This is a preview. You must login to view/edit this pcap.

O 1. 192.168.2.100 » 192.168.2.25 modbus/tcp query [ 1 pkt(s)]: trans: 0; unit: 255, func: 3: Read multiple registers.
O 2. 192.168.2.25 » 192.168.2.100 modbus/tcp response [ 1 pkt(s)]: trans: 0; unit: 255, func: 3: Read multiple registers.
O 3. 192.168.2.100 » 192.168.2.25 tcp 1129 > 502 [ACK] Seq=13 Ack=12 Win=64144 Len=0
O 4. 00:0e:8c:bb:1f:56 » ff:ff:ff:ff:ff:ff arp Who has 192.168.2.253? Tell 192.168.2.252
O 5. 192.168.2.100 » 192.168.2.25 modbus/tcp query [ 1 pkt(s)]: trans: 0; unit: 255, func: 3: Read multiple registers.

Here are some of things that registered users can do with this pcap:

  • Reorder packets
  • Fragment packets
  • Reassemble TCP streams
  • Rewrite TCP streams (over IPv4 and IPv6)
  • Extract embedded HTTP content
  • Convert any packet into a DoS generator