

        B 1 Reply Last reply Dec 27, 2020, 9:34 AM Reply Quote 2
        • B
          bingo600 @PM_13
          last edited by bingo600 Dec 27, 2020, 9:35 AM Dec 27, 2020, 9:34 AM

          @pm_13
          I'm working on getting your reputation to 5.
          Then i think the posting limit (time delay) is removed

          You're at 5 now

          /Bingo

          If you find my answer useful - Please give the post a 👍 - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

          P 1 Reply Last reply Dec 27, 2020, 9:55 AM Reply Quote 1
          • P
            PM_13 @bingo600
            last edited by Dec 27, 2020, 9:55 AM

            @bingo600 Thanks :-)

            Also noticed the Qotom in your signature block, I bought Qotom-Q515G6 late last year and very pleased with its performance so far!!

            1 Reply Last reply Reply Quote 1
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received