What setting we have to do to capture mms(manufacturing message specification) on wire shark?
asked 20 Jan '12, 05:04
The same settings you need to capture any other type of traffic; the only way the protocol would matter when capturing traffic would be if you were using a capture filter. The Wireshark dissector for MMS expects it to run atop the OSI Connection-Oriented Transport Protocol (COTP), and that's expected to run atop the OSI Connectionless Network Protocol, the TPKT protocol atop TCP, X.25, or IPv4/IPv6. If you're using a capture filter, it would have to be one that would see the traffic with whatever encapsulation is being used.
Note, however, that just because Wireshark captures a particular protocol, that doesn't mean it'll recognize the traffic as being that protocol. If you're not seeing that traffic in Wireshark, it might be because it's not recognizing the MMS traffic; see, for example, this other question wherein somebody wasn't seeing MMS traffic when they should have been - the problem was that Wireshark didn't see the initiate-request and initiate-response packets so it didn't have enough context information to realize that the protocol running atop the OSI Presentation Protocol was MMS.
answered 20 Jan '12, 17:02
Guy Harris ♦♦