How to filter captured traffic in Wireshark?
FAQ #100535
The Ether-S-Bus plugin allows filtering the captured telegrams based on one or several properties of the telegram such as the command code contained in the telegram and/or the value of a transmitted media etc.
Principle
Wireshark basically offer two different possibilities for filtering Ethernet traffic:
- Capture filter:
Filtering while capturing based on the source/destination IP or the TCP/UDP ports used). Telegrams that do not match the filter are not stored to the capture file! Please refer to FAQ 100224 for more information. - Display filter:
Filtering the telegrams of a captured file based on the telegram contents (command code, presence of values etc.). The display filter will not affect the data captured, it will only select which packets of the captured data are displayed on the screen.
Display filters
The plugin for dissecting (interpreting) Ether-S-Bus traffic offers a wide range of telegram properties and filter conditions. Below a small selection of the most used fields:
- Command code
- Source- destination S-Bus address
- Baseaddress of transmitted media
- Values of transmitted media
- etc...
Using filter strings
The filter strings, written in a special display filter language are entered in the "filter field" (green region in the picture below) of Wireshark:
§ix100349§
By pressing the "Expressions" button, the following window shows up. From this window, the available filter expressions and conditions can be selected.
§ix100350§
It is also possible combining multiple filters by using the AND- and OR operands:
- And operand: && (Example: sbus.cmd == 0x6 && sbus.destination == 1)
- Or operand: || (Example: ip.addr == 207.1.1.222 || sbus.destination == 1)
Everytime you change the filter string and click the "Apply" button, all packets will be reread from the capture file (or from memory), and processed by the display filter "machine". Packet by packet, this "machine" is asked, if this particular packet should be shown or not.
Categories
Communication / Ether-S-Bus
Last update: 24.05.2018 08:20
First release: 28.02.2006 10:26
Views: 17659