Hi, I want to analyze data packets in the network and retrieve all the TCP related parameters of a particular device and capture them into a file. asked 31 May '11, 13:25  Kumar |
One Answer:
Okay, that sounds exactly like what you can do with Wireshark: first, capture TCP packet data, second, analyze it. Or did you mean that you want to get stack parameters that are configured in the OS of a device? You might be able to extract or deduct some of them from packets you see (like TCP window scaling settings, with more or less accurate results/guesses), but it won't be the same like looking at the Windows registry or similar *nix stack parameter files. answered 31 May '11, 13:33  Jasper ♦♦ |
Thank you for your prompt reply. I have some more questions. Can you please provide me your mail id so that i can post them to your mail id.
Why not post them here? Others might be interested, too, and more users might add their ideas/wisdom to your questions :-)
For the captured "Modbus/TCP" packets, other details like "Frame 2976", "Internel Protocol"....etc are also displayed in the same "Modbus/TCP" packet. But i only need certain data in a packet. So is there any mechanism to modify source code of this dissector and capture only required parameters ?
I guess you could download the Wireshark source code and modify the ModBus/TCP dissector to skip displaying fields you do not like to be displayed. Capturing only required parameters is not an option since the capture process always records complete frames, including all checksums etc.
On the other hand - displaying more data than needed is usually not a problem - you might also try to display only the wanted details as additonal columns of the file list (right click on the according fields and select "appy as column").