Hi Yes, that is exactly what I want to see. Let me explain for a second.
I work for a company, developing SPS systems for machines. One of our system uses a so called "Bus Controller" which communicates using a Realtime Ethernet Protocol like Sercos III oder Powerlink V2. "Behind" this Controller various modules can reside, which communicate with the controller using a different protocol. Sometimes those modules send data packets on the realtime network, which works the following way: 1. They send the packet using their own protocol, but in their payload they encapsulate the packet in a special UDP frame. 2. The Bus Controller collects all frames, puts them into a "normal" network frame and sends it on the network. 3. If the Bus Controller receives a packet, he dissects the sub-packets, and sends them to the various modules. I would like to be able to dissect those packets individually and not displaying one big frame. I know of quite a few devices (not only our own) who operate in such a way. AS-i safety gateways also operate in such a manner. Therefore I think, this should be possible, but I understand your argument regards, Roland On Thu, Feb 24, 2011 at 9:38 PM, David Aggeler <[email protected]> wrote: > Roland, > > Do you want to see the following: > > -- FRAME 1 > -- ETHERNET II FRAME > -- IP FRAME > -- UDP FRAME > -- MY PROTOCOL FRAME 1/4 > > -- FRAME 1 > -- ETHERNET II FRAME > -- IP FRAME > -- UDP FRAME > -- MY PROTOCOL FRAME 2/4 > > etc? > > Why that? Do yo have a post processing step that relies on this? wireshark > is a protocol analyzer and as such its all about 'frame in frame in frame'. > > David > > Am 24.02.2011 09:31, schrieb Roland Knall: >> >> Hello >> >> I have the following situation. The trace identifies (correctly) >> packets I am interested in. These packets come from a device, which >> collects packets, puts them together into one udp frame, and sends >> them over the network. Right now I trace the udp payload, and call the >> packet dissector for my packet more than once, which will result in a >> listing like this: >> >> -- FRAME >> -- ETHERNET II FRAME >> -- IP FRAME >> -- UDP FRAME >> -- MY PROTOCOL FRAME >> -- MY PROTOCOL FRAME >> -- MY PROTOCOL FRAME >> -- MY PROTOCOL FRAME >> >> >> I would like to be able to put those protocol frames each in a single >> row, so that instead of having one chunked up row like the one above, >> I have (in this case) 4 packets, each with a single protocol frame. >> >> I figured there are 2 ways of achieving this: >> >> 1. Use a DisplayFilter - but so far I have not found a solution using >> this approach. I would prefer it, but understand if this would not be >> feasible >> 2. Use some sort of CaptureFilter - which would require messing around >> with libpcap/winpcap . The solution must be cross-platform. >> >> Has anyone an idea how to achieve this with using just a >> DisplayFilter, or could point me into a direction for where to change >> an input filter. >> >> btw, changing libpcap/winpcap should really be last resort. >> >> kind regards, Roland >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list<[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> >> mailto:[email protected]?subject=unsubscribe >> > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
