I need a tool to log Ethernet based Modbus TCP transactions to/from a specific IP address different than the PC running Wireshark. Can I do this with Wireshark and can you point me to someone that can push me off in the right direction after I've downloaded Wireshark?
asked 23 Nov '10, 14:43
First step - capture some traffic - ya gotta be in the path somewhere to capture it. Then... look at it - does Wireshark dissect it (there is a Modbus dissector - mbtcp I think).
Here's a nifty doc showing a group who used Wireshark to analyze malicious Modbus/TCP traffic.
answered 23 Nov '10, 18:53
I'm no expert, but I'll give it a shot. I think you need a network adapter that supports promiscuous mode. If you have that capability, I think you should be able to accomplish what you want. You can download WinPCap for free if your driver doesn't have promiscuous mode.
answered 23 Nov '10, 16:56