Wireshark-dev: [Wireshark-dev] Developing a dissector for MODBUS-based protocol
From: "Barnes, Pat" <[email protected]>
Date: Mon, 23 Jun 2008 18:12:59 +1000

I'm looking to write a dissector for a protocol we're using. It uses the
MODBUS protocol - specifically the 'read-and-write multiple registers'
message type (0x17) - to implement an RPC-ish method.
(The write address represents the function, the written data represents
its parameters, and the read data represents its returned values)

The current modbus dissector is not suitable - it does not show the data
anywhere but in the raw output. I need to provide for example, the name
of the function in the packet summary, and the value of each parameter
by name in the detailed view.

My question is should I create the dissector as one that replaces mbtcp
(the modbus dissector), or as one that sits underneath mbtcp and
re-processes (and relabels) those modbus packets that it recognises?

Of course, I'm not really sure how to accomplish this second task, or
even really the first one. 
(I've read through
http://www.codeproject.com/KB/IP/custom_dissector.aspx and
http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html, and
have started 'tinkering' thus far)

Any advice you have would be welcome.

Patrick Barnes
Software Engineer
(02) 9848 3857
0410 751 044
Thales Australia

This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only.  Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.