Ask Your Question

How to decode packets using ip.addr == and data.len > 0?

asked 2018-06-11 16:30:55 +0000

Pureenergyz gravatar image

updated 2018-06-12 15:48:05 +0000

How do I decode the packets using ip.addr == and data.len > 0? Capturing packets from a building automation controller and want to see the values captured such as point ID and value (space temperature). Packets are already captured.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-06-11 21:48:01 +0000

Bob Jones gravatar image

Decoding is by protocol, but no idea what building automation protocol you are actually using. If one exists, you might be in good shape.

edit flag offensive delete link more


But, unfortunately, if Wireshark does support the protocol, but isn't recognizing those packets as being packets for that protocol, there's no way to say "decode all packets to or from this IP address as being for that protocol". You could do it based on the TCP or UDP port, however, using the "Decode As" menu item.

Guy Harris gravatar imageGuy Harris ( 2018-06-12 01:25:59 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2018-06-11 16:30:55 +0000

Seen: 324 times

Last updated: Jun 12 '18