MQTT (MQ Telemetry Transport) is the most widely used protocol in industrial IoT. It connects sensors, PLCs, gateways, and edge devices to cloud platforms and SCADA historians using a lightweight publish/subscribe model over TCP. Wireshark fully decodes MQTT — every CONNECT, PUBLISH, SUBSCRIBE, and DISCONNECT message, including topic names, QoS levels, payloads, and client IDs — all in… Read More »
OPC UA (Unified Architecture) is the leading platform-independent protocol for industrial data exchange. It connects SCADA systems, MES platforms, HMI panels, historians, and cloud gateways to PLCs, DCS controllers, and edge devices. OPC UA uses the OPC Binary protocol over TCP on port 4840 (IANA registered as “opc.tcp”). Wireshark decodes every OPC UA service — OpenSecureChannel, CreateSession, Browse,… Read More »
DNP3 (Distributed Network Protocol 3.0) is the dominant SCADA protocol in North America for electric utilities, water systems, and oil and gas. It runs over TCP or UDP on port 20000. Wireshark fully decodes DNP3 — data link layer, transport layer, and application layer. You can see every function code, object group, data point index, quality flag, and… Read More »
Modbus TCP is one of the easiest protocols to analyze in Wireshark. It runs on TCP port 502, uses a simple request/response pattern, and Wireshark decodes every field — MBAP header, function code, register addresses, and data values — in plain text. But engineers still struggle with three things: finding the right display filters, understanding what a healthy… Read More »
Allen-Bradley CompactLogix and ControlLogix PLCs do not support Modbus TCP natively. Their primary protocol is EtherNet/IP. But in many industrial systems, you need to communicate with Modbus TCP devices — energy meters, VFDs, third-party sensors, or legacy equipment. Rockwell Automation provides a free solution: Modbus TCP Add-On Instructions (AOIs). These are pre-built function blocks you import into Studio… Read More »
Every PROFINET device comes with a GSD file. Without it, your PLC does not know the device exists. It cannot configure modules, exchange I/O data, or read diagnostics. GSD stands for General Station Description. In PROFINET, GSD files are written in XML format. The language used is called GSDML — General Station Description Markup Language. The file extension… Read More »
MMS (Manufacturing Message Specification) is the client/server protocol used by IEC 61850 for SCADA communication, reporting, control commands, and engineering access. It runs over TCP port 102. When an IED stops reporting to SCADA, when a control command fails, or when an MMS association does not establish — Wireshark is the first tool you reach for. But decoding… Read More »
The Siemens S7-1200 has built-in Modbus TCP support. No additional communication modules are needed. The CPU handles Modbus TCP natively through its PROFINET Ethernet port. You configure it using two instruction blocks in TIA Portal: A single S7-1200 can run both roles at the same time — serving data to SCADA while polling field devices. Despite the simplicity,… Read More »
Every piece of data in an IEC 61850 system lives inside a logical node. A circuit breaker position is inside XCBR. An overcurrent trip signal is inside PTOC. A voltage measurement is inside MMXU. A GOOSE control block is inside LLN0. Logical nodes are the building blocks of the IEC 61850 data model. They represent functions — not… Read More »
Every Modbus device comes with a register map. It is usually a table in the user manual or a separate PDF that lists all the data points the device makes available — voltages, currents, setpoints, alarms, status bits, and configuration parameters. Reading a register map sounds simple. But it is one of the most common sources of errors… Read More »