This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decode as Modbus/TCP problem

0

Hi, I am trying to analyze some Modbus/TCP traffic. I am using ports other than standard 502. When trying to use Decode As only about halp of packets are marked as Modbus even though I chose both directions in Decode As window. Also there is no possibility to add additional ports to Modbus in Edit->Preferences->Protocols. Any help would be appreciated.

asked 14 Nov '14, 11:25

ciupol's gravatar image

ciupol
11112
accept rate: 0%


One Answer:

0

Worst case you could modify the capture file and replace your port with the standard port... e.g using TraceWrangler with a Anonymization task where you disable every replacement setting except the TCP port replacement (or use bittwiste or tcprewrite). Maybe Wireshark will then decode everything as expected.

You could also open a bug report at bugs.wireshark.org, but it may take a while until the bug is fixed (if it is in fact a bug)

answered 14 Nov '14, 11:40

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%