This is our old Q&A Site. Please post any new questions and answers at

Hello -- We have a server setup to act as three separate Modbus "slave servers". One uses the standard Modbus TCP port 502. The others use ports 503 and 504, respectively. When we use Wireshark to look at network traffic, it has no problem recognizing all port 502 traffic as Modbus TCP protocol. However, it does not recognize the other port traffic as Modbus TCP. Is there some "easy" way to configure Wireshark to see 502, 503, and 504 for Modbus TCP? Thanks for any ideas. Regards, Steve

asked 11 Sep '12, 13:11

sreiner's gravatar image

accept rate: 0%

You could select a packet of one of the flows on those ports and use the popup menu to choose "Decode As" -> "Transport" -> "Modbus/TCP".

permanent link

answered 11 Sep '12, 13:49

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%


any idea why "Modbus/TCP" is not listed when chosing "Decode As" -> "Transport"?? However, Modbus/TCP packets on port 502 are disected as "Modbus/TCP"

(Wireshark 1.10.7)

(22 May '14, 04:31) Alfonso

I'll just say "Decode As" ... does show Modbus/TCP for me in Wireshark-1.10.7. I'd suggest trying again. :)

(22 May '14, 05:55) Bill Meier ♦♦

Well, it does... I was doing "Decode As" on UDP packets. It shows up on TCP, though. What I was trying to decode is our Modbus/TCP broadcasted over UDP.

Thanks a lot.

(22 May '14, 06:44) Alfonso
(22 May '14, 06:51) Bill Meier ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 Sep '12, 13:11

question was seen: 5,712 times

last updated: 22 May '14, 06:51

p​o​w​e​r​e​d by O​S​Q​A