Ask Your Question
0

Capturing Modbus RTU traffic with a USB-to-RS-485 converter

asked 2019-10-30 21:08:06 +0000

ABO gravatar image

updated 2019-10-31 02:03:16 +0000

Guy Harris gravatar image

Hi, I am trying to use Wireshark 3.0.6 to decode Modbus RTU frames using a USB to RS-485 converter.

What I want is analyze the Modbus RTU frames that pass on the RS-485 between a Master and a Slave. The USB-Converter is connected to a laptop with wireshark.

Sometime appear on the wireshark capture some Modbus RTU frames, but they seems full wrong.

Someone with experience about Modbus RTU capture on Wireshark could help me to find the right setup ?

edit retag flag offensive close merge delete

Comments

Presumably the USB-to-RS-485 converter appears as a serial port (COM: port on Windows, /dev/ttyXX port on UN*Xes such as Linux, *BSD, and macOS). What program is reading the frames from the serial port? Wireshark doesn't have built-in support for doing that.

Guy Harris gravatar imageGuy Harris ( 2019-10-31 02:02:40 +0000 )edit

Hi Guy, yes i am using under windows (COM port). So, I need to have another program in parallel of Wireshark to read the frames on the serial port? Which program can I use?

I used now Modbuspoll to communicate to the slave modbus and trying to sniff the messages with wireshark. The same result. The decoding of the messages Modbus looks wrong: it decodes a lot of CRC errors.

Guy, could you help me to obtain what I want? I would like to use wireashark like Modbus RS-485 analyzer of the traffic Modbus on the bus. Is there a way with Wireshark?

ABO gravatar imageABO ( 2019-10-31 08:30:37 +0000 )edit

I can't help with a Wireshark solution to your problem, but over in the automation world debugging serial communications comes up often:

http://www.plctalk.net/qanda/showthread.php?t=48875&highlight=modbus+rtu

The link contains several ideas on software to help with this type of analysis.

Bob Jones gravatar imageBob Jones ( 2019-10-31 12:25:21 +0000 )edit

So, I need to have another program in parallel of Wireshark to read the frames on the serial port?

Yes. Wireshark does not include any code to read any type of packets directly from a serial port, so if you're capturing Modbus frames on a COM port, you must already have installed some other program to do so - what program have you already installed?

Which program can I use?

What program are you using now? As I said, you can't do it using only Wireshark, so you must have added some other program.

I used now Modbuspoll to communicate to the slave modbus and trying to sniff the messages with wireshark.

By "Modbuspoll" do you mean "Modbus poll" or do you mean something else?

And how are you "trying to sniff the messages with wireshark"? Are you capturing on a device in Wireshark? If so, wha device are ...(more)

Guy Harris gravatar imageGuy Harris ( 2019-10-31 15:50:43 +0000 )edit

Yes. Wireshark does not include any code to read any type of packets directly from a serial port, so if you're capturing Modbus frames on a COM port, you must already have installed some other program to do so - what program have you already installed? Do you mean that I have to forget Wireshark for this purpose? Or that I need to use also some other program to permit Wireshark to do his work? What it is not clear to me till now is if wireshark can or not sniff Modbus messages.

By "Modbuspoll" do you mean "Modbus poll" or do you mean something else? Yes, I use "Modbus poll". But it is not what I want. Modbus poll can communicate like Master or Slave device. What I want is only sniff the Modbus Messages on the bus without taking action from the computer on the bus.

If so ...(more)

ABO gravatar imageABO ( 2019-10-31 19:12:22 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-11-03 11:29:27 +0000

grahamb gravatar image

Wireshark can dissect Modbus messages when they are transported over IP networks, and a convenient, but not free, way to do this is via an Ethernet to Serial device, e.g. this Lantronix adaptor.

Using a device such as this, which creates a virtual serial port on the Modbus "Master", the master communicates over IP to the adaptor which is then connected to the RS-485 bus. Wireshark can be run on the master to capture the traffic and dissect it. I do this several times a week.

If you just want to "sniff" the data on the RS-485 bus then both external hardware and software will be required. If suitable hardware could be located (commercial or even better open hardware) then the Wireshark extcap interface could be used to feed the traffic into Wireshark.

edit flag offensive delete link more

Comments

If suitable hardware could be located (commercial or even better open hardware) then the Wireshark extcap interface could be used to feed the traffic into Wireshark.

That would either require that the extcap program wrap the Modbus frames inside UDP-over-IP and use LINKTYPE_RAW as the link-ayer type or that a new LINKTYPE_/DLT_ value be assigned for Modbus RTU.

Guy Harris gravatar imageGuy Harris ( 2019-11-03 18:47:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-10-30 21:08:06 +0000

Seen: 80 times

Last updated: Nov 03