Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireshark filter for cyclic messages

From: wsgd <wsgd () free fr>
Date: Tue, 08 Jun 2010 20:12:13 +0200
markus.proeller () ifm com a écrit :


Hello list,

I have the following problem:
I'm capturing EtherNet/IP traffic with cyclic I/O messages. This means 
for instance, I start a conenction with a packet rate of 100ms.

I send a string, let's say 'test1' to the device and the device 
answers with 'test2'. I capture the following:

0 ms: -> test1
            <- test2
100ms: ->test1
                <- test2
200ms: ->test1
               <- test2
and so on... until I send a new command:
900ms: -> test3
               <- test4
1000ms: -> test3
                  <- test4

Is there a possibility to capture only the messages, where the message 
content is changing, like the following:
0 ms: ->test1
            <- test2
900ms: -> test3
               <- test4

capture : no possibility

display filter : if the dissector is specifically designed to handle the 
case
The dissector must specifiy a specific field "content_changed".
This field is set to false or true depending on a comparison with the 
previous packet.
Then you can use a display filter "myprotocol.content_changed == true".
http://wsgd.free.fr/ is able to do that.


I hope it got clear what I mean.

Thanks in advance

Markus
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe



-- 
Wireshark Generic Dissector http://wsgd.free.fr

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: