Wireshark-bugs: [Wireshark-bugs] [Bug 7902] New: Improved Dissection of Modbus/TCP messages and

Date: Mon, 22 Oct 2012 11:43:40 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7902

           Summary: Improved Dissection of Modbus/TCP messages and added
                    support for standard Modbus (encapsulated over TCP)
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: cbontje@xxxxxxxxx


Created attachment 9401
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9401
Diff/Patch file against SVN source tree retrieved Friday Oct 19

Build Information:
Version 1.9.0 (SVN Rev Unknown from unknown)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Oct 17 2012), with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Numerous Updates to support standard "Modbus RTU" messages and improved
decoding of Register response data.  This commit should be considered a
checkpoint, as I still have a few more register/response types to handle but
I've ran out of steam for now.  I have tried to make any modifications as clean
as possible but I'm not a developer by trade so I'm open to any suggestions for
improvements to the code.

- Some re-factoring to include support for serial Modbus RTU encapsulated in
TCP messages
- Minor text/syntax clean-up
- Include decoding of holding/input response register data
- Optionally decode holding/input registers as UINT16, UINT32, 32-bit Float
IEEE/Modicon
- Added various register address formatting options as "Raw", "Modicon
5-digit", "Modicon 6-digit"
- Added several user configuration options to handle the above options; Modbus
does not inherently specify many of the internal formatting options, so leave
it up to the user to choose how to format the responses.
- Added some extensive source comments to explain differences/similarities
between Modbus TCP and Modbus RTU messages as well as explain "Modicon vs. Raw"
register addressing.

I have attached an archive containing several pcap files showing examples of
many message types and showing how the decoding options work.

Please feel free to contact me if there are any questions!

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.