This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

RS485 to wifi adapter traffic capture

0

I have a RS485 to wifi adapter made by rheem (AKA Econet). It is assigned a WiFi IP of 192.168.1.75 by my ATT router. This device sends and receives data from a internet server (?) The computer running wireshark is connected to a ethernet port on the same router. I entered "host 192.168.1.75" as a filter and I see nothing but the occasional who has 192.168.1.75 issued by my router (?). I know the MAC address of this device if that's any help. I not sure what I expect to see but I do not think it send that much data. The baud rate is 38400. I determined by looking at the router NAT table it is sending data to 54.173.66.19 I changed the filter to 54.173.66.19 still nothing unless I open that IP in the computer browser then I see the trafic to the computer IP.

asked 12 May '16, 18:33

HVAC's gravatar image

HVAC
6113
accept rate: 0%

edited 12 May '16, 19:19


2 Answers:

0

RS485 adapters are a proprietary interface and thus not supported by PCAP so you cannot specify to capture on that interface.

The occasional "Who has 192.168.1.75" packet is the one you're capturing from either your local LAN or WiFi adapter.

answered 12 May '16, 23:04

wbenton's gravatar image

wbenton
29227
accept rate: 0%

0

It is not relevant to your issue that the box uses RS485 on its wired end. Please look around this Q&A site and the Wireshark wiki pages about capture setup on Ethernet and on WLAN to understand what are the constraints of capturing on these network types, what "monitoring mode" of WLAN capturing means and which hardware and operating systems support it, and how to handle decryption of WPA-encrypted wireless traffic.

Your issue is that you are capturing on wired Ethernet interface bridged (switched) with the WLAN on your AT&T router, so you can only see unicast packets for your PC and multicast/broadcast packets (such as the ARP request "Who has 192.168.1.75? Tell 192.168.1.1" you've seen), but no unicast traffic which your PC doesn't send or is not an intended recipient of.

If the Wiki pages mentioned above don't show you the way, come back and describe the hardware equipment of your PC (how many wired ethernet interfaces it has, whether it has a WLAN interface, what operating system do you use) to get a more detailed suggestion.

answered 14 May '16, 09:35

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%