This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey everyone, complete newb here, hopefully someone can help.

I have a piece of equipment that's connected to my network. I know it's IP address, and I can filter results based on that IP, but I'm not sure how to decode the data. How can I tell how to do this?

I want to eventually control the equipment from my own software, not the (useless) software that was provided with the unit.

Any help is much appreciated

asked 16 Oct '14, 15:38

fcreight's gravatar image

fcreight
11113
accept rate: 0%


That's called protocol reverse engineering. Assuming Wireshark can't dissect the packets (or is not configured correctly for it) you'll have to go and look for outside technical information. For instance the manufacturers website may list standards or technologies used, which may indicate possible protocols. Finding forums on the device may give insights in what's in there. It comes down to correlating information to get ahead. You may run into roadblocks (like encryption for instance) which may make it hard, but not impossible. It just comes down to motivation.

permanent link

answered 17 Oct '14, 03:49

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks for your help Jaap. Since I can obtain the raw data, is there a way to test the packets with each protocol in Wireshark? Some of the data coming through is decoded, but other data typically looks like Morse Code. Sorry for my ignorance!

(17 Oct '14, 09:07) fcreight
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×178
×89
×6

question asked: 16 Oct '14, 15:38

question was seen: 2,202 times

last updated: 17 Oct '14, 09:07

p​o​w​e​r​e​d by O​S​Q​A