Re: capture traffic to PLC

[Marius-Simion Cristea <cristea12 () yahoo com>]

I've looked at the source mac, the source mac of the PLC appears in LLDP packets; i've connected also two other PC's 
and started a ping between them. The ICMP packet where captured by Wireshark, so I think that the HUB is really a HUB, 
any other idea about how to capture those PLC commands? 


----- Original Message -----
From: Shawn T Carroll <shawnthomascarroll () yahoo com>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Cc: Marius-Simion Cristea <cristea12 () yahoo com>; Community support list forWireshark <wireshark-users () wireshark 
org>
Sent: Saturday, April 21, 2012 10:32 PM
Subject: Re: [Wireshark-users] capture traffic to PLC

Look at the source Mac addresses you see, and don't see. That should indicate whether the hub is really a switch, OR 
that you're only seeing packets on one direction, but not the other.  Feel free to pull the "hub" out and test it 
separately if needed. 

Sent from a device that fits in my pocket and has no real keyboard.

On Apr 21, 2012, at 3:07 PM, Phil Paradis <phil.paradis () unitedtote com> wrote:

> Are you sure it's a hub and not a switch? I've seen so-called "hubs" that
> were actually switches.
>
> --
> Phil Paradis | Network Administrator | Churchill Downs, Inc. | 700 Central
> Ave | Louisville KY | +1 502 509 7445
>
>
>
> On 4/21/12 11:25 AM, "Marius-Simion Cristea" <cristea12 () yahoo com> wrote:
>
> > Hi,
> >
> > I want to capture the traffic (the commands) that are sent from a
> > SCALANCE touch panel emulator to a PLC. The configuration of my network
> > looks like this:
> >
> > Emulator---HUB---Scalance_Switch---PLC
> > |
> > PC (Wireshark)
> >
> > I'm giving commands to the PLC from the emulator, the PLC responds, but I
> > can't capture any of those commands using Wireshark, i'm seeing only ARP,
> > LLDP, PN-DCP packets and some other broadcast packets.
> >
> > Is it possible to capture those commands using Wireshark? if so, what am
> > I doing wrong? because, as far as I know the hub must send all the
> > packets that are meant for the PLC also to the PC.
> >
> > Thanks!
> > __________________________________________________________________________
> > _
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request () wireshark org?subject=unsubscribe
>
>
> This Churchill Downs Incorporated communication (including any attachments) is intended for the use of the intended 
> recipient(s) only and may contain information that is confidential, privileged or legally protected. Any unauthorized 
> use or dissemination of this communication is strictly prohibited. If you have received this communication in error, 
> please immediately notify the sender by return e-mail message and delete all copies of the original communication. 
> Thank you for your cooperation.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe