I have a couple of addresses in a PLC that I am writing to and reading from over Modbus TCP. However, the data itself is being sent on EGD. When I apply the filter for showing EGD, I can see the data packet (usually 88 bytes long) but I cannot make out anything of the content. Is there a way to dissect the contents of the data packet and verify that data I send from my system is actually being sent correctly by reading the contents of the data packet? In that case, how do I do that (which filter and preferences do I use)?

asked 19 Mar '13, 07:44

dvu86's gravatar image

dvu86
1111
accept rate: 0%


You have Modbus/TCP being transported over EGD? If that is the case, the EGD dissector only shows the data content, it doesn't do any further dissection or make it available for other dissectors to use, e.g. Modbus/TCP.

link

answered 19 Mar '13, 08:27

grahamb's gravatar image

grahamb ♦
8.7k224125
accept rate: 17%

It is the other way around. Modbus/TCP shows only the transmission log (requests, acks etc.) while the EGD dissector contains the data in a HEX form. This HEX "dump" contains data from all the addresses I am sending to, and I asked if there is a way to decode this message to something that makes sense to me. For example being able to make out which addresses in the PLC are referred to, and what value I sent to them. Is this possible?

To simplify it, the data type I am looking for is a float (32 bit). How can I filter this from the HEX message in WireShark?

(19 Mar '13, 08:33) dvu86

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

Modbus/TCP traffic is dissected to show all the data values as the protocol defines all the data types and the commands used to send them. EGD is a transport layer for the memory of a device and as such it's impossible to dissect unless you know the specific memory layout of the device transmitting the data.

(19 Mar '13, 10:07) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×374
×97
×16
×1

Asked: 19 Mar '13, 07:44

Seen: 940 times

Last updated: 19 Mar '13, 10:07

powered by OSQA