Not seeing EtherNet/IP traffic

Hello. I want to analyze traffic using protocol Ethernet/Ip, but I don’t see anything ... Tell me WireShark can see such data? If so, what do you need to do in the settings so that everything is displayed? .. Thank you.

Wireshark can capture that traffic as long as your network adapter sees it and your capture filter isn't discarding it. See the Wireshark Wiki's "Ethernet capture setup" page for information on how to make sure you can see the Ethernet traffic you're trying to see.

The current Wireshark 3.2.x versions support dissecting EtherNet/IP traffic. Some older versions might not; I don't know what the first version of Wireshark was to support it.

Wireshark will recognize:

TCP and UDP traffic to and from port 44818;
TLS-over-TCP and DTLS-over-UDP traffic to and from port 2221;
UDP traffic to and from port 2222;

as EtherNet/IP traffic. (It will also recognize Ethernet traffic with a hex Ethernet type value of 0x80E1 as being Allen-Bradley EtherNet/IP Device Level Ring traffic.)

If the traffic is going to or from other ports, you will have to use Analyze > Decode As.... to force it to be dissected as EtherNet/IP.

19.9k

Guy Harris

answered 2020-05-25 05:32:43 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Not seeing EtherNet/IP traffic edit

Comments

1 Answer

Comments