First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark Not Automatically Recognizing Some Modbus Traffic

  • retag add tags

What would cause Wireshark to not automatically recognize and decode Modbus TCP traffic? If I force it using Decode As and a port everything seems to look fine. The traffic appears to be compliant with the Modbus 1.1b specification.

Yangorang's avatar
1
Yangorang
asked 2022-06-17 14:38:15 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The Modbus dissector is not heuristic so relies on traffic either running on the "standard" ports 502/tcp, 502/udp, 802/tls or the user configuring the dissector preferences for the port(s) actually used or using "Decode As..."

grahamb's avatar
23.8k
grahamb
answered 2022-06-17 18:24:43 +0000, updated 2022-06-17 18:40:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer