Ken Roach
Lifetime Supporting Member + Moderator
I have been tinkering with a little DIY remote access stuff lately, prompted by some recommendations and challenges on this forum.
To my surprise, I discovered that it is trivial to install the open-source network scanner NMAP on a computer running OpenWRT, a Linux distribution specifically for small router applications.
One of the things I haven't figured out how to do with OpenWRT is is what the RSLinx Classic Help file refers to as "enable a directed broadcast", which would enable the EtherNet/IP driver to magically discover devices on the "private" side of the router with a broadcast CIP List Identity command.
But I found that with minimal command-line syntax memorization, NMAP does a fine job of discovering the A-B controllers on the network, at least the ones that are logically on the same subnet.
nmap 192.168.1.0/24 -p 80,2222,44818
That command returns, in a matter of just a few seconds, the IP addresses of every Rockwell Automation device on the network.
Rhetorically: if nmap can do this that fast, why does RSLinx Classic not have a similar feature to TCP-scan a subnet ?
Anyhow: if you find yourself without RSLinx someday, and need to find the Rockwell nodes on a network, consider making NMAP part of your toolkit.
To my surprise, I discovered that it is trivial to install the open-source network scanner NMAP on a computer running OpenWRT, a Linux distribution specifically for small router applications.
One of the things I haven't figured out how to do with OpenWRT is is what the RSLinx Classic Help file refers to as "enable a directed broadcast", which would enable the EtherNet/IP driver to magically discover devices on the "private" side of the router with a broadcast CIP List Identity command.
But I found that with minimal command-line syntax memorization, NMAP does a fine job of discovering the A-B controllers on the network, at least the ones that are logically on the same subnet.
nmap 192.168.1.0/24 -p 80,2222,44818
That command returns, in a matter of just a few seconds, the IP addresses of every Rockwell Automation device on the network.
Rhetorically: if nmap can do this that fast, why does RSLinx Classic not have a similar feature to TCP-scan a subnet ?
Anyhow: if you find yourself without RSLinx someday, and need to find the Rockwell nodes on a network, consider making NMAP part of your toolkit.
Code:
Connecting to [email protected]...
[email protected]'s password:
BusyBox v1.33.2 (2022-02-16 20:29:10 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.2, r16495-bf0c965af0
-----------------------------------------------------
root@OpenWrt:~# [COLOR="Red"][B]nmap 192.168.1.0/24 -p 80,2222,44818[/B][/COLOR]
Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-14 03:52 UTC
Nmap scan report for [COLOR="blue"]192.168.1.101[/COLOR]
Host is up (0.0016s latency).
PORT STATE SERVICE
80/tcp open http
2222/tcp closed EtherNetIP-1
44818/tcp open EtherNetIP-2
MAC Address: 00:00:BC:3A:91:23 (Rockwell Automation)
Nmap scan report for [COLOR="blue"]192.168.1.103[/COLOR]
Host is up (0.00088s latency).
PORT STATE SERVICE
80/tcp open http
2222/tcp closed EtherNetIP-1
44818/tcp open EtherNetIP-2
MAC Address: 00:00:BC:22:C1:92 (Rockwell Automation)
Nmap scan report for [COLOR="blue"]192.168.1.106
[/COLOR]Host is up (0.0019s latency).
PORT STATE SERVICE
80/tcp open http
2222/tcp closed EtherNetIP-1
44818/tcp open EtherNetIP-2
MAC Address: 00:00:BC:33:A8:09 (Rockwell Automation)
Nmap scan report for [COLOR="blue"]192.168.1.131[/COLOR]
Host is up (0.012s latency).
PORT STATE SERVICE
80/tcp open http
2222/tcp open EtherNetIP-1
44818/tcp open EtherNetIP-2
MAC Address: 00:00:BC:30:2F:7A (Rockwell Automation)
Nmap scan report for OpenWrt.lan ([COLOR="blue"]192.168.1.250[/COLOR])
Host is up (0.00021s latency).
PORT STATE SERVICE
80/tcp open http
2222/tcp closed EtherNetIP-1
44818/tcp closed EtherNetIP-2
Nmap done: 256 IP addresses (5 hosts up) scanned in 3.33 seconds
root@OpenWrt:~#
Last edited: