Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

does anyone know which higher protocol is used for this

A Web search I did for

logo 8 plc protocol

found https://www.promotic.eu/en/pmdoc/Subsystems/Comm/PLC/LOGO.htm, which indicates that they use a Siemens-designed protocol named "S7".

Wireshark supports dissecting that, but it might not automatically recognize it. It originally ran on top of the OSI Connection-Oriented Transport Protocol (ISO 8073), but it can also run on top of TCP, using the RFC 1006 protocol, which encapsulates ISO 8073 inside TCP. That's what https://www.promotic.eu/en/pmdoc/Subsystems/Comm/PmDrivers/PmS7.htm says it uses.

Wireshark also supports RFC 1006, but you may have to use "Decode As" to dissect that TCP stream as RFC 1006.