Wireshark · Wireshark-users: Re: [Wireshark-users] Ethernet?IP

Wireshark-users: Re: [Wireshark-users] Ethernet?IP

From: Julian Fielding <jfielding@xxxxxxxxxxxxxxx>

Date: Thu, 23 Oct 2008 17:41:08 +0100

Works fine for me. My Wireshark is Version 1.0.2. I guess I should 
download the latest, but I don't think anything about enip or cip has been 
changed recently.

Your trace has two TCP conversations, each containing one ENIP session, 
each containing one CIP connection. The capturing computer (192.168.1.100) 
was talking to the device at 192.168.1.78, probably online with RSLogix 
5000. The Prosoft device at 192.168.1.69 was also talking to 192.168.1.78, 
using PCCC commands. The presence of that second conversation means your 
capture setup was probably good.

Stan Brown wrote on 23/10/2008 16:40:49:

> On Thu, Oct 23, 2008 at 04:20:25PM +0100, Julian Fielding wrote:
> > Bill Meier wrote on Thu, 23 Oct 2008 08:28:57 -0400
> > 
> Heer is the requested capture.
> 
> Thanks.

References:
- Re: [Wireshark-users] Ethernet?IP
  - From: stan

Prev by Date: Re: [Wireshark-users] Please help me :(
Next by Date: Re: [Wireshark-users] Please help me :(
Previous by thread: Re: [Wireshark-users] Ethernet?IP
Next by thread: [Wireshark-users] remote capture with a pipe: "unrecognized libpcap format"
Index(es):
- Date
- Thread