Modbus/TCP decoding "func 3" seems wrong
Hello. I am a novice WS user and I have an issue with the Modbus/TCP decoder that I can't figure out.
I send a function 3 (read holding registers), which gets transaction ID $0002 and asks for 24 bytes to be returned. send payload is: 00 02 00 00 00 06 01 03 03 84 00 0C
The response (per the decoder) is shown as function 24 (!), with transaction ID 512 ($0200).
It seems to ignore the first byte [00] and
interprets as: [00] 02 00 00 00 1B 01 03 18 (followed by 12 data bytes)
If I mouseover data bytes in the sent transaction, it shows the first 00 as mbtcp.trans_id which is correct.
If I mouseover the data bytes in the response, it shows [00] as tcp.payload, but mbtcp.trans_id is not displayed until the 02 byte, which seems wrong; it has skipped the 00 in the transaction ID!
If I disable the decoder and look at the raw bytes, they appear correct.
If I hack my code to add a dummy byte of A5 as the first byte in the payload, the decoder then displays the func 3 query and reply correctly.
showing spurious function code 24: https://www.dropbox.com/s/armxpv99pyg...
with A5 byte added at start of payload, no spurious function 24: https://www.dropbox.com/s/gb7484nwr8n...
Note: I am using the latest version of WS available from the Debian repo, but I see that is 2.6.8, which is not very new.
Upload the capture file to a public share, e.g. Google Drive, DropBox etc. and post a link to the file back here.
It would be helpful if that info was placed in the FAQs.