 | 1 | initial version |
The Wireshark dissector for Modbus will attempt to match up requests and responses using the Transaction ID (mbtcp.trans_id) in the header and then calculate the response time for you (modbus.response_time).
You can add both these values as columns (and any other dissected value) by right-clicking the value in the packet details pane and choosing "Apply as column".
If you want to export this elsewhere for analysis, then using tshark might help as it can output csv directly using the T fields -e <field name> -e <another field name> options, e.g.
tshark -r mycapturefile.pcapng -Y -T fields "-Eheader=y" "-Eseparator=," -e frame.number -e mbtcp.trans_id -e modbus.response_time
This gives an output like (for a capture with a single request and response):
frame.number,mbtcp.trans_id,modbus.response_time
1,136,
2,136,0.205042000
You can add more -e <field name> options as required, the name of the field is displayed in the status bar at the bottom of Wireshark when the field is selected in the packet details pane.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.