Capturing and analyzing Ethernet packets

In order to understand the Profinet traffic, it is useful to capture network packets and analyze them in a tool like Wireshark.


To install a relatively new Wireshark version on Ubuntu:

sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt -y install wireshark

In order to be able to capture packets you need to add yourself to the wireshark user group, or run the program as root:

sudo wireshark

For details on how to add yourself to the wireshark user group, see

Parsing Profinet data with Wireshark

It is possible to load a GSDML file into recent versions of Wireshark, for parsing the cyclic data. In the Wireshark menu, select Edit > Preferences > Protocols > PNIO. Enter the directory where you have your GSDML file.

For this functionality to work, the Wireshark capture must include the start-up sequence. When a packet is interpreted according to a GSDML file, the name of the GSDML file is displayed in the detail view of the packet.


When running on an embedded Linux board, it can be convenient to run without a graphical user interface. To capture packets for later display in Wireshark, use the tool tcpdump.

Install it, for example like:

sudo apt-get install tcpdump

Run it with:

sudo tcpdump -i enp0s31f6 -n -w outputfile.pcap

Use the -i argument to specify Ethernet interface.

Capturing packets on network

Profinet is a point-to-point protocol. If the Profinet controller or device software is running on your machine, you can use Wireshark (or tcpdump) directly to capture the packets.

If you would like to capture packets between other units (Profinet controllers/devices) you need special hardware to do the capturing. A network tap is a network switch with packet monitoring to send a copy of each packet to another Ethernet connector. Connect the tap on the network link between the IO-device and IO-controller. Connect the mirroring port to the machine where you run Wireshark or tcpdump.