This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Windows vs. Linux - difference in dissection of Profinet traffic

0

I'm opening the same pcap in windows and in linux, and I get different results. Protocol pn_rt / pn_io is shown in the linux version as fake-field-wrapper (DATA) and it is fully parsed in the windows version (both 2.0.1) any idea why it happens ?

asked 09 Aug '16, 00:40

kdani's gravatar image

kdani
26559
accept rate: 0%

edited 09 Aug '16, 02:27

grahamb's gravatar image

grahamb ♦
19.8k330206


2 Answers:

1

Profinet is dissected by a plugin, sounds as though the plugin isn't being loaded on Linux. Does the Profinet plugin show up in the Help -> About Wireshark -> Plugins list?

answered 09 Aug '16, 02:13

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

I think you got it right. checking.

(09 Aug '16, 03:11) kdani

1

This is most likely caused by different Wireshark profile settings, e.g. reassembly preferences. Can you create a new profile (meaning, Wireshark will run with default settings) on both systems and compare again? If the results are identical with brand new profiles, you have something that's different in your existing settings - otherwise it's really Wireshark that's doing something different.

answered 09 Aug '16, 01:03

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I've copied the preference file from the windows machine to the linux machine - same results. is there anything else ? I am installing a clean linux now to test a clean wireshark installation. will report soon.

(09 Aug '16, 01:26) kdani