On Jun 10, 2011, at 1:36 PM, N Nguyen wrote:
> Let say, when I type: ethercat start; the ifconfig -a results in only lo. Therefore, only lo is available in the capture list, and hence, I cannot capture the frames.
>
> When I type: ethercat stop. The ifconfig -a results in eth0, lo. This enables wireshark to capture the frames. But I can't use wireshark to capture EtherCAT frames at the moment.
>
> The problem is that why my EtherCAT preempts the eth0 and wireshark could detect the NIC card?
("eth0"? Yup, it's Linux....)
I don't know that much about EtherCAT, but some quick Googling found some stuff from which I infer, perhaps incorrectly, that, at least on some nodes, enabling EtherCAT might put the network adapter into a special mode in which it doesn't act as a normal network interface.
In particular:
http://www.etherlab.org/download/ethercat/ethercat-1.5-6129a5f715fb.pdf
(which mentions an "ethercat" command) seems to indicate that, at least for EtherCAT-capable adapters, that EtherCAT bypasses the normal Linux networking stack; if so, that'd probably make the network adapter unavailable to Wireshark (and tcpdump and every other libpcap-based application, and even to applications that directly use PF_PACKET sockets rather than letting libpcap handle the PF_PACKET sockets).
If that's what's happening, it's probably impossible to run with EtherCAT enabled *and* capture the EtherCAT traffic at the same time, and that there's nothing whatsoever Wireshark, or even libpcap, can do about it.
