Industrial Network Inspection / Analysis?

moistcat

Member
Join Date
Jun 2020
Location
Melbourne
Posts
53
Hi All,

I'm doing mainly PLC programming but dabbling in industrial networking.

I am investigating an intermittent communication fault between a AB 1756-L82E (v33) and a RTU. PLC executes EthernetI/P Explicit messaging instructions. I have enabled logging on the RTU, is there any way to capture message logs from the PLC side?

Question part 2:
The issue has occurred once in the last month, so I doubt i'm going to find anything, and my hunch is the RTU Ethernet port has frozen up, as this has happened at other sites. However I have an order to do some on site investigation, what are some valuable documents / findings I can produce as part of the exercise / report?

I'm sure this is an exercise network ppl go though all the time:
-Wireshark capture?
-Average traffic throughput?
-iperf?
-Scan with fluke cat6 tester?

Basically wanting to show I properly investigated the issue..

Interested to see what comes back!
 
You can use Wireshark but you need a managed switch with mirror port function to get the traffic between the PLC and the remote IO device. The Wireshark dissector for EtherNet/IP is great and usually provides a lot of good information, including decoding of error responses, so in many cases you do not need to check the specification to figure out the meaning.
 
Check if any new machinery was installed lately and if was where their power supply is wired from. Once had a network probs cos of new installations going too near of network cables. The thing was that the errors showed up only when the machine was started (startup current peak was much higher and thus also interference was much higher), not that often as it was normally running all the time.
 
Wireshark will show you WHAT happened, but it won't always show you why. Managed switches with port mirroring are one good way to get a trace; there are also dedicated ethernet taps you can use that provide everything going across one cable.


I'd strongly recommend checking all cables with a tester. Some switches have one built in, otherwise you might need to buy one or hire an IT firm. It's also important to check the configuration. If some devices are fixed at 100mbps instead of autonegotiate, you can have instances where there is a mismatch and they don't communicate well, especially if it's because of a bad cable.
 
Thanks @AlfredoQuintero, @TurpoUrpo, @mk42.

I'm sure its a rack mounted greyhound switch between them so ill be sure to bring my Hirschman cable and set up a mirror port.

All else fails i have some code where the RTU can reboot itself if the heartbeat isn't seen for x seconds..
 

Similar Topics

I'm a bit of a networking novice. (...and by "a bit", I mean a lot...) We are adding some production lines in a different building on the other...
Replies
1
Views
1,604
Hi All I would like to join our plant network to another workshop 'office' network (where i program). I'm not very clued up on the network side...
Replies
2
Views
1,559
Hi, I'm investigating into what is the proper way to design a factory machine network. My current understanding is that the machine-to-machine...
Replies
13
Views
3,571
Hi Team, I am looking at spec'ing an Advantech Industrial Managed Ethernet Switch in the design of our OEM equipment to talk EtherNetIP to the...
Replies
0
Views
1,654
Not a PLC specific question, but has to do with PLC network communications. I need to spec out network equipment for a distributed data center...
Replies
14
Views
3,929
Back
Top Bottom