S7comm Communication between PLC300 and HMI

With the help of Wire shark, I intercept the communication between HMI and Plc300. I analyze the pcap file. With the help of so many articles and research, I am able to understand some part of the protocol. For example S7 protocol starts with an ID 0x32 which is known as protocol Id. Till now I am able to understand or decode many function codes like Job requests -

Job_request = """{ "00":"CPU_service", "f0":"setup_communication", "04":"Read_variable", "05":"Write_variable", "1a":"request_download", "1b":"download_block", "1c":"download_ended", "1d":"start_upload", "1e":"upload", "1f":"end_upload", "28":"plc_control", "29":"plc_stop"}"""

sub_block_types = """{ "08":"OB", "0a":"DB", "0b":"SDB", "0c":"FC", "0d":"SFC", "0e":"FB", "0f":"SFB"}"""

I extract the Raw data from the pcap file and my output is like this - ""320300001300000200dc00001e0000d800fb70700302070b0000000000d880000000003921002d9804ef6d80122c00000000000000901c031001010100001f0202040001210500140000019f003c01900027741553373330302f45543230304d2073746174696f6e5f310000504c435f31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005354455020372023202020202020202020202020202020200000d1cc3152481400000000""

As we know S7 protocol starts with Protocol id which is 0x32 and until 7070 I have all the encoding of function codes. They are mostly header fields.

Now my question is - I am stuck in a data field. I am not able to find anything how to find encoding for instruction in data field. Any help would be much appreciated. I want to know how to read what is inside the data field?

https://stackoverflow.com/questions/65376985/s7comm-communication-between-plc300-and-hmi December 20, 2020 at 12:44PM