Modbus sniffer?

hi all, i am trying to implement a modbus sniffer. you will wonder why. very simple. I have a heat pump (slave) that communicates in modbus with its lcd panel (master). I would like to fetch the machine data without adding a second master to the modbus network. I then bought a modbus tcp converter and put it as a client to the tcp listner on nodered. I see a lot of traffic coming. Do I find any projects ready to implement it? Can anyone help me? I would just like to read the answers the machine sends to the panel! thanks a lot

Hi, have you bit a tcp/serial converter? If yes...the serial si RS485? If must link a cable in parallel at the serial. If there Is a terminarono resistant you must put this at last device...(your converter.).

When you say "I see a lot of traffic coming", are you referring to what you see in the Debug pane?

If you have not done so already, I would recommend you install these Modbus nodes and then connect the modbus-read node and insert some values for Unit-Id (the slave address), Address (e.g. 123), etc. You will probably also have to configure your TCP converter as a server. In my case, I use an RS485 to USB adapter.

In modbus serial bus IS not possible have more master. If you sniffing a need a serial node on node-red.

Yes, the physical connections are working great. I have a converter connect as a last device with terminator. I configured the converter as tcp client to send tcp traffic to nodered IP.
On node red i create a TCP Listner to list all traffic. I need help to filter (for example) only response about specified register like temerature.. For now i isolated only byte refer to slave address and a byte about frame lenght..

Hi, i cannot configure the adapter to Server mode because in the modbus network there is another master (touch panel) that request consinuosly data to slave. I need to sniff and interpretate this traffic


I tried this on NR at one stage - but the sheer volume of data was so overwhelming it was very diffcult to do.

In the end as i have a number of different modbus devices that i wish to hack into and control i bit the bullet and purchased a hardware device

Very much worth it to cut down on the amount of effort and to properly format data etc


1 Like

For now I'm getting important results with wireshark. I hijacked the modbus tcp traffic to a listener on my pc and with wireshark i am analyzing the packet byte by byte.
I found that the data I want is in a response with funciont code 3, preceded by a request made in a certain way. How can I capture one packet, and if it meets a certain condition, capture the next one? In node red, of course: D

you could try node-red-contrib-pcap (node) - Node-RED which should be able to do the same as wireshark - but you will need to try to keep the selector tight so as not to flood the process with all the network traffic.

Unfortunately the installation of the module you recommended fails and I cannot find documentation. I am working on Hass IO.
What is the cleanest way to collect a TCP packet (currently I split it with buffer parse) and if some data match, I want to capture the next packet. I have identified the Funcion code 3 request packets where the first 10 registers are requested. The slave responds with the 10 registers. Subsequently, the next 10 registers are requested. The slave responds. I would like to associate the request and the response in a single payload (or packet) so I am able to understand the register number. Who helps me?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.