Wireshark Not Automatically Recognizing Some Modbus Traffic

asked 2022-06-17 14:38:15 +0000

What would cause Wireshark to not automatically recognize and decode Modbus TCP traffic? If I force it using Decode As and a port everything seems to look fine. The traffic appears to be compliant with the Modbus 1.1b specification.

answered 2022-06-17 18:24:43 +0000

The Modbus dissector is not heuristic so relies on traffic either running on the "standard" ports 502/tcp, 502/udp, 802/tls or the user configuring the dissector preferences for the port(s) actually used or using "Decode As..."

Asked: 2022-06-17 14:38:15 +0000

