markus.proeller@xxxxxxx a écrit :
Hello list,
I have the following problem:
I'm capturing EtherNet/IP traffic with cyclic I/O messages. This means
for instance, I start a conenction with a packet rate of 100ms.
I send a string, let's say 'test1' to the device and the device
answers with 'test2'. I capture the following:
0 ms: -> test1
<- test2
100ms: ->test1
<- test2
200ms: ->test1
<- test2
and so on... until I send a new command:
900ms: -> test3
<- test4
1000ms: -> test3
<- test4
Is there a possibility to capture only the messages, where the message
content is changing, like the following:
0 ms: ->test1
<- test2
900ms: -> test3
<- test4
capture : no possibility
display filter : if the dissector is specifically designed to handle the
case
The dissector must specifiy a specific field "content_changed".
This field is set to false or true depending on a comparison with the
previous packet.
Then you can use a display filter "myprotocol.content_changed == true".
http://wsgd.free.fr/ is able to do that.
I hope it got clear what I mean.
Thanks in advance
Markus
------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Wireshark Generic Dissector http://wsgd.free.fr
