 | 1 | initial version |
There is a (hidden from the UI) display filter field dnp3.addr that is set for both the source and destination DNP3 addresses, so using that with the -T fields option you can dump out all the DNP3 addresses, e.g.
tshark -r my.pcapng -T fields -e dnp3.addr dnp3
which produces output like this:
1,100
100,1
1,200
200,1
This can then be post processed to get the unique addresses in a capture.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.