This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

PLC tcp com to RFID Keepalive

0

Hi everybody.

I'm struggling to debug a communication between a AB plc and a feig RFID reader.

I'm trying to monitor the keep alive communication frames from a computer with wire shark connected to a hub between the PLC and the reader. But I only see the Creation of the socket...

If I communicate thru the pc interface where wire shark is recording to the reader I can see the keep alive frame. My aim is to determine which one of the Plc or the feig reader stops first to send the keep alive frames

asked 23 Aug '16, 13:45

Mikron's gravatar image

Mikron
6112
accept rate: 0%


One Answer:

0

Your hub is not a hub, but a switch. Therefore, once it learns the MAC addresses of the nodes involved the Ethernet frames only go between these ports, not the one you capture on. Get a proper switch with monitor port to capture this traffic, e.g. a network tap from dualcomm.

answered 23 Aug '16, 23:31

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

i used Center COM MR820TR Multiport Micro hub/repeater witch is a HUB i assume? Can't i do this with a hub?

(24 Aug '16, 00:48) Mikron

Make a test - if you have a LAN connection to the internet, connect one PC to it via the maybe-hub, use another PC to capture, and generate some traffic (open a web page). If you can see many packets in both directions, your device is a real hub and your issue comes from something else; if you can see just a single packet in each direction, it is a switch and you'll have to use something else.

If you don't have a LAN connection to the internet, try two PCs talking to each other (if both run Windows, it should be possible so set up at least a remote desktop session between them, if there is linux on at least one of them, ssh, telnet, ftp, ... should be fine) and use a third PC to capture that traffic.

(24 Aug '16, 01:21) sindy