Wireshark-users: Re: [Wireshark-users] help in capturing Modbus traffic

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 13 Mar 2008 01:20:57 +0100
Hi,

Looks like you'll need some passive tapping hardware and dedicated capture hardware to pull this one off. Then that capture tool must write a capture file in one of the many formats Wireshark understands. Then Wireshark needs to understand how to to read this information. the MODBUS part should be no problem, that is found in MODBUS/TCP as well, but the serial line protocol uses another envelope. That support has to be build in.

So, no 'off the shelf' solution this way.

Thanx,
Jaap

Niko Kozobolidis wrote:
Dear Wireshark-users:

Our Nicaraguan non-profit development organization is in the process of trying to determine a operator panel periodic freeze. This operator panel receives instructions from a controller. The operating panel and controller automate the operations of a 930 kW small hydro plant that provides electricity to a number of rural towns and villages.

The representative of the control system in Finland indicates that we should tap directly into the cable that sends data back and forth between the AC800M controller and the 235 Operator Panel. This is a special cable that has a female 9-pin RS-232 plug on one end and an RJ-45 male plug on the other end. A direct serial connection. How can one capture Modbus traffic or in other words obtain a trace file from this serial connection?

The control system representative also says that the software must support �MODBUS� protocol. When you open the Wireshark main page, and drop-down the HELP menu, there is a part of the HELP that gives a list of � 911 protocols and packet types supported by Wireshark�. On this list we find �MODBUS/TCP� but not �MODBUS�. The representative from Finland thinks that �MODBUS� is different from �MODBUS/TCP�, and that we need Wireshark to support the �MODBUS� protocol to analyze the AC800M-to-Operator Panel traffic. Is Modbus/Tcp different from Modbus and if so can wireshark capture traffic in the Modbus protocol or possibly translate from one protocol to the other?

Thank you for your help,

Cheers,

Niko

    *Niko Kozobolidis, P. Eng. *
    *ATDER-BL

*