Hi, I am trying to analyze some Modbus/TCP traffic. I am using ports other than standard 502. When trying to use Decode As only about halp of packets are marked as Modbus even though I chose both directions in Decode As window. Also there is no possibility to add additional ports to Modbus in Edit->Preferences->Protocols. Any help would be appreciated.
asked 14 Nov '14, 11:25
Worst case you could modify the capture file and replace your port with the standard port... e.g using TraceWrangler with a Anonymization task where you disable every replacement setting except the TCP port replacement (or use bittwiste or tcprewrite). Maybe Wireshark will then decode everything as expected.
You could also open a bug report at bugs.wireshark.org, but it may take a while until the bug is fixed (if it is in fact a bug)
answered 14 Nov '14, 11:40