THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Getting mqtt data from wifi

Need to look at mqtt packets from various devices. Packets come in as 802.11 and I have seen two examples of them being broken down into regular packets that can be filtered, but can't figure out how. One example is https://medium.com/@alexharasic/hijac..., the other one is https://iotbytes.wordpress.com/captur.... Must be something in the configuration I'm missing, but don't know what

gitterekim's avatar
1
gitterekim
asked 2019-11-25 16:28:08 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Are you capturing on the device transmitting and receiving the MQTT data or are you capturing on another device and attempting to sniff the WiFi transmissions?

grahamb's avatar grahamb (2019-11-25 16:46:09 +0000) edit
more
  • delete

Ultimate goal is to decode LG HVAC communication. Right now I'm using a Raspberry Pi3 with Kali Linux and modified kernel for monitor mode. Home network is Mosquitto talking to other Pis and Wemos temperature sensors and Sonoff switches running Tasmota firmware. Used Wireshark about 5 years ago, but never for 802.11.

gitterekim's avatar gitterekim (2019-11-25 23:10:46 +0000) edit
more
  • delete

To confirm, "for monitor mode" means you're sniffing transmissions on other devices.

If that's the case then you should look at the Wiki page on WLAN capturing.

Sharing a capture on a public fileshare, e.g. Google Drive, DropBox etc.), and posting a link to it back here will help others to analyse your issue.

grahamb's avatar grahamb (2019-11-26 09:21:06 +0000) edit
more
  • delete

Had to make another network for sending a trace....

Devices:

192.168.1.1 - Enigma Netgear N150 Router (not connected to internet) 
192.168.1.2 - Lenovo Android (sending On/Off commands via Node-Red dashboard)
192.168.1.3 - Sonoff (tasmota firmware, turns light On/Off)
192.168.1.4 - HP Not doing anything - just on network
192.168.1.6 - Wemos DS18b20 temp sensor TelePeriod set for 15 seconds
192.168.1.7 - Pi3+ running Node-Red and Mosquitto

Trace was captured while I cycled power to the Sonoff 5 times. Temperature from Wemos then was raised from 68.3 to 69.2 F, (TelePeriod sends data every 15 seconds), then the trace was terminated.

Terminal command:

tcpdump -1 wlan0mon -w tcdump

Trace run from Raspberry Pi3+ Kali Linux with patched kernel for monitor mode on internal wifi controller.

https://www.dropbox.com/s/bp7s3z9u155...

gitterekim's avatar gitterekim (2019-11-28 09:58:54 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

I simply applied a display filter of "mqtt" and could see the traffic between the devices.

You may wish to modify the MQTT dissector preferences to display the data as required.

  • Checking the "Show Messages as text" option shows the data as a text string.
  • Adding a message decoding setting can use other dissectors, e.g. adding a decoding of "Equal to | tele/Wemos1/SENSOR | none | json" shows the data as a json object.
grahamb's avatar
23.8k
grahamb
answered 2019-11-28 15:39:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Well, that makes me look like a real fool. I loaded the file on my Mint box and it worked fine just as you said. (I swear I put mqtt in the filter field before but it did nothing for me.) Unfortunately in trying to 'upgrade' my Kali system today I broke it and have to re-create the system in order to try it again. Thanks for looking at this for me.

gitterekim's avatar gitterekim (2019-11-29 01:02:24 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer