说明
如果设备连接MQTT只走TCP,信息可以用软件监控出来.
为了防止传输的信息被监控,TCP + SSL
使用自带的证书文件(开启单向认证)
1.软件里面自带着证书
acert.pem: 根证书
cert.pem:服务器证书
key.pem:服务器端私钥
client-cert.pem: 客户端证书
client-key.pem:客户端私钥
2.打开 emq.conf
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202653265-1082166114.png)
3.修改如下(打开SSL单向认证)
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202728741-1338402231.png)
重启MQTT软件
1.在云端电脑运行 cmd
需要以管理员身份运行
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202737011-684796449.png)
2.进入目录
cd C:emqttd-windows7-v2.3.0emqttdin
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202752270-647080558.png)
3. 重启
emqttd stop //停止
emqttd start //启动
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202808295-469171059.png)
提醒:MQTT的TCP+SSL 方式通信是使用的8883端口
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202830090-629435133.png)
监听测试(TCP)
测试监控数据
1.安装MQTT软件(这个软件功能齐全)
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202847355-903478279.png)
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202903200-913065297.png)
2.安装网络监控助手
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202916685-1591960697.png)
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202929455-1672758853.png)
3.打开MQTT软件
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826202947325-223223047.png)
4.IP地址根据自己的填写 端口号:1883
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203000685-167169473.png)
5.MQTT用户名密码 ,最后点击 OK
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203017221-193364667.png)
6.点击 Connect 右边绿灯亮,说明连接上
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203032076-2090510925.png)
7.打开网络监控,双击
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203045731-2026644953.png)
8.设置监控 IP和端口号
ip.addr == 47.92.31.46 && tcp.port == 1883
9.发布消息:①设置发布的主题1111 ②设置消息qqqqq ③点击发布消息
从上面可以看出,走1883端口的时候,信息可以被全部监听到
监听测试(TCP+SSL)
1.断开连接
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203251337-57250913.png)
2.端口号改为8883,添加 cert.pem文件
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203306336-1039808673.png)
cert.pem 是mqtt文件里面的文件
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203327290-1485231532.png)
3.点击OK
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203343054-1871307116.png)
4.网络监控改为 8883端口
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203400542-1586091562.png)
5.mqtt调试助手,连接并发布消息
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203420544-1724942724.png)
6.数据TLS加密通信
![](https://img2020.cnblogs.com/blog/819239/202008/819239-20200826203439496-2072706652.png)