Can I stop Wireshark based on a specific condition (e.g. Ether-S-Bus communication has stopped)?

FAQ #100840

It is possible capturing the traffic on a Ethernet network and stop this capture based on a specific condition, like e.g. the lack of Ether-S-Bus telegrams from a specific station for a certain time. However, this can't be done within Wireshark itself, but by using its command line tool TShark which is piped to a Perl script.

 

Introduction
The attached script written in Perl (a free dynamic programming language) does call TShark which is the command line interface of Wireshark. TShark will then output the interpreted telegrams to the script, which will load a timer every time an Ether-S-Bus telegram from the station in question is "seen". If this timer elapses, the capture is stopped.

Usage
In order to use this script, execute the following steps:

  • Install Wireshark 0.99.2 or later (latest possible is 1.4.9; 1.6 does no longer work)
  • Install the scripting language Perl (ActivePerl)
  • Open the script with a text editor and adapt the IP addresses
  • Run the script 

Categories

Communication / Ether-S-Bus

PG5 2.0 / Modbus

Last update: 28.05.2015 22:45

First release: 10.12.2007 08:48

Views: 41039

The requested software / document is no longer marketed by Saia-Burgess Controls AG and without technical support. It is an older software version which can be operated only on certain now no longer commercially available products.

Download