CIP over Ethernet/IP on VMS -- 0x6a error when writing to a tag?

vorfeed

Member
V
Join Date
Jul 2008
Location
New Mexico, USA
Posts
19
Hi,

I've been writing a C program on OpenVMS AXP, to communicate with SoftLogix/1789-SIM module using CIP over Ethernet/IP. In order to do so, I ported the TuxEIP library to VMS. It works for reading tags, but when I try to write tags, I get back a status of 0x6a & header length of 0. The same TuxEIP code (and as far as I can tell, the same data over the wire) works fine on Linux; I'm not sure why it won't work on VMS. Please help if you can.

Here's the request, captured by ethereal; it should write a value of 2 to the tag "int".

Frame 95 (113 bytes on wire, 113 bytes captured)
Arrival Time: Jul 2, 2008 18:35:55.320729000
Time delta from previous packet: 0.622051000 seconds
Time since reference or first frame: 35.606019000 seconds
Frame Number: 95
Packet Length: 113 bytes
Capture Length: 113 bytes
Ethernet II, Src: aa:00:04:00:e8:2b, Dst: 00:04:23:07:e1:3a
Destination: 00:04:23:07:e1:3a (192.168.1.226)
Source: aa:00:04:00:e8:2b (192.168.1.17)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.17 (192.168.1.17), Dst Addr: 192.168.1.226 (192.168.1.226)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 99
Identification: 0x0fc2 (4034)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xaa8f (correct)
Source: 192.168.1.17 (192.168.1.17)
Destination: 192.168.1.226 (192.168.1.226)
Transmission Control Protocol, Src Port: 1578 (1578), Dst Port: 44818 (44818), Seq: 173, Ack: 152, Len: 59
Source port: 1578 (1578)
Destination port: 44818 (44818)
Sequence number: 173 (relative sequence number)
Next sequence number: 232 (relative sequence number)
Acknowledgement number: 152 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 33580
Checksum: 0x4966 (correct)
EtherNet/IP (Industrial Protocol), Session: 0x30020002, Send Unit Data
Encapsulation Header
Command: Send Unit Data (0x0070)
Length: 35
Session Handle: 0x30020002
Status: Success (0x00000000)
Sender Context: 0000000000000000
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 1
Item Count: 2
Type ID: Connected Address Item (0x00a1)
Length: 4
Connection Identifier: 0x00002501
Type ID: Connected Data Item (0x00b1)
Length: 15
Sequence Count: 0x0002
Common Industrial Protocol
Service: Unknown Service (4d) (Request)
0... .... = Request/Response: Request (0x00)
.100 1101 = Service: Unknown (0x4d)
Request Path Size: 3 (words)
Request Path: int
Extended Symbol Segment (0x91)
Data Size: 3
Data: int
Pad Byte (0x00)
Command Specific Data
Data: C200010002

0000 00 04 23 07 e1 3a aa 00 04 00 e8 2b 08 00 45 00 ..#..:.....+..E.
0010 00 63 0f c2 40 00 3c 06 aa 8f c0 a8 01 11 c0 a8 .c..@.<.........
0020 01 e2 06 2a af 12 5f 21 d1 76 a9 0f 4d 09 50 18 ...*.._!.v..M.P.
0030 83 2c 49 66 00 00 70 00 23 00 02 00 02 30 00 00 .,If..p.#....0..
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 01 00 02 00 a1 00 04 00 01 25 00 00 b1 00 ...........%....
0060 0f 00 02 00 4d 03 91 03 69 6e 74 00 c2 00 01 00 ....M...int.....
0070 02

And the response from SoftLogix:

