Wireshark
This free, open source tool is the de facto standard for network capture and analysis. It is heavily used by ODVA TSPs, HMS Networks, and the greater EtherNet/IP user base. Wireshark (www.wireshark.org) captures Ethernet traffic using your computers network interface card, and displays the contents in an intuitive fashion that allows for detailed analysis of the packets. Developers from HMS Networks have contributed to the EtherNet/IP dissectors (the analysis engine), and it is possible for users to create their own dissectors for their application data. The use of Wireshark is well documented, but there are a few good tips for EtherNet/IP testing that will help users get to the crucial information.
Use viewing filters “CIP” to see only EtherNet/IP traffic.
It is possible to filter by the HMS MAC ID. This will only show Ethernet messages with HMS devices as the source or destination “eth.addr[0:3] == 00:30:11”.
There are many other useful filters available on the Wireshark webpage.