Siemens PLC Packets - Showing COTP instead of S7COMM [closed]

asked 2021-11-24 09:59:49 +0000

Hi, my Wireshark displays the Siemens PLC communication (with HMI) packets as COTP instead of S7COMM. How can I see the packets in S7COMM format?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Muhammed Sajid
close date 2021-12-02 09:39:23.622139


Looking forward to the answers, please...

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-11-25 13:07:57 +0000 )edit

There are S7COMM Sample Captures on the Wireshark wiki that contain both COTP and S7COMM frames.
If those display properly for you then maybe an issue with your capture files. If they don't display, we can dig into what needs to be configured for your instance of Wireshark.

Chuckc gravatar imageChuckc ( 2021-11-29 21:27:34 +0000 )edit

Hi Chucks. Thanks for attending to this question. I think the captured packets are good. the issue is with the configuration/setting in my Wireshark. I can see the protocol as S7COMM when I open this Wireshark backup from another PC.

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-11-30 04:16:07 +0000 )edit

Are both systems running the same version of Wireshark?
Have you tried copying over a known good profile from the working system?

Chuckc gravatar imageChuckc ( 2021-11-30 20:13:36 +0000 )edit

Yes, both systems run the same version of Wireshark. It was displaying the protocol as S7COMM on my PC. I have made some changes in the Wireshark settings. The protocol displays as COTP instead of S7COMM after this change. Unfortunately, I cannot recall which settings I changed.

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-12-01 06:14:32 +0000 )edit