MQTT dissector / decoder for Wireshark

While debugging some problems we were having with TCP performance, I wanted a way to visualize the MQTT traffic stream a little better in wireshark. I found Wireshark Generic Dissector and thought it should be useful, seeing as I had no desire to start writing C code for packet decoding. WSGD looks to be pretty interesting for writing decoders for private protocols and the like, but there aren’t many other examples of how it’s used. I got helpful prompt help from the lead developer though, so even though it’s a little arcane, it’s still something I can recommend :)

MQTT decoding in Wireshark through WSGD

MQTT decoding in Wireshark through WSGD

My decoding isn’t complete, by any means, but given the complete lack of any other examples out there, I thought this would probably be helpful, even in it’s current state. You’ll need to install WSGD as per the instructions at that site, and then you’ll need this zip….

Just follow the instructions here and by all means, let me know how you go :)

Update: 2014-02-01alternative lua plugin, available on github. I haven’t tried it, but lua plugins are actually easier to use and extend. If I’d know about the lua plugin style (and known lua) at the time, I would have done it that way. Note, I haven’t actually _tried_ the lua plugin yet :)

  1. Hi,
    I tried as per the steps to decode mqtt messages but unable to do it.I was trying the sample applications and followed up the instructions given here to decode mqtt message.I am getting no mqttv1.3 messages in my wireshark 1.6.2. What could have gone wrong. I kept all the three files (mqtt3.1.wsgd, mqtt3.1.fdesc, and generic.dll) in the plugins/1.6.2 folder and started wireshark. but could not get any mqtt messages.
    Please let me know.
    Thanks&Regards
    Ajay

  2. Hi,

    As reference to my previous posting, I am properly getting MQMT message.Sorry there was mistake in my part.

    Thanks&Regards
    Ajay

  3. Excellent :) Just as well, I didn’t really have any good ideas on what would have been wrong anyway :)

  4. Thanks…! Great work.
    I haven’t still tried out but this is so much helpful :)

    Cheers.

  5. Hello,

    For anyone scratching their heads after using this dissector, there is an error in the length of the payload of PUBLISH messages in mqtt3.1.fdesc (line 110).
    It should be accounting for topic length:
    raw(rem_length – 2 – topic.string_length) payload;
    or you could also set the total packet size and use
    raw(*) payload;
    Still, extremely useful work, thanks a lot!
    Cheers

  6. Thanks..great work.

    @emmanuel yeh..i was looking for it .thanks

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackbacks and Pingbacks: