Wireshark is the tool I typically use when I want to look at Ethernet traffic. It is an open source software (free) package that captures ethernet traffic from one of your computers ports, and then displays the data. It has a number of protocol dissectors built in, so that you can understand the data. It includes HTTP, TCP, Profinet, just about everything I've ever thought of to check.
https://www.wireshark.org/
Part of the trick, though, is to GET the packets to which you want to listen to your PC. A normal switch will only send the packets where they need to go (from PLC to destination), and not anywhere else (your computer with wireshark). There are a few options available.
- Temporarily use an Ethernet Hub instead, which makes every device see all the traffic. Basically, it makes it as if you had one ethernet cable with many ends plugged into all the devices, instead of the standard 2 ended cable. Downside here is that the combined traffic between all the devices is limited to 100mbaud, whereas switches allows EACH device to do 100mbaud.
- If you have a managed switch with port mirroring, yo ucan use that function to assign one port to monitor another. Basically, the switch forwards any packets heading to port A to both port A & B.
- You can buy a passive ethernet tap, which is basically a 2 port device that reads the ethernet traffic going across it, and then forwards it to your computer, often over USB. Stick this between which ever devices you want to listen to.
- My PC has two different Ethernet interfaces, which means I can bridge them in windows, and then use it essentially the same as an Ethernet Tap.