I am trying to learn more about MQTT so decided to capture packet on pfSense using promiscuous mode against the host IP running HA/MQTT broker. After several attempts, I did not see a single packet for port 1883,1884, 8883 and 8884. Interestingly there is not a single packet from any of switches that are configured to use MQTT (i toggled few of them on/off during the packet capture).
But I am able to see payload for all the switches (Sonoff & Kasa) using MQTT Explorer.
Any clues why I am not seeing any MQTT related packets during this capture?
Thanks.
You can only capture packets that go “through” a device. Your pfsense device will probably only see traffic that leaves your network and doesn’t see internal to internal traffic.
If you want to see internal to internal traffic you need to be able to tell you switch or some other inline device to mirror those packets to you pfsense device.
And you never see the packets if you a send it to localhost(127.0.0.1) unless you use something like tcpdump, snoop, etc on the localhost
