0

I’ve tapped into an RS-485 bus and dumped some data. I’d like to implement a strawman/MITM device to intercept the traffic and send commands independent of the existing master/slave.

Here are some screenshots of some logic samples I captured in Saleae Logic 2:

zoom 1

zoom 2

zoom 3

My problem is it doesn’t look like it’s framed properly. I’ve got the analyzer set to Modbus RTU master, 9600 baud, no parity bit, one stop bit.

Could anyone tell me if this looks correct or incorrect based on these screenshots? Is this Modbus protocol, or something different? Trying to see if I’m on the right path here. Thanks. Any additional info I’m happy to supply if requested.

Tried several different ways of applying analyzers trying to get a solid stream of info

Cal Howard
  • 1
  • Hello Cal, your traces do look like Modbus, but it's not easy to say from them if they are proper and glitch-free. Are you using [Seale's Modbus Analyzer](https://github.com/saleae/modbus-analyzer)? Do you have a good ground? Can you explain how are you tapping into the bus? For alternatives to your analyzer you can take a look at my answer [here](https://stackoverflow.com/questions/58276741/accessing-raw-bytes-in-pymodbus-transactions/58285359#58285359). If you are sure about the settings, sniffing with SeriaPCAP should be pretty easy. – Marcos G. Dec 22 '22 at 17:40
  • @MarcosG. Yes I’m using Saleae Logic 2. The circuit I’m breaching uses a USB cable. I’ve connected my probe wires from my analyzer to USB breakout boards— one male and one female— and simply connected up that way. I’m grounded using the (-) signal off the USB breakout (not the shield). – Cal Howard Dec 22 '22 at 18:42
  • Is the bus you are tapping two wires? if so you should go find your ground connection to the power supply of any device connected to the bus. This can be in practice more difficult than it seems depending on the isolation of the transceivers. I'm not sure I understand how you are wiring it, can you post the make and model of your USB to take a look at that (-) signal? Also, what devices are on the bus? are they PLCs, RTUs, sensors? – Marcos G. Dec 22 '22 at 19:00

0 Answers0