The correct answer is C. Scanning Modbus Devices.

The scenario describes a targeted scan against a TCP service used by industrial controllers that support function-code exchanges for reading and writing memory/register areas. This directly maps to Modbus/TCP, which commonly runs on TCP port 502 and uses function codes to read coils, read registers, write coils, and write registers.

The referenced OT/ICS material identifies Modbus as a protocol used in industrial control systems and shows Modbus scanning examples such as modscan.py -a < target > -p 502 and modpoll -m tcp, including the use of Modbus function codes for reading input registers . Another reference also lists ICS reconnaissance using nmap -p 102,502 -sV < target_ip > and identifies port:502 modbus as a search pattern for Modbus servers commonly used in ICS environments .

Option A. Capturing Modbus/TCP traffic using Wireshark is incorrect because the scenario describes an active targeted scan, not passive packet capture.

Option B. Scanning Siemens SIMATIC S7 PLCs is incorrect because Siemens S7 communication is commonly associated with TCP port 102, not the Modbus function-code pattern described here.

Option C. Scanning Modbus Devices is correct because Modbus/TCP uses TCP port 502 and function codes for reading and writing industrial data.

Option D. Scanning Omron PLC Devices is incorrect because Omron PLC reconnaissance commonly involves protocols such as FINS, not the Modbus/TCP function-code behavior described.

Therefore, the best answer is C. Scanning Modbus Devices.