Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark can capture that traffic as long as your network adapter sees it and your capture filter isn't discarding it. See the Wireshark Wiki's "Ethernet capture setup" page for information on how to make sure you can see the Ethernet traffic you're trying to see.

The current Wireshark 3.2.x versions support dissecting EtherNet/IP traffic. Some older versions might not; I don't know what the first version of Wireshark was to support it.

Wireshark will recognize:

  • TCP and UDP traffic to and from port 44818;
  • TLS-over-TCP and DTLS-over-UDP traffic to and from port 2221;
  • UDP traffic to and from port 2222;

as EtherNet/IP traffic. (It will also recognize Ethernet traffic with a hex Ethernet type value of 0x80E1 as being Allen-Bradley EtherNet/IP Device Level Ring traffic.)

If the traffic is going to or from other ports, you will have to use Analyze > Decode As.... to force it to be dissected as EtherNet/IP.