decode Modbus RTU data sent to Wonderware Intouch via UDP

I am having a hard time decoding Modbus RTU over UDP packets captured by wireshark, the goal is to decode the packet then develop an HMI application that can make meaning out of the request, since the person the pervious engineer is no more and no manuals.
I was tasked to do it as part of my interview test, i need assistant as am new to Modbus.
i have attached captured screenshots from wireshark
 

Attachments

Well the reason you're having trouble decoding Modbus RTU over UDP from these packets is probably because it's not Modbus RTU, or any other version of Modbus for that matter. Yes, it is UDP, and every packet is a broadcast. The UDP port used (4660) is a registered port with IANA and seems to be something called "smaclmgr".
http://tcp-udp-ports.com/port-4660.htm

What are the two devices involved in this communication?
 
Well the reason you're having trouble decoding Modbus RTU over UDP from these packets is probably because it's not Modbus RTU, or any other version of Modbus for that matter. Yes, it is UDP, and every packet is a broadcast. The UDP port used (4660) is a registered port with IANA and seems to be something called "smaclmgr".
http://tcp-udp-ports.com/port-4660.htm

What are the two devices involved in this communication?
Well the reason you're having trouble decoding Modbus RTU over UDP from these packets is probably because it's not Modbus RTU, or any other version of Modbus for that matter. Yes, it is UDP, and every packet is a broadcast. The UDP port used (4660) is a registered port with IANA and seems to be something called "smaclmgr".
http://tcp-udp-ports.com/port-4660.htm

What are the two devices involved in this communication?
there are 2 module of 16DI Version with IP 192.168.1.30, they both convert data from the various modbus acquisition unit( analog & digital) and broadcast it to Ethernet via UPD protocol.

if you look at the wireshark packet you will see an IP address 192.168.1.12, it's a Kinco HMI interface, it's gets information from the Ethernet switch and it's working properly, I have tried to understand how the device was able to decode the packets, with no luck, the person that set up the system is unreachable.
 

Attachments

thanks for your follow up and response, I really appreciate.
the Kinco model is MT4414TE, i also discovered that there is a CAN bus To Ethernet(UDP) converter board that converts all analog and digital data from various Modbus acquisition units and then convert it to Ethernet, i have tried to check if i can identify the converter, but am unable to.
 

Attachments

thanks for your follow up and response, I really appreciate.
the Kinco model is MT4414TE, i also discovered that there is a CAN bus To Ethernet(UDP) converter board that converts all analog and digital data from various Modbus acquisition units and then convert it to Ethernet, i have tried to check if i can identify the converter, but am unable to.
so am confused if its modbus packets or CAN
 
What makes you believe the Ethernet (UDP) converter board uses CAN?

Where do the RS-485 wires go that are connected to the acquisition modules?

From the online documentation (https://en.kinco.cn/Download/D_enUserManual/HMI/Kinco DTools User Manual.pdf), it seems the Ethernet port of the Kinco HMI supports only the following protocols:
Kinco
Modbus TCP
Omron CJ Series Ethernet(TCP)

Perhaps the packets you captured are the Kinco propriety protocol (as the other two supported protocols are explicitly TCP protocols, not UDP) and the Ethernet (UDP) converter board is a Modbus RTU to Kinco Ethernet converter.
 
What makes you believe the Ethernet (UDP) converter board uses CAN?

Where do the RS-485 wires go that are connected to the acquisition modules?

From the online documentation (https://en.kinco.cn/Download/D_enUserManual/HMI/Kinco DTools User Manual.pdf), it seems the Ethernet port of the Kinco HMI supports only the following protocols:
Kinco
Modbus TCP
Omron CJ Series Ethernet(TCP)

Perhaps the packets you captured are the Kinco propriety protocol (as the other two supported protocols are explicitly TCP protocols, not UDP) and the Ethernet (UDP) converter board is a Modbus RTU to Kinco Ethernet converter.
How do i know that the converter uses CAN?, i saw it in a note in the engineering room,
 
How do i know that the converter uses CAN?, i saw it in a note in the engineering room,
i have gone through the kinco manual you sent, but look at this https://www.kincoautomation.com/marketing/hmi/MT4000_Series/MT4414TE/
i followed the link that point to the manual, i noticed that there is a section for Field Bus Communication(CAN).
nevertheless i have started looking at kinco protocol, but they seems not to elaborate the way they encode messages.

am even more confused about the packets captured by wireshark, i doubt its modbus, because every modus request returns a response, and in this case there is no none.

i have spent a week plus trying to understand and decode the packets captured by wireshark, am currently exploring your suggestion about it being a kinco protocol.
your inputs is very much appreciated. thanks once again for your time
 
I am having a hard time decoding Modbus RTU over UDP packets captured by wireshark, the goal is to decode the packet then develop an HMI application that can make meaning out of the request, since the person the pervious engineer is no more and no manuals.
I was tasked to do it as part of my interview test, i need assistant as am new to Modbus.
i have attached captured screenshots from wireshark
Those are modbus function codes and wireshark knows about modbus, its also sending non modbus codes which could have been custom. . ..you can do this. Check modbus.org
 
Top