How to Analyze the Network Behaviors of IoT-enabled Devices Using Wireshark

1) Background

2) Preparations

2.1 Create a Device

2.2 Device Simulation Program

  • Establish a connection
  • Subscribe to topics
  • Publish messages
  • Disconnect the connection
/**
* node aliyun-iot-device.js
*/
const mqtt = require('aliyun-iot-mqtt');
//设备身份三元组+区域
const options = {
"productKey": "设备PK",
"deviceName": "设备DN",
"deviceSecret": "设备Secret",
"regionId": "cn-shanghai"
};
//1.建立连接
const client = mqtt.getAliyunIotMqttClient(options);
//2.订阅主题
setTimeout(function() {
client.subscribe(`/${options.productKey}/${options.deviceName}/user/get`)
}, 3 * 1000);
//3.发布消息
setTimeout(function() {
client.publish(`/${options.productKey}/${options.deviceName}/user/update`, getPostData(),{qos:1});
}, 5 * 1000);
//4.关闭连接
setTimeout(function() {
client.end();
}, 8 * 1000);
function getPostData() {
const payloadJson = {
temperature: Math.floor((Math.random() * 20) + 10),
humidity: Math.floor((Math.random() * 20) + 10)
}
console.log("payloadJson " + JSON.stringify(payloadJson))
return JSON.stringify(payloadJson);

2.3 Capture Network Packets with Wireshark

2.4 Start the Device Simulation Program

3) Analysis of the Captured Packets

3.1 TCP Three-way Handshake

The red box in the preceding figure shows a TCP three-way handshake, which is initiated by the “device” IP address. The used device port is port 56150.

3.2 MQTT CONNECT Behavior

Click the Connect record to view the packet details appear in the lower part of the window. The client ID, user name, and password are used to authenticate the device during this CONNECT operation.

IoT Platform returns CONNACK in response to CONNECT after device authentication.

3.3 MQTT SUBSCRIBE Behavior

The following figure shows the process where IoT Platform responds to the SUBSCRIBE behavior of the device.

3.4 MQTT PUBLISH Behavior

IoT Platform returns a PUBACK message to the “device” IP address based on the QoS value 1.

Also, find this log entry on the Device Log page of the IoT Platform console as shown below.

3.5 MQTT DISCONNECT Behavior

3.6 TCP Four-way Handshake

To find complete log entries about devices online and offline navigate to the Device Log page of the IoT Platform console.

4) Summary

5) Appendix

Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store