Hi
Yes, that is exactly what I want to see. Let me explain for a second.
I work for a company, developing SPS systems for machines. One of our
system uses a so called "Bus Controller" which communicates using a
Realtime Ethernet Protocol like Sercos III oder Powerlink V2. "Behind"
this Controller various modules can reside, which communicate with the
controller using a different protocol. Sometimes those modules send
data packets on the realtime network, which works the following way:
1. They send the packet using their own protocol, but in their payload
they encapsulate the packet in a special UDP frame.
2. The Bus Controller collects all frames, puts them into a "normal"
network frame and sends it on the network.
3. If the Bus Controller receives a packet, he dissects the
sub-packets, and sends them to the various modules.
I would like to be able to dissect those packets individually and not
displaying one big frame.
I know of quite a few devices (not only our own) who operate in such a
way. AS-i safety gateways also operate in such a manner.
Therefore I think, this should be possible, but I understand your argument
regards, Roland
On Thu, Feb 24, 2011 at 9:38 PM, David Aggeler <david_aggeler@xxxxxxxxxx> wrote:
> Roland,
>
> Do you want to see the following:
>
> -- FRAME 1
> -- ETHERNET II FRAME
> -- IP FRAME
> -- UDP FRAME
> -- MY PROTOCOL FRAME 1/4
>
> -- FRAME 1
> -- ETHERNET II FRAME
> -- IP FRAME
> -- UDP FRAME
> -- MY PROTOCOL FRAME 2/4
>
> etc?
>
> Why that? Do yo have a post processing step that relies on this? wireshark
> is a protocol analyzer and as such its all about 'frame in frame in frame'.
>
> David
>
> Am 24.02.2011 09:31, schrieb Roland Knall:
>>
>> Hello
>>
>> I have the following situation. The trace identifies (correctly)
>> packets I am interested in. These packets come from a device, which
>> collects packets, puts them together into one udp frame, and sends
>> them over the network. Right now I trace the udp payload, and call the
>> packet dissector for my packet more than once, which will result in a
>> listing like this:
>>
>> -- FRAME
>> -- ETHERNET II FRAME
>> -- IP FRAME
>> -- UDP FRAME
>> -- MY PROTOCOL FRAME
>> -- MY PROTOCOL FRAME
>> -- MY PROTOCOL FRAME
>> -- MY PROTOCOL FRAME
>>
>>
>> I would like to be able to put those protocol frames each in a single
>> row, so that instead of having one chunked up row like the one above,
>> I have (in this case) 4 packets, each with a single protocol frame.
>>
>> I figured there are 2 ways of achieving this:
>>
>> 1. Use a DisplayFilter - but so far I have not found a solution using
>> this approach. I would prefer it, but understand if this would not be
>> feasible
>> 2. Use some sort of CaptureFilter - which would require messing around
>> with libpcap/winpcap . The solution must be cross-platform.
>>
>> Has anyone an idea how to achieve this with using just a
>> DisplayFilter, or could point me into a direction for where to change
>> an input filter.
>>
>> btw, changing libpcap/winpcap should really be last resort.
>>
>> kind regards, Roland
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
