This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Modbus RTU TCP/IP

0

I am a field service technician and I am wanting to capture Modbus RTU TCP/IP polls and responses on a SCADA network. I have downloaded the wireshark program and I am testing it on our in house network. I have another machine polling across the network using mod bus rtu tcp/ip polls and a end device is answering. I cannot see any of this communications going on.If I setup my machine to do the polling I can see the data request sent out and the data sent back from the end device.Am I missing something on the setup of winshark that is not allowing me to see the communications traffic of the other two devices?

asked 25 Mar '13, 10:32

Gage%20Man's gravatar image

Gage Man
11112
accept rate: 0%


One Answer:

2

First, make sure you are capturing in promiscuous mode, otherwise you will only see traffic to/from your PC. Promiscuous mode is set under Capture Options. It's enabled by default, so that is probably not the problem.

The cause of your problem is more likely that you are capturing on a switched network, so traffic between the two other systems is not transmitted out the switch port where your Wireshark PC is connected. See the Ethernet Capture Setup page of the Wireshark wiki for information on how to capture on a switched Ethernet network.

answered 25 Mar '13, 11:17

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%