Industrial protocols are moving to TLS encryption. Modbus/TCP Security uses port 802. IEC 60870-5-104 over TLS uses port 19998. IEC 61850 MMS over TLS uses port 3782. OPC UA encrypts at the application layer. When encryption is enabled, Wireshark shows “Application Data” instead of decoded protocol fields. You can see that packets are flowing, but you cannot read… Read More »
PROFINET is one protocol — not three. But it comes in four conformance classes that define what a device can do, how fast it communicates, and what network infrastructure it needs. Engineers often confuse PROFINET RT, PROFINET IRT, and PROFINET IO as separate protocols. They are not. They are all part of PROFINET IO, defined in IEC 61158… Read More »
PROFINET is the default communication protocol on every Siemens S7-1200 and S7-1500 PLC. The PROFINET interface is built into the CPU — no extra modules needed. But setting up a PROFINET network in TIA Portal involves several steps that must happen in the right order. You need to install the GSD file, add the IO-Device to the network,… Read More »
PROFINET and EtherNet/IP are the two largest Industrial Ethernet protocols in the world. Together they account for over 60% of all new industrial Ethernet nodes installed each year. Both run on standard Ethernet hardware — same cables, same connectors, same switches. But the similarity ends at the physical layer. Above Layer 2, they use completely different protocol stacks,… Read More »
PROFINET traffic does not use TCP/IP for cyclic I/O data. It runs directly on Ethernet Layer 2 with EtherType 0x8892. This means you cannot capture it with a TCP port filter — you need to capture all Ethernet traffic on the interface and then filter in Wireshark. Wireshark fully decodes PROFINET using several dissectors: This guide covers how… Read More »
MQTT (MQ Telemetry Transport) is the most widely used protocol in industrial IoT. It connects sensors, PLCs, gateways, and edge devices to cloud platforms and SCADA historians using a lightweight publish/subscribe model over TCP. Wireshark fully decodes MQTT — every CONNECT, PUBLISH, SUBSCRIBE, and DISCONNECT message, including topic names, QoS levels, payloads, and client IDs — all in… Read More »
OPC UA (Unified Architecture) is the leading platform-independent protocol for industrial data exchange. It connects SCADA systems, MES platforms, HMI panels, historians, and cloud gateways to PLCs, DCS controllers, and edge devices. OPC UA uses the OPC Binary protocol over TCP on port 4840 (IANA registered as “opc.tcp”). Wireshark decodes every OPC UA service — OpenSecureChannel, CreateSession, Browse,… Read More »
DNP3 (Distributed Network Protocol 3.0) is the dominant SCADA protocol in North America for electric utilities, water systems, and oil and gas. It runs over TCP or UDP on port 20000. Wireshark fully decodes DNP3 — data link layer, transport layer, and application layer. You can see every function code, object group, data point index, quality flag, and… Read More »
Modbus TCP is one of the easiest protocols to analyze in Wireshark. It runs on TCP port 502, uses a simple request/response pattern, and Wireshark decodes every field — MBAP header, function code, register addresses, and data values — in plain text. But engineers still struggle with three things: finding the right display filters, understanding what a healthy… Read More »
Allen-Bradley CompactLogix and ControlLogix PLCs do not support Modbus TCP natively. Their primary protocol is EtherNet/IP. But in many industrial systems, you need to communicate with Modbus TCP devices — energy meters, VFDs, third-party sensors, or legacy equipment. Rockwell Automation provides a free solution: Modbus TCP Add-On Instructions (AOIs). These are pre-built function blocks you import into Studio… Read More »