Siemens PLC Packets - Showing COTP instead of S7COMM [closed]

asked 2021-11-24 09:59:49 +0000

Hi, my Wireshark displays the Siemens PLC communication (with HMI) packets as COTP instead of S7COMM. How can I see the packets in S7COMM format?

Looking forward to the answers, please...

Muhammed Sajid ( 2021-11-25 13:07:57 +0000 )

There are S7COMM Sample Captures on the Wireshark wiki that contain both COTP and S7COMM frames.
If those display properly for you then maybe an issue with your capture files. If they don't display, we can dig into what needs to be configured for your instance of Wireshark.

Chuckc ( 2021-11-29 21:27:34 +0000 )

Hi Chucks. Thanks for attending to this question. I think the captured packets are good. the issue is with the configuration/setting in my Wireshark. I can see the protocol as S7COMM when I open this Wireshark backup from another PC.

Muhammed Sajid ( 2021-11-30 04:16:07 +0000 )

Are both systems running the same version of Wireshark?
Have you tried copying over a known good profile from the working system?

Chuckc ( 2021-11-30 20:13:36 +0000 )

Yes, both systems run the same version of Wireshark. It was displaying the protocol as S7COMM on my PC. I have made some changes in the Wireshark settings. The protocol displays as COTP instead of S7COMM after this change. Unfortunately, I cannot recall which settings I changed.

Muhammed Sajid ( 2021-12-01 06:14:32 +0000 )