Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] capture traffic to PLC

From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Thu, 26 Apr 2012 14:29:53 -0400
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>

From: "Marius-Simion Cristea" <cristea12@xxxxxxxxx>

Hi,

I want to capture the traffic (the commands) that are sent from a SCALANCE touch panel
emulator to a PLC. The configuration of my network looks like this:

Emulator---HUB---Scalance_Switch---PLC
  |
PC (Wireshark)

I'm giving commands to the PLC from the emulator, the PLC responds, but I can't capture any of those commands using Wireshark, i'm seeing only ARP, LLDP, PN-DCP packets and some
other broadcast packets.

Is it possible to capture those commands using Wireshark? if so, what am I doing wrong? because, as far as I know the hub must send all the packets that are meant for the PLC
also to the PC.

Thanks!

Maybe I am off but...

Instead of

Emulator---HUB---Scalance_Switch---PLC
  |
PC (Wireshark)

Go this route...
Drop an Ethernet hub between the Scalance_Switch and the PLC and sniff from that POV.
{ Of course making sure the PC w/Wireshark has a promiscuous NIC }

Emulator---HUB---Scalance_Switch---HUB---PLC
                                                           |
                                              PC (Wireshark)

No comments ?


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp