A complete reference for PROFINET ports — covering UDP 34962 (RT Unicast), UDP 34963 (RT Multicast), UDP 34964 (RPC Context Manager), UDP 49152, the Ethertype 0x8892 for cyclic I/O, MRP Ethertype 0x88E3, firewall rules, and Wireshark filters Introduction PROFINET ports are different from every other industrial protocol. Unlike Modbus (port 502), DNP3 (port 20000), or IEC 104 (port… Read More »
A practical reference for engineers covering every Modbus exception code (01, 02, 03, 04, 05, 06, 08, 0A, 0B) — what each code means, what causes it, how to fix it, and how to identify exception responses in Wireshark Introduction When a Modbus master sends a request to a slave, four things can happen: This article covers case… Read More »
OPC UA uses TCP port 4840 by default. This single port carries everything OPC UA does — discovery, session establishment, reading tags, writing values, subscriptions, method calls, and historical data access. Unlike OPC Classic (which used DCOM with dynamic port allocation and was a firewall nightmare), OPC UA uses one well-known port that works cleanly through NAT, proxies,… Read More »
You are developing a SCADA system, configuring a PLC, or building an HMI — but the field devices are not available yet. The energy meters, VFDs, temperature sensors, and I/O modules are still on order, or they are installed at a remote site you cannot access. A Modbus simulator solves this. It runs on your computer and pretends… Read More »
Every ASDU (Application Service Data Unit) in IEC 60870-5-104 contains a Type ID — a single byte that defines what kind of data the message carries. It tells the receiving station whether the message contains a single-point indication, a measured value, a command, a counter, or a system message. The Type ID is the first byte of every… Read More »
Every CIP device — whether it is an Allen-Bradley PLC, a variable frequency drive, a remote I/O module, or a safety controller — organizes its data using the same object model. Understanding this model is the key to configuring, programming, and troubleshooting any CIP-based device. CIP (Common Industrial Protocol) does not use register maps like Modbus. Instead, it… Read More »
EtherNet/IP (Ethernet Industrial Protocol) is the leading industrial Ethernet protocol in North America. It carries CIP (Common Industrial Protocol) messages over standard TCP/IP and UDP/IP. Wireshark fully decodes EtherNet/IP using two dissectors: EtherNet/IP uses two ports: This guide covers how to capture both traffic types, which display filters to use, how to decode CIP services and I/O connections,… Read More »
Wireshark is known as an Ethernet protocol analyzer. But it can also capture Modbus RTU traffic over RS-485 serial links — using a free extension called WiresharkSerialAdapter. This is not a built-in feature. Wireshark does not natively capture from COM ports. You need a USB-to-RS-485 adapter connected to the bus as a passive listener, plus the WiresharkSerialAdapter extension… Read More »
If you work with PLCs, VFDs, sensors, or any Modbus device, you know the pain. You need to check a register value. You need to write a coil. But your laptop is back at the office — or buried in your bag. Modbus Poll for Android solves that problem. It turns your phone into a Modbus master. Connect… Read More »
Industrial protocols are moving to TLS encryption. Modbus/TCP Security uses port 802. IEC 60870-5-104 over TLS uses port 19998. IEC 61850 MMS over TLS uses port 3782. OPC UA encrypts at the application layer. When encryption is enabled, Wireshark shows “Application Data” instead of decoded protocol fields. You can see that packets are flowing, but you cannot read… Read More »