I need a tool to log Ethernet based Modbus TCP transactions to/from a specific IP address different than the PC running Wireshark. Can I do this with Wireshark and can you point me to someone that can push me off in the right direction after I've downloaded Wireshark? asked 23 Nov '10, 14:43  chuckh |
2 Answers:
First step - capture some traffic - ya gotta be in the path somewhere to capture it. Then... look at it - does Wireshark dissect it (there is a Modbus dissector - mbtcp I think). Here's a nifty doc showing a group who used Wireshark to analyze malicious Modbus/TCP traffic. http://critis08.dia.uniroma3.it/pdf/CRITIS_08_26.pdf answered 23 Nov '10, 18:53  lchappell ♦ |
I'm no expert, but I'll give it a shot. I think you need a network adapter that supports promiscuous mode. If you have that capability, I think you should be able to accomplish what you want. You can download WinPCap for free if your driver doesn't have promiscuous mode. answered 23 Nov '10, 16:56  ActualRandy |
