How to Analyze the Network Behaviors of IoT-enabled Devices Using Wireshark

1) Background

2) Preparations

2.1 Create a Device

2.2 Device Simulation Program

  • Establish a connection
  • Subscribe to topics
  • Publish messages
  • Disconnect the connection
* node aliyun-iot-device.js
const mqtt = require('aliyun-iot-mqtt');
const options = {
"productKey": "设备PK",
"deviceName": "设备DN",
"deviceSecret": "设备Secret",
"regionId": "cn-shanghai"
const client = mqtt.getAliyunIotMqttClient(options);
setTimeout(function() {
}, 3 * 1000);
setTimeout(function() {
client.publish(`/${options.productKey}/${options.deviceName}/user/update`, getPostData(),{qos:1});
}, 5 * 1000);
setTimeout(function() {
}, 8 * 1000);
function getPostData() {
const payloadJson = {
temperature: Math.floor((Math.random() * 20) + 10),
humidity: Math.floor((Math.random() * 20) + 10)
console.log("payloadJson " + JSON.stringify(payloadJson))
return JSON.stringify(payloadJson);

2.3 Capture Network Packets with Wireshark

2.4 Start the Device Simulation Program

3) Analysis of the Captured Packets

3.1 TCP Three-way Handshake

The red box in the preceding figure shows a TCP three-way handshake, which is initiated by the “device” IP address. The used device port is port 56150.

3.2 MQTT CONNECT Behavior

Click the Connect record to view the packet details appear in the lower part of the window. The client ID, user name, and password are used to authenticate the device during this CONNECT operation.

IoT Platform returns CONNACK in response to CONNECT after device authentication.


The following figure shows the process where IoT Platform responds to the SUBSCRIBE behavior of the device.

3.4 MQTT PUBLISH Behavior

IoT Platform returns a PUBACK message to the “device” IP address based on the QoS value 1.

Also, find this log entry on the Device Log page of the IoT Platform console as shown below.


3.6 TCP Four-way Handshake

To find complete log entries about devices online and offline navigate to the Device Log page of the IoT Platform console.

4) Summary

5) Appendix