Frame 96 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jul 2, 2008 18:35:55.321046000
Time delta from previous packet: 0.000317000 seconds
Time since reference or first frame: 35.606336000 seconds
Frame Number: 96
Packet Length: 78 bytes
Capture Length: 78 bytes
Ethernet II, Src: 00:04:23:07:e1:3a, Dst: aa:00:04:00:e8:2b
Destination: aa:00:04:00:e8:2b (192.168.1.17)
Source: 00:04:23:07:e1:3a (192.168.1.226)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.226 (192.168.1.226), Dst Addr: 192.168.1.17 (192.168.1.17)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x2663 (9827)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5011 (correct)
Source: 192.168.1.226 (192.168.1.226)
Destination: 192.168.1.17 (192.168.1.17)
Transmission Control Protocol, Src Port: 44818 (44818), Dst Port: 1578 (1578), Seq: 152, Ack: 232, Len: 24
Source port: 44818 (44818)
Destination port: 1578 (1578)
Sequence number: 152 (relative sequence number)
Next sequence number: 176 (relative sequence number)
Acknowledgement number: 232 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17289
Checksum: 0x2d8e (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 95
The RTT to ACK the segment was: 0.000317000 seconds
EtherNet/IP (Industrial Protocol), Session: 0x30020002, Send Unit Data
Encapsulation Header
Command: Send Unit Data (0x0070)
Length: 0
Session Handle: 0x30020002
Status: Unknown (0x0000006a)
Sender Context: 0000000000000000
Options: 0x00000000

0000 aa 00 04 00 e8 2b 00 04 23 07 e1 3a 08 00 45 00 .....+..#..:..E.
0010 00 40 26 63 40 00 80 06 50 11 c0 a8 01 e2 c0 a8 .@&[email protected].......
0020 01 11 af 12 06 2a a9 0f 4d 09 5f 21 d1 b1 50 18 .....*..M._!..P.
0030 43 89 2d 8e 00 00 70 00 00 00 02 00 02 30 6a 00 C.-...p......0j.
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............

They look the same to me... what's going on, here? Can anyone help me figure out what I'm doing wrong? Please help if you can, I'm pretty much stuck. Thanks in advance!
 
Last edited:
For comparison, here's a valid response and reply, which I get when I compile and run the same code from Linux:

Request:

Frame 81 (125 bytes on wire, 125 bytes captured)
Arrival Time: Jul 2, 2008 18:33:13.007447000
Time delta from previous packet: 0.000277000 seconds
Time since reference or first frame: 28.708962000 seconds
Frame Number: 81
Packet Length: 125 bytes
Capture Length: 125 bytes
Ethernet II, Src: 00:13:72:bf:63:47, Dst: 00:04:23:07:e1:3a
Destination: 00:04:23:07:e1:3a (192.168.1.226)
Source: 00:13:72:bf:63:47 (192.168.1.129)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.129 (192.168.1.129), Dst Addr: 192.168.1.226 (192.168.1.226)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 111
Identification: 0xbff3 (49139)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xf5e1 (correct)
Source: 192.168.1.129 (192.168.1.129)
Destination: 192.168.1.226 (192.168.1.226)
Transmission Control Protocol, Src Port: 44829 (44829), Dst Port: 44818 (44818), Seq: 173, Ack: 152, Len: 59
Source port: 44829 (44829)
Destination port: 44818 (44818)
Sequence number: 173 (relative sequence number)
Next sequence number: 232 (relative sequence number)
Acknowledgement number: 152 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5888 (scaled)
Checksum: 0x6d9a (correct)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 190414363, tsecr 1040054
SEQ/ACK analysis
This is an ACK to the segment in frame: 80
The RTT to ACK the segment was: 0.000277000 seconds
EtherNet/IP (Industrial Protocol), Session: 0xBC020002, Send Unit Data
Encapsulation Header
Command: Send Unit Data (0x0070)
Length: 35
Session Handle: 0xbc020002
Status: Success (0x00000000)
Sender Context: 0000000000000000
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 1
Item Count: 2
Type ID: Connected Address Item (0x00a1)
Length: 4
Connection Identifier: 0x00002301
Type ID: Connected Data Item (0x00b1)
Length: 15
Sequence Count: 0x0002
Common Industrial Protocol
Service: Unknown Service (4d) (Request)
0... .... = Request/Response: Request (0x00)
.100 1101 = Service: Unknown (0x4d)
Request Path Size: 3 (words)
Request Path: int
Extended Symbol Segment (0x91)
Data Size: 3
Data: int
Pad Byte (0x00)
Command Specific Data
Data: C200010002

