Port 1883: MQTT — The Whisper Protocol

Port 1883 is the default port for MQTT, the Message Queuing Telemetry Transport protocol. Every time a smart thermostat reports a temperature, every time a factory sensor sends a reading, every time a connected device anywhere on Earth needs to say something small to something far away, there is a good chance that message flows through port 1883.

The Protocol

MQTT is a publish-subscribe messaging protocol designed for constrained devices and unreliable networks.¹ Unlike HTTP, where clients must constantly ask "do you have anything for me?", MQTT lets devices subscribe to topics and receive messages only when something relevant happens. A temperature sensor publishes to home/livingroom/temperature. Your phone, subscribed to that topic, receives the update instantly.

The protocol runs over TCP/IP and uses an intermediary called a broker. Publishers send messages to the broker. Subscribers tell the broker what topics interest them. The broker routes messages between them. Publishers and subscribers never need to know each other exist.

This decoupling is the protocol's genius. A sensor in a remote oil field does not need to know that three different monitoring systems want its data. It publishes to a topic. The broker handles distribution. The sensor can go back to sleep.

The History

In 1999, Andy Stanford-Clark of IBM and Arlen Nipper of Arcom (working with Phillips 66) faced a specific problem: monitoring oil pipelines via satellite.² Satellite bandwidth was expensive. The devices were battery-powered and remote. Every byte mattered. Every watt mattered.

They needed a protocol that could carry meaningful data through the thinnest possible connection. HTTP was too heavy. Existing SCADA protocols were proprietary. So they built something new.

The first version was called the "Argo Lightweight On The Wire Protocol," named after an IBM product codename. Later, it became known as MQ Telemetry Transport, the "MQ" borrowed from IBM's MQSeries messaging product line. Despite the name, MQTT does not use message queues. It uses publish-subscribe. The name stuck anyway.

Stanford-Clark later recalled that convincing IBM's lawyers to make the protocol public domain "was a real shock."³ But he insisted. The protocol had to be open. That decision, made in 1999, is why MQTT is now everywhere.

The protocol was released royalty-free in 2010.⁴ In 2014, OASIS published MQTT v3.1.1 as an open standard.⁵ In 2016, ISO and IEC adopted it as ISO/IEC 20922.⁶ In 2019, MQTT version 5.0 arrived with significant new features.⁷

How It Works

MQTT packets are remarkably small. The fixed header is just two bytes.⁸ The first byte identifies the packet type (CONNECT, PUBLISH, SUBSCRIBE, and thirteen others) and carries control flags. The second byte (or up to four bytes for larger packets) indicates the remaining length.

The minimum overhead for a PUBLISH message is two bytes plus the topic length plus the payload. Compare this to HTTP, where headers alone can consume hundreds of bytes.

Quality of Service

MQTT defines three QoS levels:⁹

QoS 0 (At Most Once): Fire and forget. The publisher sends the message and moves on. No acknowledgment. No retry. If the message is lost, it is lost. This is the fastest and most efficient level, suitable for data where the next reading will arrive soon anyway.

QoS 1 (At Least Once): The broker acknowledges receipt. If the publisher does not receive acknowledgment, it retransmits. This guarantees delivery but may result in duplicates.

QoS 2 (Exactly Once): A four-step handshake ensures the message arrives exactly once. This is the slowest and most resource-intensive level, reserved for critical data where neither loss nor duplication can be tolerated.

Topics and Wildcards

Topics form hierarchies separated by forward slashes:¹⁰

home/groundfloor/livingroom/temperature
home/groundfloor/kitchen/humidity
factory/line1/machine3/vibration

Subscribers can use wildcards. The + wildcard matches a single level: home/+/livingroom/temperature matches any floor. The # wildcard matches all remaining levels: home/# matches everything in the home. Subscribing to # alone means receiving every message the broker handles.

Last Will and Testament

When a client connects to a broker, it can register a "Last Will and Testament": a message to be published if the client disconnects unexpectedly.¹¹ If a security camera loses power without sending a proper DISCONNECT, the broker publishes its will: "Camera offline." Other devices, subscribed to the camera's status topic, learn immediately that something went wrong.

Combined with retained messages (where the broker stores the last message on a topic and delivers it to new subscribers), LWT enables presence monitoring. New devices joining the network instantly learn which other devices are online or offline.

Why Port 1883

TCP port 1883 was registered with IANA for MQTT use.¹² Port 8883 is registered for MQTT over TLS. The choice of 1883 was practical: it was unassigned when the protocol was being standardized.

The port number 1883, read as a year, sits one year before the fictional setting of George Orwell's "1984." This is coincidental, but MQTT's creators were not thinking about surveillance when they chose the port. They were thinking about oil pipelines.

Security Considerations

MQTT on port 1883 is unencrypted. Any data sent over this port can be read by anyone who can observe the network traffic. This includes usernames, passwords (which MQTT v3.1 supports but sends in cleartext), and all message payloads.¹³

This is not a flaw in the protocol; it is a design choice. MQTT was created for constrained environments where encryption might be too expensive. Security was intended to be layered on top via TLS.

The problem is that many deployments never add that layer.

Shodan searches reveal over 600,000 MQTT brokers exposed to the Internet on port 1883.¹⁴ Of these, approximately 47,000 allow anonymous connections with no authentication required.¹⁵ Smart homes, industrial systems, and medical devices broadcast their data to anyone who connects.

The Eclipse Mosquitto broker, one of the most popular MQTT implementations, has seen numerous CVEs over the years:¹⁶ memory leaks from malformed packets, denial-of-service from crafted messages, authentication bypasses from malformed password files.

If you must run MQTT on the Internet:

• Use port 8883 with TLS, not port 1883
• Require authentication
• Implement access control lists
• Never allow anonymous connections on public interfaces

The Scale

In 2025, an estimated 21.1 billion IoT devices will be connected globally.¹⁷ A substantial portion of them speak MQTT.

Facebook Messenger uses MQTT.¹⁸ The protocol's publish-subscribe model works well for group chats, and its lightweight nature preserves battery life on mobile devices. AWS IoT Core speaks MQTT.¹⁹ Azure IoT Hub speaks MQTT. Every major cloud platform that handles IoT traffic supports the protocol.

MQTT carries temperature readings from greenhouses, vibration data from factory equipment, location updates from vehicle fleets, heart rate data from medical devices, and messages between friends. The protocol designed to whisper through satellite links now handles conversations at planetary scale.

Related Ports