EtherNet/IP (Ethernet Industrial Protocol) is the leading industrial Ethernet protocol in North America. It carries CIP (Common Industrial Protocol) messages over standard TCP/IP and UDP/IP. Wireshark fully decodes EtherNet/IP using two dissectors: EtherNet/IP uses two ports: This guide covers how to capture both traffic types, which display filters to use, how to decode CIP services and I/O connections,… Read More »
Wireshark is known as an Ethernet protocol analyzer. But it can also capture Modbus RTU traffic over RS-485 serial links — using a free extension called WiresharkSerialAdapter. This is not a built-in feature. Wireshark does not natively capture from COM ports. You need a USB-to-RS-485 adapter connected to the bus as a passive listener, plus the WiresharkSerialAdapter extension… Read More »
If you work with PLCs, VFDs, sensors, or any Modbus device, you know the pain. You need to check a register value. You need to write a coil. But your laptop is back at the office — or buried in your bag. Modbus Poll for Android solves that problem. It turns your phone into a Modbus master. Connect… Read More »
Industrial protocols are moving to TLS encryption. Modbus/TCP Security uses port 802. IEC 60870-5-104 over TLS uses port 19998. IEC 61850 MMS over TLS uses port 3782. OPC UA encrypts at the application layer. When encryption is enabled, Wireshark shows “Application Data” instead of decoded protocol fields. You can see that packets are flowing, but you cannot read… Read More »
PROFINET is one protocol — not three. But it comes in four conformance classes that define what a device can do, how fast it communicates, and what network infrastructure it needs. Engineers often confuse PROFINET RT, PROFINET IRT, and PROFINET IO as separate protocols. They are not. They are all part of PROFINET IO, defined in IEC 61158… Read More »
PROFINET is the default communication protocol on every Siemens S7-1200 and S7-1500 PLC. The PROFINET interface is built into the CPU — no extra modules needed. But setting up a PROFINET network in TIA Portal involves several steps that must happen in the right order. You need to install the GSD file, add the IO-Device to the network,… Read More »
PROFINET and EtherNet/IP are the two largest Industrial Ethernet protocols in the world. Together they account for over 60% of all new industrial Ethernet nodes installed each year. Both run on standard Ethernet hardware — same cables, same connectors, same switches. But the similarity ends at the physical layer. Above Layer 2, they use completely different protocol stacks,… Read More »
PROFINET traffic does not use TCP/IP for cyclic I/O data. It runs directly on Ethernet Layer 2 with EtherType 0x8892. This means you cannot capture it with a TCP port filter — you need to capture all Ethernet traffic on the interface and then filter in Wireshark. Wireshark fully decodes PROFINET using several dissectors: This guide covers how… Read More »
MQTT (MQ Telemetry Transport) is the most widely used protocol in industrial IoT. It connects sensors, PLCs, gateways, and edge devices to cloud platforms and SCADA historians using a lightweight publish/subscribe model over TCP. Wireshark fully decodes MQTT — every CONNECT, PUBLISH, SUBSCRIBE, and DISCONNECT message, including topic names, QoS levels, payloads, and client IDs — all in… Read More »
OPC UA (Unified Architecture) is the leading platform-independent protocol for industrial data exchange. It connects SCADA systems, MES platforms, HMI panels, historians, and cloud gateways to PLCs, DCS controllers, and edge devices. OPC UA uses the OPC Binary protocol over TCP on port 4840 (IANA registered as “opc.tcp”). Wireshark decodes every OPC UA service — OpenSecureChannel, CreateSession, Browse,… Read More »