1 | initial version |
For Modbus you can determine which is the client and which is the server by the source IP's of the requests and responses. A server is more than likely a PLC and an HMI more than likely a client. Some items, e.g. a SCADA system could be both, as a client to a PLC and as a server for handoff to other items, e.g. an HMI.
There is nothing else in the Modbus protocol that would allow you to determine specific about the devices, although some servers might map data such as hardware\software versions to specific registers, but that would be specific for that device and its configuration. Clients won't be sending anything that might identify them.
Other protocols, e.g. DNP3, do have protocol specific commands to obtain device information such as group 0 Device Attributes, but unless a master station issues a request for these values you won't see them in the traffic.