Wireshark-users: [Wireshark-users] help in capturing Modbus traffic
From: Niko Kozobolidis <kosma@xxxxxxxxxxxxx>
Date: Wed, 12 Mar 2008 17:09:49 -0700
Dear Wireshark-users:

Our Nicaraguan non-profit development organization is in the process of trying to determine a operator panel periodic freeze.  This operator panel receives instructions from a controller.  The operating panel and controller  automate the operations of a 930 kW small hydro plant that provides electricity to a number of rural towns and villages.

The representative of the control system in Finland indicates that we should tap directly into the cable that sends data back and forth between the AC800M controller and the 235 Operator Panel.  This is a special cable that has a female 9-pin RS-232 plug on one end and an RJ-45 male plug on the other end. A direct serial connection.  How can one capture Modbus traffic or in other words obtain a trace file from this serial connection?

The control system representative also says that the software must support “MODBUS” protocol.  When you open the Wireshark main page, and drop-down the HELP menu, there is a part of the HELP that gives a list of “ 911 protocols and packet types supported by Wireshark”.  On this list we find “MODBUS/TCP” but not “MODBUS”.   The representative from Finland thinks that “MODBUS” is different from “MODBUS/TCP”, and that we need Wireshark to support the “MODBUS” protocol to analyze the AC800M-to-Operator Panel traffic.  Is Modbus/Tcp different from Modbus and if so can wireshark capture traffic in the Modbus protocol or possibly translate from one protocol to the other?

Thank you for your help,

Cheers,

Niko

Niko Kozobolidis, P. Eng.
ATDER-BL