I have a wireshark capture in which a modbus master is requesting register values from a slave. I don't know how to determine which holding register addresses are being asked for.
This is what I copied from the capture (one transaction):
Frame 6: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Vmware_bb:13:9d (00:50:56:bb:13:9d), Dst: Cisco_9f:f0:01 (00:00:0c:9f:f0:01) Internet Protocol Version 4, Src: 10.11.112.203, Dst: 10.105.8.11 Transmission Control Protocol, Src Port: 55824, Dst Port: 502, Seq: 1, Ack: 1, Len: 12 Modbus/TCP Transaction Identifier: 32210 Protocol Identifier: 0 Length: 6 Unit Identifier: 1 Modbus .000 0011 = Function Code: Read Holding Registers (3) Reference Number: 8416 Word Count: 3
Thanks in advance for the help.