0000 00 04 23 07 e1 3a 00 13 72 bf 63 47 08 00 45 00 ..#..:..r.cG..E.
0010 00 6f bf f3 40 00 40 06 f5 e1 c0 a8 01 81 c0 a8 .o..@.@.........
0020 01 e2 af 1d af 12 25 3f c2 a9 26 33 2b f2 80 18 ......%?..&3+...
0030 00 5c 6d 9a 00 00 01 01 08 0a 0b 59 7e 1b 00 0f .\m........Y~...
0040 de b6 70 00 23 00 02 00 02 bc 00 00 00 00 00 00 ..p.#...........
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 ................
0060 02 00 a1 00 04 00 01 23 00 00 b1 00 0f 00 02 00 .......#........
0070 4d 03 91 03 69 6e 74 00 c2 00 01 00 02 M...int......

Response:

Frame 82 (116 bytes on wire, 116 bytes captured)
Arrival Time: Jul 2, 2008 18:33:13.008038000
Time delta from previous packet: 0.000591000 seconds
Time since reference or first frame: 28.709553000 seconds
Frame Number: 82
Packet Length: 116 bytes
Capture Length: 116 bytes
Ethernet II, Src: 00:04:23:07:e1:3a, Dst: 00:13:72:bf:63:47
Destination: 00:13:72:bf:63:47 (192.168.1.129)
Source: 00:04:23:07:e1:3a (192.168.1.226)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.226 (192.168.1.226), Dst Addr: 192.168.1.129 (192.168.1.129)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 102
Identification: 0x2633 (9779)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4fab (correct)
Source: 192.168.1.226 (192.168.1.226)
Destination: 192.168.1.129 (192.168.1.129)
Transmission Control Protocol, Src Port: 44818 (44818), Dst Port: 44829 (44829), Seq: 152, Ack: 232, Len: 50
Source port: 44818 (44818)
Destination port: 44829 (44829)
Sequence number: 152 (relative sequence number)
Next sequence number: 202 (relative sequence number)
Acknowledgement number: 232 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17289
Checksum: 0x67d1 (correct)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1040054, tsecr 190414363
SEQ/ACK analysis
This is an ACK to the segment in frame: 81
The RTT to ACK the segment was: 0.000591000 seconds
EtherNet/IP (Industrial Protocol), Session: 0xBC020002, Send Unit Data
Encapsulation Header
Command: Send Unit Data (0x0070)
Length: 26
Session Handle: 0xbc020002
Status: Success (0x00000000)
Sender Context: 0000000000000000
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 0
Item Count: 2
Type ID: Connected Address Item (0x00a1)
Length: 4
Connection Identifier: 0x0819FA70
Type ID: Connected Data Item (0x00b1)
Length: 6
Sequence Count: 0x0002
Common Industrial Protocol
Service: Unknown Service (4d) (Response)
1... .... = Request/Response: Response (0x01)
.100 1101 = Service: Unknown (0x4d)
Status: Success
General Status: Success (0x00)
Additional Status Size: 0 (word)

0000 00 13 72 bf 63 47 00 04 23 07 e1 3a 08 00 45 00 ..r.cG..#..:..E.
0010 00 66 26 33 40 00 80 06 4f ab c0 a8 01 e2 c0 a8 .f&[email protected].......
0020 01 81 af 12 af 1d 26 33 2b f2 25 3f c2 e4 80 18 ......&3+.%?....
0030 43 89 67 d1 00 00 01 01 08 0a 00 0f de b6 0b 59 C.g............Y
0040 7e 1b 70 00 1a 00 02 00 02 bc 00 00 00 00 00 00 ~.p.............
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 02 00 a1 00 04 00 70 fa 19 08 b1 00 06 00 02 00 ......p.........
0070 cd 00 00 00 ....

