Hi, I need to capture and decode EGD (Ethernet Global Data,) exchanged between number of PLCs (non window machines). I tried to connect a laptop (window machine) with Window 7pro and Wireshark 1.12.5 to that EGD network switch of the PLCs and tried to capture the EGD message packs. I typed the IP of a PLC in Remote Interface under Interface management. But an error messaging is coming mentioned connection is refused. Kindly mention how I can collect the exchanged EGD message. Thanks and Regards, Sandeep Maitra asked 04 Jun '15, 05:09  san_mai |
One Answer:
The Remote Interface for Wireshark is for a remote host running rpcap, and your PLC's are unlikely to be running this. Instead you need to learn about capturing on a switched network, see the Wiki page on Ethernet Capture. What is the model of your switch? answered 04 Jun '15, 05:48  grahamb ♦ edited 09 Jun '15, 02:58 |
Dear Mr Graham, Thanks for replying. Other than Remote interface, is there any other way to capture EGD telegrams. Is there anything called EGD plugins which need to be installed separately!!
Regards, Sandeep Maitra
I think your conflating two things here, capturing and dissecting.
To capture, you must arrange for your capture interface to be able to see the traffic of interest. This is likely to involve spanning or mirroring a switch port in your environment.
To dissect, after you have a captured traffic of interest, you need a program with knowledge of the protocols involved. Fortunately, Wireshark is such a program, it has an egd dissector built-in that expects EGD traffic to be run over UDP on port 18246. If your EGD traffic is different you might need to use the "Decode As..." facility in Wireshark to cause the traffic to be dissected as EGD.
as @grahamb wrote: take a look at the "Ethernet Capture Setup" (link in his answer). In short: The easiest way would be a switch with port mirroring capabilities.