Ask Your Question

Revision history [back]

Modbus TCP response timing


I'm new to Wireshark and have read some documentation, but have a hard time putting things together.

We recorded thousands of ModbusTCP frames between devices and would like to perform a timing analysis based on the transaction ID. I see that I can filter based on transaction ID using "mbtcp.trans_id" I could also filter based on source and destination IP. What I have a hard time to figure out is how could I put everything together in order to have stats for all the queries/response in order to figure out their timing, if there are any outstanding transaction or other issues.

We have a connection reset problem every few days between the devices and have a hard time figuring out the issue.

This questions partially answers a possible error, but it looks like they search for in flight queries by hand, could anyone help me with some clues about how to do that using the filters ?

Best regards