I want to capture MQTT packets on the SSH Linux-based remote server using Wireshark from my home. I can capture data go out through the Internet, such as when I use this command line mosquitto_pub -h test.mosquitto.org -t topic -m "Hello", I can see the packets in Wireshark. But, When I publish data in localhost, such as using this command mosquitto_pub -d -h localhost -t hello/world -m "75" I can't see any packets in Wireshark. I want to make a client/server in the same remote server.
I use this command to open Wireshark:
sudo ssh user@x.x.x.x tcpdump -U -s0 -w - | wireshark -k -i -
I know only a basic thing in Wireshark, so please how I solve this?
You didn't specify the interface that tcpdump should capture on. Try adding the -i lo option, as in:
sudo ssh user@x.x.x.x tcpdump -i lo -U -s0 -w - | wireshark -k -i -