Weird. I get a perfectly good response on Linux, but 0x6a on VMS! Any advice would really be appreciated!
 
It's possible that maybe the Connection Identifiers are mismatched from the CIP Forward Open messages? You have to use the Connection Identifier from the CIP Forward Open response "Originator to Target Network Connection ID" field.

I think that we would need to see those 2 messages to compare to the Tag request message to see if that is causing the problem.

This is just a guess. I've never seen the 0x6a error before.
 
Here's the Forward Open request (on VMS):

Frame 74 (142 bytes on wire, 142 bytes captured)
Arrival Time: Jul 2, 2008 18:35:48.529950000
Time delta from previous packet: 0.191575000 seconds
Time since reference or first frame: 28.815240000 seconds
Frame Number: 74
Packet Length: 142 bytes
Capture Length: 142 bytes
Ethernet II, Src: aa:00:04:00:e8:2b, Dst: 00:04:23:07:e1:3a
Destination: 00:04:23:07:e1:3a (192.168.1.226)
Source: aa:00:04:00:e8:2b (192.168.1.17)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.17 (192.168.1.17), Dst Addr: 192.168.1.226 (192.168.1.226)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 128
Identification: 0x0f4c (3916)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xaae8 (correct)
Source: 192.168.1.17 (192.168.1.17)
Destination: 192.168.1.226 (192.168.1.226)
Transmission Control Protocol, Src Port: 1578 (1578), Dst Port: 44818 (44818), Seq: 29, Ack: 29, Len: 88
Source port: 1578 (1578)
Destination port: 44818 (44818)
Sequence number: 29 (relative sequence number)
Next sequence number: 117 (relative sequence number)
Acknowledgement number: 29 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 33580
Checksum: 0x3b98 (correct)
EtherNet/IP (Industrial Protocol), Session: 0x30020002, Send RR Data
Encapsulation Header
Command: Send RR Data (0x006f)
Length: 64
Session Handle: 0x30020002
Status: Success (0x00000000)
Sender Context: 0000000000000000
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 1
Item Count: 2
Type ID: Null Address Item (0x0000)
Length: 0
Type ID: Unconnected Data Item (0x00b2)
Length: 48
Common Industrial Protocol
Service: Forward Open (Request)
0... .... = Request/Response: Request (0x00)
.101 0100 = Service: Forward Open (0x54)
Request Path Size: 2 (words)
Request Path: Connection Manager, Instance: 0x01
8-Bit Logical Class Segment (0x20)
Class: Connection Manager (0x06)
8-Bit Logical Instance Segment (0x24)
Instance: 0x01
Command Specific Data
Priority/Time_tick: 0x0A
Time-out_ticks: 5
Actual Time Out: 5120ms
O->T Network Connection ID: 0x00000000
T->O Network Connection ID: 0x00D7FBE8
Connection Serial Number: 0x09D4
Vendor ID: Unknown (0x0406)
Originator Serial Number: 0x12345678
Connection Timeout Multiplier: *8 (1)
Reserved Data
O->T RPI: 1000ms (0x000F4240)
O->T Network Connection Parameters: 0x43F8
0... .... .... .... = Owner: Exclusive (0)
.10. .... .... .... = Connection Type: Point to Point (2)
.... 00.. .... .... = Priority: Low Priority (0)
.... ..1. .... .... = Connection Size Type: Variable (1)
.... ...1 1111 1000 = Connection Size: 504
T->O RPI: 1ms (0x000003E8)
T->O Network Connection Parameters: 0x43F8
0... .... .... .... = Owner: Exclusive (0)
.10. .... .... .... = Connection Type: Point to Point (2)
.... 00.. .... .... = Priority: Low Priority (0)
.... ..1. .... .... = Connection Size Type: Variable (1)
.... ...1 1111 1000 = Connection Size: 504
Transport Type/Trigger: 0xA3
1... .... = Direction: Server (1)
.010 .... = Trigger: Application Object (2)
.... 0011 = Class: 3 (3)
Connection Path Size: 3 (words)
Connection Path: Port: 1, Address: 1, Message Router, Instance: 0x01
Port Segment: Port: 1, Address: 1
Port: 1
Extended Link Address: FALSE
Link Address: 1
8-Bit Logical Class Segment (0x20)
Class: Message Router (0x02)
8-Bit Logical Instance Segment (0x24)
Instance: 0x01

