Are all systems attached at the same speed? A 10/100 hub is basically a 10 mbit hub and a 100 mbit hub connected by a bridge (2-port switch). So you will only be able to see the unicasts of the systems that are attached at the same speed as your wireshark PC.
So you might want to force the speed on the Wireshark PC to match the other ports.
Cheers,
Sake
On 23 apr 2012, at 10:47, Marius-Simion Cristea wrote:
> I've looked at the source mac, the source mac of the PLC appears in LLDP packets; i've connected also two other PC's and started a ping between them. The ICMP packet where captured by Wireshark, so I think that the HUB is really a HUB, any other idea about how to capture those PLC commands?
>
>
> ----- Original Message -----
> From: Shawn T Carroll <shawnthomascarroll@xxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Cc: Marius-Simion Cristea <cristea12@xxxxxxxxx>; Community support list forWireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Saturday, April 21, 2012 10:32 PM
> Subject: Re: [Wireshark-users] capture traffic to PLC
>
> Look at the source Mac addresses you see, and don't see. That should indicate whether the hub is really a switch, OR that you're only seeing packets on one direction, but not the other. Feel free to pull the "hub" out and test it separately if needed.
>
> Sent from a device that fits in my pocket and has no real keyboard.
>
> On Apr 21, 2012, at 3:07 PM, Phil Paradis <phil.paradis@xxxxxxxxxxxxxx> wrote:
>
>> Are you sure it's a hub and not a switch? I've seen so-called "hubs" that
>> were actually switches.
>>
>> --
>> Phil Paradis | Network Administrator | Churchill Downs, Inc. | 700 Central
>> Ave | Louisville KY | +1 502 509 7445
>>
>>
>>
>> On 4/21/12 11:25 AM, "Marius-Simion Cristea" <cristea12@xxxxxxxxx> wrote:
>>
>>> Hi,
>>>
>>> I want to capture the traffic (the commands) that are sent from a
>>> SCALANCE touch panel emulator to a PLC. The configuration of my network
>>> looks like this:
>>>
>>> Emulator---HUB---Scalance_Switch---PLC
>>> |
>>> PC (Wireshark)
>>>
>>> I'm giving commands to the PLC from the emulator, the PLC responds, but I
>>> can't capture any of those commands using Wireshark, i'm seeing only ARP,
>>> LLDP, PN-DCP packets and some other broadcast packets.
>>>
>>> Is it possible to capture those commands using Wireshark? if so, what am
>>> I doing wrong? because, as far as I know the hub must send all the
>>> packets that are meant for the PLC also to the PC.
>>>
>>> Thanks!
>>> __________________________________________________________________________
>>> _
>>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>>
>> This Churchill Downs Incorporated communication (including any attachments) is intended for the use of the intended recipient(s) only and may contain information that is confidential, privileged or legally protected. Any unauthorized use or dissemination of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by return e-mail message and delete all copies of the original communication. Thank you for your cooperation.
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
