ROS configuration steps:
1. WinBox logs in to ROS, open Tools-Packet Sniffer
General, the interface interface here should be selected correctly, and all packets will be lost first.
Streaming, select the tick before opening here, fill in your PC IP. Click Apply.
Open Wireshark on your PC, select the network port of your communication for the network card, the one with traffic is enough, click start. After saving, filter to get the desired data.
Practical wireshark filter rules
Filter IP
ip.src eq 192.168.1.1 or ip.dst eq 192.168.1.1
ip.addr eq 192.168.1.1 // Both source IP and destination IP can be displayed
Filter port tcp.port eq 80 // Display tcp.port == 80
no matter the port is source or target tcp.port eq 2722 tcp.port eq 80 or udp.port eq 80 tcp.dstport == 80 // Only display the target port 80 of the tcp protocol tcp.srcport == 80 // Only display the source port 80 of the tcp protocol udp.port eq 1500 0 filter port range tcp.port >= 1 and tcp.port <= 80 filter protocol Tcp, udp, arp, icmp, http, smtp, ftp, dns, msnms, ip, ssl, oicq, bootp exclude arp packets, such as !arp or not arp
Filter MAC
Ethernet header filter
eth.dst == A0:00:00:05:5:85 // filter target mac
eth.src eq A0:00:00:05:5:85 // filter source mac eth.dst==A0:00:00:05:5:
85
eth.dst==A0:00:00:05:5:85 eth.addr
eq A0:00:00:05:5:8 5 // Filter source MAC and target MAC are equal to A0:00:00:04:C5:84 less than < lt less than or equal to le equal to eq greater than gt greater than or equal to
ge
ranging
from
ne
http
mode
filtering
http.request.method == "GET"
http.request.method == "POST"
http.request.uri == "/img/logo-edu.gif"
http contains "GET"
http contains "HTTP/1."
// GET包
http.request.method == "GET" && http contains "Host: "
http.request.method == "GET" && http contains "User-Agent: "
// POST包
http.request.method == "POST" && http contains "Host: "
http.request.method == "POST" && http contains "User-Agent: "
// 响应包
http contains "HTTP/1.1 200 OK" && http contains "Content-Type: "
http contains "HTTP/1.0 200 OK" && http contains "Content-Type: " Content-Type:
must contain the following
DNS filtering
dns.qry.name == www.baidu.com