Siemens PLC Packets - Showing COTP instead of S7COMM [closed]

asked 2021-11-24 09:59:49 +0000

Hi, my Wireshark displays the Siemens PLC communication (with HMI) packets as COTP instead of S7COMM. How can I see the packets in S7COMM format?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Muhammed Sajid
close date 2021-12-02 09:39:23.622139

Comments

Looking forward to the answers, please...

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-11-25 13:07:57 +0000 )edit

There are S7COMM Sample Captures on the Wireshark wiki that contain both COTP and S7COMM frames.
If those display properly for you then maybe an issue with your capture files. If they don't display, we can dig into what needs to be configured for your instance of Wireshark.

Chuckc gravatar imageChuckc ( 2021-11-29 21:27:34 +0000 )edit

Hi Chucks. Thanks for attending to this question. I think the captured packets are good. the issue is with the configuration/setting in my Wireshark. I can see the protocol as S7COMM when I open this Wireshark backup from another PC.

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-11-30 04:16:07 +0000 )edit

Are both systems running the same version of Wireshark?
Have you tried copying over a known good profile from the working system?

Chuckc gravatar imageChuckc ( 2021-11-30 20:13:36 +0000 )edit

Yes, both systems run the same version of Wireshark. It was displaying the protocol as S7COMM on my PC. I have made some changes in the Wireshark settings. The protocol displays as COTP instead of S7COMM after this change. Unfortunately, I cannot recall which settings I changed.

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-12-01 06:14:32 +0000 )edit

You could Export the profile from the working machine and Import it to the other system.
11.6. Configuration Profiles

Import
Profiles can be imported from zip-archives as well as directly from directory structures. Profiles, which already exist by name will be skipped, as well as profiles named "Default".
Export
Profiles can be exported to a zip-archive. Global profiles, as well as the default profile will be skipped during export. Profiles can be selected in the list individually and only the selected profiles will be exported
Chuckc gravatar imageChuckc ( 2021-12-02 00:13:36 +0000 )edit

Hi, this is working nice. Great & Thank You!

Muhammed Sajid gravatar imageMuhammed Sajid ( 2021-12-02 07:42:06 +0000 )edit