Can I stop Wireshark based on a specific condition (e.g. Ether-S-Bus communication has stopped)?
FAQ #100840
It is possible capturing the traffic on a Ethernet network and stop this capture based on a specific condition, like e.g. the lack of Ether-S-Bus telegrams from a specific station for a certain time. However, this can't be done within Wireshark itself, but by using its command line tool TShark which is piped to a Perl script.
Introduction
The attached script written in Perl (a free dynamic programming language) does call TShark which is the command line interface of Wireshark. TShark will then output the interpreted telegrams to the script, which will load a timer every time an Ether-S-Bus telegram from the station in question is "seen". If this timer elapses, the capture is stopped.
Usage
In order to use this script, execute the following steps:
- Install Wireshark 0.99.2 or later (latest possible is 1.4.9; 1.6 does no longer work)
- Install the scripting language Perl (ActivePerl)
- Open the script with a text editor and adapt the IP addresses
- Run the script
Categories
Communication / Ether-S-Bus
PG5 2.0 / Modbus
Last update: 28.05.2015 22:45
First release: 10.12.2007 08:48
Views: 41033