defining MQTT protocol in sflow_rt
41 views
Skip to first unread message
Habtamu Molla
Jun 19, 2023, 10:33:20 AM6/19/23
to sFlow-RT
how are you dear peter?
is that possible to define mqtt protocol flow features in sflow-rt?
i have seen that mqtt in https://sflow-rt.com/define_flow.php, but it is not available.
i
need to define mqtt and other protocol flow feature such as,
mqtt.conack.flags, mqtt.hdrflags, mqtt.conflags, mqtt.protoname,
mqtt.msg, tcp.options, udp.stream, arp.dst.proto_ipv4
all above listed flow features are not exist in https://sflow-rt.com/define_flow.php page.
where i get the way of defining these flow features in sflow-rt?
thanks you dear!
Peter Phaal
Jun 19, 2023, 11:11:57 AM6/19/23
to sFlow-RT
You can perform volumetric analysis of the MQTT flows by TCP/UDP port.
I don't think sFlow is suitable for monitoring mqtt over TCP since it only sees randomly selected packet headers and so can't track protocol state within the connection. MQTT over UDP might be possible, but I am not familiar with MQTT and not sure how much useful information could be gleaned.
I believe the Wireshark arp.dst.proto_ipv4 field is equivalent to sFlow-RT's arpiptarget:
sFlow-RT doesn't decode option values, but can report on the set of options that are present in the packet:
Habtamu Molla
Jun 19, 2023, 12:46:14 PM6/19/23
to sFlow-RT
well, thanks dear
Reply all
Reply to author
Forward
0 new messages