I have a couple of addresses in a PLC that I am writing to and reading from over Modbus TCP. However, the data itself is being sent on EGD. When I apply the filter for showing EGD, I can see the data packet (usually 88 bytes long) but I cannot make out anything of the content. Is there a way to dissect the contents of the data packet and verify that data I send from my system is actually being sent correctly by reading the contents of the data packet? In that case, how do I do that (which filter and preferences do I use)? asked 19 Mar '13, 07:44 dvu86 |
One Answer:
You have Modbus/TCP being transported over EGD? If that is the case, the EGD dissector only shows the data content, it doesn't do any further dissection or make it available for other dissectors to use, e.g. Modbus/TCP. answered 19 Mar '13, 08:27 grahamb ♦ |
It is the other way around. Modbus/TCP shows only the transmission log (requests, acks etc.) while the EGD dissector contains the data in a HEX form. This HEX "dump" contains data from all the addresses I am sending to, and I asked if there is a way to decode this message to something that makes sense to me. For example being able to make out which addresses in the PLC are referred to, and what value I sent to them. Is this possible?
To simplify it, the data type I am looking for is a float (32 bit). How can I filter this from the HEX message in WireShark?
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.
Modbus/TCP traffic is dissected to show all the data values as the protocol defines all the data types and the commands used to send them. EGD is a transport layer for the memory of a device and as such it's impossible to dissect unless you know the specific memory layout of the device transmitting the data.