This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Profinet: PNIO-CM messages are not visible

0

Dear Sir/Madam,

I found the following problem, though i cannot find a possible solution to fix it. When trying to measure the startup of a Profinet Device, the IO controller will set a connection to the IO Device using application and communication relations. With the newest build of Wireshark (Version 1.10.2 (SVN Rev 51934 from /trunk-1.10)) and WinPcap 4.1.3 i cannot seem to measure these messages. Using another computer this works fine though... Is there a way to visualize these messages, or aren't these hidden at all? The used protocol is PNIO, and the corresponding frames are PNIO-CM frames, which is an underlying protocol using the Profinet IO Context Manager. I can see every PNIO frame on the network, just not the PNIO-CM frames.

What i already tried is the following:

*Reinstall wireshark with newest release and reinstall WinPcap aswell

*Clear all user preferences

*Measure with another computer (gave no problems)

Please note i did have to go into the registry and change some values to be able to visualize the VLAN tag in the Profinet (Industrial Ethernet) frames. This was completed without error.

asked 21 Oct '13, 04:41

Lique's gravatar image

Lique
16114
accept rate: 0%

One Answer:

1

*Measure with another computer (gave no problems)

O.K. so it must be related to that one system. And usually if you don't see some frames while capturing there is some security and/or network related software installed, that blocks those frames.

Please check, if any interfering software is installed on that system (like AV, IPS, IDS, Endpoint Security, VPN clients, Firewalls, etc.). If so, first try to disable it. If that does not help (sometimes disabling isn't enough), please uninstall the suspicious piece of software.

A few days ago, a user reported, that DNE Update caused problems with outgoing frames.

http://ask.wireshark.org/questions/26150/i-see-only-http11-200-ok-response-packets

So, please check any network related software as well.

Regards
Kurt

answered 21 Oct '13, 04:58

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 21 Oct '13, 04:59

Dear Kurt,

Disabling the Symantec Endpoint Protection did work indeed. I will try and find settings to let all Profinet messages pass through and post them here to help future problems

Kind Regards,

Thomas

(21 Oct '13, 05:11) Lique

Good and thanks for the updates on Symantec Endpoint!

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(21 Oct '13, 05:14) Kurt Knochner ♦

To allow the PNIO-CM messages through your symantec endpoint protection firewall, edit the following firewall rules:

Allow all traffic on UDP using remote & local ports 1212 (lupa), 34964 (profinet-cm), 49154 and 49155

alt text

Kind regards,

Thomas

(21 Oct '13, 06:11) Lique