Hidden packets?

[Sebbe 0]

Hi! Im trying to understand how two PLCs create a connection between eachother to be able to mimic it using my own code. Ive attached a screenshot from Wireshark on what information being sent between the two plcs. First i only have the PLC1 with IP: 192.168.250.2 connected. Its looking for the PLC2 with IP: 192.168.250.3 and continue to send ARPs until i connect PLC2. Between no. 5 and 6 (see attachment) i connected PLC2 and in some magical way PLC1 recognize that it have been connected and initiate the multicastgroup after which PLC2 start sending data. Is there some information i cant capture with Wireshark or how do they communicate their presence to eachother without using packets (some layer 1 thingy?)? Thanks in advance!

[PMCR 66]

Are you using a switch or a hub for snooping w/ wireshark? My guess is no. If you are using an unmanaged switch (a normal switch), then you will not be able to snoop the traffic between 1 PLC and another, except those packets with Broadcast IP addresses. Unmanaged switches 'remember' which IP addresses (or MAC addresses really) are attached to which ports, and direct the traffic to those ports by destination IP address. So, a packet from PLC 1 to PLC 2 that was not multicast would not be sent out the port that your computer was attached to. To snoop all packets, you need 1 of 2 things. 1. A good old fashoned Hub. 2. A managed switch programmed to send all traffic out a specific port (for snooping). It appears as though the protocol between the 2 PLCs is Ethernet/IP. Is this correct? If so, there is a lot of handshaking that goes on to establish a connection (TCP session, list services, register session, forward open), and then Implicit Messaging is used to communicate between the 2 devices. What is your end goal? PC to PLC on Ethernet/IP? Edited 19 Jan 2009 by PMCR

[Sebbe 0]

Its for a school project. Initially i just want a PLC to send an array to a PC that will store it in a database. Later i will try to produce some information in the computer and see if i can get the PLC to consume it. I am using an unmanaged switch and that would explain why i dont see all the packets being sent. I will get a hub to test with tomorrow. Thanks for the help!

[PMCR 66]

OK, now I understand. I would use the FINS protocol (published, documeted Omron Ethernet protocol) for you project, not Ethernet/IP. Ethernet/IP would add an unnecessary level of complexity. Your PC application should poll the PLC to determine when to store the data, and then read the data from the PLC to write to the database.

[Sebbe 0]

I tried to sniff the traffic using a hub today and I see what you mean with complexity. As im interested in learning more about EtherNet/IP and not under any particular timelimit im going to give it a try and see how far i can get. Thanks! /Sebbe