I have been using Wireshark 1.0.3 to capture Modbus TCP traffic. There are messages using service 43 (0x2b), Encapsulated Interface Transport, service 14 (0x0e) Read Device Identification.
The capture log does not identify the messages as Modbus/T, they are simply tagged as TCP.
7 0.020159 151.110.68.215 151.110.1.137 TCP tclprodebugger > asa-appl-proto [PSH, ACK] Seq=13 Ack=13 Win=65523 [TCP CHECKSUM INCORRECT] Len=11
8 0.031007 151.110.1.137 151.110.68.215 TCP asa-appl-proto > tclprodebugger [ACK] Seq=13 Ack=24 Win=511 Len=0
9 0.100040 151.110.1.137 151.110.68.215 TCP asa-appl-proto > tclprodebugger [PSH, ACK] Seq=13 Ack=24 Win=511 Len=30
0000 00 0c ce 94 e8 ff 00 1c 23 21 d9 ab 08 00 45 00 ........ #!....E.
0010 00 33 d5 99 40 00 80 06 af ee 97 6e 44 d7 97 6e .3..@... ...nD..n
0020 01 89 0a 10 01 f6 3b 1f 76 66 c9 f5 8d d2 50 18 ......;. vf....P.
0030 ff f3 75 62 00 00 00 02 00 00 00 05 01 2b 0e 04 ..ub.... .....+..
0040 04
0000 00 1c 23 21 d9 ab 00 0c ce 94 e8 ff 08 00 45 00 ..#!.... ......E.
0010 00 28 b2 af 40 00 3f 06 13 e4 97 6e 01 89 97 6e .(..@.?. ...n...n
0020 44 d7 01 f6 0a 10 c9 f5 8d d2 3b 1f 76 71 50 10 D....... ..;.vqP.
0030 01 ff 23 3a 00 00 00 00 00 00 00 00 ..#:.... ....
0000 00 1c 23 21 d9 ab 00 0c ce 94 e8 ff 08 00 45 00 ..#!.... ......E.
0010 00 46 b2 b0 40 00 3f 06 13 c5 97 6e 01 89 97 6e .F..@.?. ...n...n
0020 44 d7 01 f6 0a 10 c9 f5 8d d2 3b 1f 76 71 50 18 D....... ..;.vqP.
0030 01 ff c1 7b 00 00 00 02 00 00 00 18 01 2b 0e 04 ...{.... .....+..
0040 82 00 00 01 04 0e 4d 6f 74 6f 72 20 49 6e 73 69 ......Mo tor Insi
0050 67 68 74 00 ght.
It seems that the message is properly formatted, ultimately there is a correct response.
Does Wireshark not understand this service as part of the Modbus protocol?
.
Get more out of the Web. Learn 10 hidden secrets of Windows Live. Learn Now
|
