https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5923
Summary: Improve Modbus/TCP dissector
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mmann78@xxxxxxxxxxxx
Created an attachment (id=6344)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6344)
Modbus/TCP dissector update
Build Information:
Build Information:
Version 1.5.1PYRAMID_CIP (SVN Rev Unknown from unknown)
--
I made the following improvements to the Modbus/TCP dissector:
1. Implemented protocol to the latest specification (v1.1b). See
http://www.modbus.org/specs.php.
2. Upgraded to "tcp_dissect_pdus" instead of having the dissector do it
manually. This also provides TCP packet reassembly support.
3. Removed support for UDP port 502 because it's not supported by the protocol
specification. I believe "Decode As..." could be used in its place.
4. Added dissector support for the following function codes:
a) 8 - Diagnostics
b) 11 - Event Counter
c) 12 - Event Log
d) 43 - Encapsulation Transport (mostly for 43/14)
5. Removed support for function codes not in the protocol specification. None
of them were really being parsed, they just offered a "name" for the function
code.
6. Moved protocol #defines to header file for access from other dissectors. I
plan to have other dissectors use this, but one patch at a time.
7. Created "modbus" dissector that is accessible to other dissectors.
8. Renamed base "display filter name" to reflect PROTOABBREV.
Fuzztested with the attached files.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
