This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Response time with Ethernet/IP

0

How can I estimate the response time between a master controller and a slave?

asked 04 Dec '14, 04:23

Furio%20Buonopane's gravatar image

Furio Buonopane
6112
accept rate: 0%

2

Can you please add (much) more details?

  • What kind or "master controller" and "slave" are you talking about?
  • What kind of protocol are they using.
  • How do you define "response time" in your scenario?
(05 Dec '14, 10:33) Kurt Knochner ♦
1

The protocol is Ethernet/IP as in the question title. In this case the master initiates the request and the slave responds. I'm not sure if enip has request/response tracking and timing.

(05 Dec '14, 14:11) grahamb ♦
2

Ethernet and IP are two different protocols, neither of which have any concept of a "master" or a "slave".

Applications that run over IP can have that relationship, and Wireshark has several protocol-specific request/response time measuring logic, but the answer to the question depends on the protocol. Since both Ethernet and IP are stateless, they don't have the concept of a "session", or a "request", or a "response", thus there is nothing for Wireshark to calculate at that layer.

(05 Dec '14, 16:31) Quadratic

Thank you all for the quick responses. Ethernet/IP stands for Ethernet idustrial protocol and is based on a single protocol CIP (Common Industrial Protocol). My question is: is there any function in wireshark to calculate the time of sending and receiving packets between a master controller and a slave?

Thanks

Furio Buonopane

(06 Dec '14, 03:36) Furio Buonopane
1

When looking at the source code, there does not seem to be any Request / Response tracking in the CIP dissector allowing you to compute a time

(06 Dec '14, 05:47) Pascal Quantin

One Answer:

0

As I hinted and @Pascal Quantin confirmed, there is no request\response tracking in the CIP dissector. The best you can do is to filter the display to show only the communications to the specific slave you're interested in and then set the time display format to be "Seconds since last Displayed Packet". The time column will then show the delta time between the request and the response.

answered 06 Dec '14, 07:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Ok perfect thanks a lot! I entered the column for the delta time. Now, Can I export from wireshark only the delta time column?

(06 Dec '14, 07:38) Furio Buonopane

Sure: File -> Export Packet Dissections -> As .csv

With that, just make sure that column is in the time format you want when you save it, and that's how it'll appear in a comma-separated file.

(06 Dec '14, 08:27) Quadratic
1

Or use the -T fields -e frame.time_delta options along with other -e field.name options for any other required fields and using -E separator=xxx to control the field separator.

(06 Dec '14, 09:23) grahamb ♦