0000 00 04 23 07 e1 3a aa 00 04 00 e8 2b 08 00 45 00 ..#..:.....+..E.
0010 00 80 0f 4c 40 00 3c 06 aa e8 c0 a8 01 11 c0 a8 ...L@.<.........
0020 01 e2 06 2a af 12 5f 21 d0 e6 a9 0f 4c 8e 50 18 ...*.._!....L.P.
0030 83 2c 3b 98 00 00 6f 00 40 00 02 00 02 30 00 00 .,;[email protected]..
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 01 00 02 00 00 00 00 00 b2 00 30 00 54 02 ............0.T.
0060 20 06 24 01 0a 05 00 00 00 00 e8 fb d7 00 d4 09 .$.............
0070 06 04 78 56 34 12 01 00 00 00 40 42 0f 00 f8 43 [email protected]
0080 e8 03 00 00 f8 43 a3 03 01 01 20 02 24 01 .....C.... .$.
 
And the Forward Open reply:

Frame 75 (124 bytes on wire, 124 bytes captured)
Arrival Time: Jul 2, 2008 18:35:48.531896000
Time delta from previous packet: 0.001946000 seconds
Time since reference or first frame: 28.817186000 seconds
Frame Number: 75
Packet Length: 124 bytes
Capture Length: 124 bytes
Ethernet II, Src: 00:04:23:07:e1:3a, Dst: aa:00:04:00:e8:2b
Destination: aa:00:04:00:e8:2b (192.168.1.17)
Source: 00:04:23:07:e1:3a (192.168.1.226)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.226 (192.168.1.226), Dst Addr: 192.168.1.17 (192.168.1.17)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 110
Identification: 0x2661 (9825)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4fe5 (correct)
Source: 192.168.1.226 (192.168.1.226)
Destination: 192.168.1.17 (192.168.1.17)
Transmission Control Protocol, Src Port: 44818 (44818), Dst Port: 1578 (1578), Seq: 29, Ack: 117, Len: 70
Source port: 44818 (44818)
Destination port: 1578 (1578)
Sequence number: 29 (relative sequence number)
Next sequence number: 99 (relative sequence number)
Acknowledgement number: 117 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17404
Checksum: 0x2cff (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 74
The RTT to ACK the segment was: 0.001946000 seconds
EtherNet/IP (Industrial Protocol), Session: 0x30020002, Send RR Data
Encapsulation Header
Command: Send RR Data (0x006f)
Length: 46
Session Handle: 0x30020002
Status: Success (0x00000000)
Sender Context: 0000000000000000
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 1
Item Count: 2
Type ID: Null Address Item (0x0000)
Length: 0
Type ID: Unconnected Data Item (0x00b2)
Length: 30
Common Industrial Protocol
Service: Forward Open (Response)
1... .... = Request/Response: Response (0x01)
.101 0100 = Service: Forward Open (0x54)
Status: Success
General Status: Success (0x00)
Additional Status Size: 0 (word)
Command Specific data
O->T Network Connection ID: 0x00002501
T->O Network Connection ID: 0x00D7FBE8
Connection Serial Number: 0x09D4
Vendor ID: Unknown (0x0406)
Originator Serial Number: 0x12345678
O->T API: 1000ms (0x000F4240)
T->O API: 0ms (0x00000000)
Application Reply Size: 0 (words)
Reserved: 0x00

0000 aa 00 04 00 e8 2b 00 04 23 07 e1 3a 08 00 45 00 .....+..#..:..E.
0010 00 6e 26 61 40 00 80 06 4f e5 c0 a8 01 e2 c0 a8 .n&[email protected].......
0020 01 11 af 12 06 2a a9 0f 4c 8e 5f 21 d1 3e 50 18 .....*..L._!.>P.
0030 43 fc 2c ff 00 00 6f 00 2e 00 02 00 02 30 00 00 C.,...o......0..
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 01 00 02 00 00 00 00 00 b2 00 1e 00 d4 00 ................
0060 00 00 01 25 00 00 e8 fb d7 00 d4 09 06 04 78 56 ...%..........xV
0070 34 12 40 42 0f 00 00 00 00 00 00 00 4.@B........

