How to decode packets using ip.addr == and data.len > 0?

asked 2018-06-11 16:30:55 +0000

Pureenergyz

updated 2018-06-12 15:48:05 +0000

How do I decode the packets using ip.addr == and data.len > 0? Capturing packets from a building automation controller and want to see the values captured such as point ID and value (space temperature). Packets are already captured.

answered 2018-06-11 21:48:01 +0000

Bob Jones

Decoding is by protocol, but no idea what building automation protocol you are actually using. If one exists, you might be in good shape.

But, unfortunately, if Wireshark does support the protocol, but isn't recognizing those packets as being packets for that protocol, there's no way to say "decode all packets to or from this IP address as being for that protocol". You could do it based on the TCP or UDP port, however, using the "Decode As" menu item.

Guy Harris ( 2018-06-12 01:25:59 +0000 )

Asked: 2018-06-11 16:30:55 +0000

Seen: 34 times

Last updated: Jun 12