This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How change sniffer port 2404 for IEC 60870-5-104 in Wireshark?

0

How change sniffer port 2404 for IEC 60870-5-104 in Wireshark? I need 5868 port.

asked 06 May '16, 01:42

Max123's gravatar image

Max123
6113
accept rate: 0%

edited 06 May '16, 02:08

Jaap's gravatar image

Jaap ♦
11.7k16101

One Answer:

0

It's hard coded into the dissector, in order to:

  • Dissect TCP payloads
  • Make distinction between source and destination

but you can use "decode as..." on the TCP payload and select 104apci to get the first item done. Yet src/dst distinction will fail, decoding 'dst' always (which is an understandable bug in the dissector).

answered 06 May '16, 02:08

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

If you can live without live capture, you may approach the problem from the other end and use TraceWrangler to pre-process your captures (replace the tcp/5868 port with tcp/2404 in all packets).

(06 May '16, 03:20) sindy

I've created a change that allows the source port to be set. This shall be available in the latest development builds and eventually in 2.2.x.

(11 May '16, 14:33) Jaap ♦