It looks to me as if the O->T ID matches what I had in my earlier post.

Also, there's an interesting wrinkle: I was originally sending a Read Data message just before the Write Data one (so I could check the tag data type). I took this message out, just to simplify the problem, and now the Write Data message works as expected! Maybe there was something wrong with the message sequence, or...? If anyone has any thoughts, please let me know. For now, I'll just get by without the extra Read, and hope this 0x6a problem won't crop up again. Thanks for the help!
 
Are you incrementing the Sequence Count with every request you send?

Don't know. That's a weird one.

According to my EtherNet/IP specification, it says:

0x006A – 0xFFFF Reserved for future expansion (Products compliant with this specification shall not use command codes in this range)


 
cjh said:
Are you incrementing the Sequence Count with every request you send?

Don't know. That's a weird one.

According to my EtherNet/IP specification, it says:

0x006A – 0xFFFF Reserved for future expansion (Products compliant with this specification shall not use command codes in this range)
Click to expand...

I'm incrementing the Sequence Count -- it was 1 on the Read Data message, and then 2 for the subsequent Write message.

As for the 0x6a, the guy I talked to at Rockwell didn't know what it was, either, other than "reserved for future expansion". I wish I knew what was causing it!
 
vorfeed said:
Yes, I fixed it. I don't remember exactly what I did, though... that's what I get for not posting a followup when I figured it out, I guess.
Click to expand...

Thanks for you reply.
The reason I asked you is that I have a project to communicate OpenVMS ALPHA V8.3 with Allen Bradley PLC directly using CIP over Ethernet/IP.
I'm looking for some sort of software (including 3rd vendor's software package or application) to realize it.
Do you have information about it?
 
The Allen-Bradley scanner I developed for Vista Control Systems might be a good fit. You can find out about it here:
http://www.vista-control.com/scanners.htm

We'd be happy to send you a free demo disc with a temporary license for our product suite, so you can see if our scanner meets your needs. Please ask via the Information Request form on the website.

If that's not a good fit for you, TuxEIP is open source -- I'd be happy to send you the C code for the library, which includes support for MS Windows and OpenVMS & Itanium. You'll have to figure out how to use it and/or fix any bugs you find on your own, though, as I can't promise any support! :)
 

Similar Topics

H
Anybus Ethernet/IP Gateway - CIP Support?
Ok, you guys/girls, you are my last hope as I already tried their tech support who are probably correct on this matter but someone here might be...
Replies
4
Views
3,115
harryting
H
U
Micrologix 1400 to Watlow PM-6 Ethernet CIP
Hello all, I have been attempting on and off for over a week to read the temperature out of a Watlow PM-6 to a Micrologix 1400 over ethernet. I...
Replies
3
Views
9,238
unsunghippie
U
D
"EtherNet/IP" verses "TCIP/IP"
Presently have a scale equipment that has an "EtherNet/IP" module in it. Use that to have in on ethernet along with a A-B Control Logix and have...
Replies
10
Views
3,533
RussB
RussB
N
RSLinx CIP API (Ethernet/IP)
I am trying to develop the C++ application with RSLinx CIP API. This application will send the CIP message to CompactLogix via EtherNet/IP with...
Replies
3
Views
8,514
David.M.Lester
D
R
Allen Bradley Ethernet Protocol - CSP or CIP
We are developing an Ethernet device driver for the Allen Bradley SLC 5/05. We found a few documents in Allen Bradley's website, and also the...
Replies
5
Views
19,669
Archie
A
Back
Top Bottom