Siemens PLC Packets - Showing COTP instead of S7COMM [closed]

Hi, my Wireshark displays the Siemens PLC communication (with HMI) packets as COTP instead of S7COMM. How can I see the packets in S7COMM format?

Muhammed Sajid's avatar
1
Muhammed Sajid
asked 2021-11-24 09:59:49 +0000
edit flag offensive 0 remove flag reopen merge delete

Closed for the following reason "the question is answered, right answer was accepted" by Muhammed Sajid 2021-12-02 09:39:23 +0000

Comments

Looking forward to the answers, please...

Muhammed Sajid's avatar Muhammed Sajid (2021-11-25 13:07:57 +0000) edit
more
  • delete

There are S7COMM Sample Captures on the Wireshark wiki that contain both COTP and S7COMM frames.
If those display properly for you then maybe an issue with your capture files. If they don't display, we can dig into what needs to be configured for your instance of Wireshark.

Chuckc's avatar Chuckc (2021-11-29 21:27:34 +0000) edit
more
  • delete

Hi Chucks. Thanks for attending to this question. I think the captured packets are good. the issue is with the configuration/setting in my Wireshark. I can see the protocol as S7COMM when I open this Wireshark backup from another PC.

Muhammed Sajid's avatar Muhammed Sajid (2021-11-30 04:16:07 +0000) edit
more
  • delete

Are both systems running the same version of Wireshark?
Have you tried copying over a known good profile from the working system?

Chuckc's avatar Chuckc (2021-11-30 20:13:36 +0000) edit
more
  • delete

Yes, both systems run the same version of Wireshark. It was displaying the protocol as S7COMM on my PC. I have made some changes in the Wireshark settings. The protocol displays as COTP instead of S7COMM after this change. Unfortunately, I cannot recall which settings I changed.

Muhammed Sajid's avatar Muhammed Sajid (2021-12-01 06:14:32 +0000) edit
more
  • delete
add a comment see more comments