This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I am trying to analyze some Modbus/TCP traffic. I am using ports other than standard 502. When trying to use Decode As only about halp of packets are marked as Modbus even though I chose both directions in Decode As window. Also there is no possibility to add additional ports to Modbus in Edit->Preferences->Protocols. Any help would be appreciated.

asked 14 Nov '14, 11:25

ciupol's gravatar image

ciupol
11112
accept rate: 0%


Worst case you could modify the capture file and replace your port with the standard port... e.g using TraceWrangler with a Anonymization task where you disable every replacement setting except the TCP port replacement (or use bittwiste or tcprewrite). Maybe Wireshark will then decode everything as expected.

You could also open a bug report at bugs.wireshark.org, but it may take a while until the bug is fixed (if it is in fact a bug)

permanent link

answered 14 Nov '14, 11:40

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×89
×32
×16

question asked: 14 Nov '14, 11:25

question was seen: 2,879 times

last updated: 14 Nov '14, 11:40

p​o​w​e​r​e​d by O​S​Q​A