×
Community Blog How to Analyze the Network Behaviors of IoT-enabled Devices Using Wireshark

How to Analyze the Network Behaviors of IoT-enabled Devices Using Wireshark

This article explains how to use the network packet capturing tool, Wireshark, for analyzing the network behaviors of IoT-enabled devices.

1) Background

When device debugging becomes difficult during IoT development, it is imperative to use the network packet capturing tool Wireshark for analyzing device behaviors and subsequently troubleshooting problems. Let's consider an example that shows how to use Wireshark to analyze the communication between a device and Alibaba Cloud IoT Platform.

2) Preparations

2.1 Create a Device

On Alibaba Cloud IoT Platform, create and register a device and obtain trituple information as shown below.

1

2.2 Device Simulation Program

In a computer, develop a device simulation program using Node.js and complete the following operations using the subsequent code:

  • Establish a connection
  • Subscribe to topics
  • Publish messages
  • Disconnect the connection
/**
 * node aliyun-iot-device.js
 */
const mqtt = require('aliyun-iot-mqtt');
//设备身份三元组+区域
const options = {
    "productKey": "设备PK",
    "deviceName": "设备DN",
    "deviceSecret": "设备Secret",
    "regionId": "cn-shanghai"
};

//1.建立连接
const client = mqtt.getAliyunIotMqttClient(options);
//2.订阅主题
setTimeout(function() {
    client.subscribe(`/${options.productKey}/${options.deviceName}/user/get`)
}, 3 * 1000);
//3.发布消息
setTimeout(function() {
    client.publish(`/${options.productKey}/${options.deviceName}/user/update`, getPostData(),{qos:1});
}, 5 * 1000);
//4.关闭连接
setTimeout(function() {
    client.end();
}, 8 * 1000);


function getPostData() {
    const payloadJson = {
        temperature: Math.floor((Math.random() * 20) + 10),
        humidity: Math.floor((Math.random() * 20) + 10)
    }
    console.log("payloadJson " + JSON.stringify(payloadJson))
    return JSON.stringify(payloadJson);

2.3 Capture Network Packets with Wireshark

IoT Platform uses the MQ Telemetry Transport (MQTT) protocol for communication. Therefore, configure the rule: TCP and port 1883.

2

2.4 Start the Device Simulation Program

Finally, initiate the device simulation program to get started.

3

3) Analysis of the Captured Packets

Wireshark captures the complete process of MQTT network interaction post the simulation script execution. The device IP address is marked as "device" for the sake of convenience, whereas the IP address of the connected IoT Platform remains unchanged.

3.1 TCP Three-way Handshake

4

The red box in the preceding figure shows a TCP three-way handshake, which is initiated by the "device" IP address. The used device port is port 56150.

3.2 MQTT CONNECT Behavior

The following figure shows the MQTT CONNECT behavior.

Click the Connect record to view the packet details appear in the lower part of the window. The client ID, user name, and password are used to authenticate the device during this CONNECT operation.

5

IoT Platform returns CONNACK in response to CONNECT after device authentication.

6

3.3 MQTT SUBSCRIBE Behavior

The following figure shows the process where the "device" IP address subscribes to a topic from the IoT Platform. The red box shows the topic subscribed to by the device.

7

The following figure shows the process where IoT Platform responds to the SUBSCRIBE behavior of the device.

8

3.4 MQTT PUBLISH Behavior

The following figure shows the process where the "device" IP address publishes a message with QoS equal to 1 to IoT Platform. The packet includes the topic and payload of the message.

9

IoT Platform returns a PUBACK message to the "device" IP address based on the QoS value 1.

10

Also, find this log entry on the Device Log page of the IoT Platform console as shown below.

11

3.5 MQTT DISCONNECT Behavior

The following figure shows the process where the "device" IP address initiates the DISCONNECT command to disconnect the MQTT connection channel.

12

3.6 TCP Four-way Handshake

The red box in the following figure shows a TCP four-way handshake.

13

To find complete log entries about devices online and offline navigate to the Device Log page of the IoT Platform console.

14

4) Summary

This article describes the basic skills for using Wireshark to analyze the network communication between a device and Alibaba Cloud IoT Platform. We hope that these skills are helpful for your IoT development.

5) Appendix

The following table lists the Identifiers at the TCP layer.

SYN A connection is established.
FIN A connection is terminated.
ACK A response is returned.
PSH Data is transmitted.
RST A connection is reset.
0 0 0
Share on

GXIC

25 posts | 3 followers

You may also like

Comments