Hi all,
can someone help me in decoding the following packet(serial port outputted) sniffed from RSLINX talking to a PLC CONTROLLOGIX5563.
This is seen when the RSLINX queries the PLC for the first time. Hence this is the diagnostic packet. This matches the one given in the DF1 protocol manual from AB.com.
After that the command is 0x0b and FNC is 0x00. This means that CIP transaction has started .. right ?
please try to decode the following for me.
RSLINX to PLC
10 02 01 00 06 00 01 08 03 10 03 ed --> DIAGNOSTIC COMMAND
PLC TO RSL
10 06 ----> ACK
10 02 00 01 46 00 01 08 04 ee 34 95 01 00 0e 00 38 00 1c 70 31 41 6e 26 00 14 "1756-L63/A LOGIX5563" 10 03 60
what are the values after the TNS field (in RED) mean till the string data starts ? is it referring to the address and size as in manual ?
The confusion is further intensified by the following transaction that follows
RSLINX to PLC
10 06 10 02 00 00 0b 00 01 0c 00 00 52 02 06 24 01 06 9a 06 00 01 02 64 24 01 01 00 01 10 03 d5
PLC TO RSL
10 06 10 02 00 00 4b 00 01 0c 00 00 d2 00 01 02 18 03 01 00 10 03 b7
CAN ANYONE DECODE THESE ..
Someone said this is CIP in DF1.. is that true ? (0x0b and response 0x4b in command fields and 00 in FNC in both obscure packets)
Pls provide pointers atleast
there are more such transactions.. if needed will post more ..
PS- the numbers are in hex and matter in " " (double quotes) are strings returned (would have been unnecessarily obscured if i printed the corresponding hex values)
thanks in advance..
Ravi
can someone help me in decoding the following packet(serial port outputted) sniffed from RSLINX talking to a PLC CONTROLLOGIX5563.
This is seen when the RSLINX queries the PLC for the first time. Hence this is the diagnostic packet. This matches the one given in the DF1 protocol manual from AB.com.
After that the command is 0x0b and FNC is 0x00. This means that CIP transaction has started .. right ?
please try to decode the following for me.
RSLINX to PLC
10 02 01 00 06 00 01 08 03 10 03 ed --> DIAGNOSTIC COMMAND
PLC TO RSL
10 06 ----> ACK
10 02 00 01 46 00 01 08 04 ee 34 95 01 00 0e 00 38 00 1c 70 31 41 6e 26 00 14 "1756-L63/A LOGIX5563" 10 03 60
what are the values after the TNS field (in RED) mean till the string data starts ? is it referring to the address and size as in manual ?
The confusion is further intensified by the following transaction that follows
RSLINX to PLC
10 06 10 02 00 00 0b 00 01 0c 00 00 52 02 06 24 01 06 9a 06 00 01 02 64 24 01 01 00 01 10 03 d5
PLC TO RSL
10 06 10 02 00 00 4b 00 01 0c 00 00 d2 00 01 02 18 03 01 00 10 03 b7
CAN ANYONE DECODE THESE ..
Someone said this is CIP in DF1.. is that true ? (0x0b and response 0x4b in command fields and 00 in FNC in both obscure packets)
Pls provide pointers atleast
there are more such transactions.. if needed will post more ..
PS- the numbers are in hex and matter in " " (double quotes) are strings returned (would have been unnecessarily obscured if i printed the corresponding hex values)
thanks in advance..
Ravi
