Allen-Bradley netstat?

sbagdon

Member
S
Join Date
Oct 2020
Location
Michigan
Posts
7
did a search, nothing came up...


Doing an audit, and looking for an active port-inventory, such as netstat... yet can't seem to find anything like that for our Allen-Bradleys.


Does such a thing exist, as netstat, in the plc world?


Thx!
 
sbagdon said:
did a search, nothing came up...


Doing an audit, and looking for an active port-inventory, such as netstat... yet can't seem to find anything like that for our Allen-Bradleys.


Does such a thing exist, as netstat, in the plc world?


Thx!
Click to expand...

A little more specific????? Would System Ferret do the trick? It reports all the Ethernet/IP devices on a network, but not specifically included in a PLC's I/O usage.
The other brute force method would be to look at the Web Page for the ethernet adapter, and print out the IP tables...ARP entries, etc.
 
There is no command-line interface to most PLCs, so no netstat "command." There might be something in the web pages, if the PLC has a server. I expect this will have to be done externally and empirically i.e. try to connect to each port of the PLC using UDP and TCP, and then do some research to find what ports those are.


Sidebar: "audit" suggests "security audit" to me; are these PLCs accessible to non-company-internal actors i.e. the 'net? That is generally a Bad Idea. Think of a PLC on a network like IoT: the S stands for security.
 
This is mainly for documentation purposes... netstat in win/unix shows all active listeners, plus all active inbound/sockets, for both sender and receiver. trying to create some visio docs, for onboarding/training.

fping will show all IPs with icmp turned on (much more useful then ping, with cidr options...), that's easy enough. We know all our PLC devices, it's the socket-traffic entering/exiting we want to measure (not just go by verbal historicals).

nmap will show active listeners on the remote hosts, yet there's some things it misses, and doesn't show outbound sockets.

and yes, we know about external risks... ;)

the best we've come up with is a man-in-the-middle logger, yet that involves some things we don't want to do.

thx!
 
sbagdon said:
This is mainly for documentation purposes... netstat in win/unix shows all active listeners, plus all active inbound/sockets, for both sender and receiver. trying to create some visio docs, for onboarding/training.

fping will show all IPs with icmp turned on (much more useful then ping, with cidr options...), that's easy enough. We know all our PLC devices, it's the socket-traffic entering/exiting we want to measure (not just go by verbal historicals).

nmap will show active listeners on the remote hosts, yet there's some things it misses, and doesn't show outbound sockets.

and yes, we know about external risks... ;)

the best we've come up with is a man-in-the-middle logger, yet that involves some things we don't want to do.

thx!
Click to expand...

Many of features of the "Words With Few Vowels" function you appear to be wanting do appear, in a variety of formats, in real time, on the web page for the ethernet interface that accesses the PLC. None are logged, except in a statistical fashion, so, yes, you'll need a MITM type of appliance to scrub through all that.
 
drbitboy said:
There is no command-line interface to most PLCs, so no netstat "command." There might be something in the web pages, if the PLC has a server. I expect this will have to be done externally and empirically i.e. try to connect to each port of the PLC using UDP and TCP, and then do some research to find what ports those are.


Sidebar: "audit" suggests "security audit" to me; are these PLCs accessible to non-company-internal actors i.e. the 'net? That is generally a Bad Idea. Think of a PLC on a network like IoT: the S stands for security.
Click to expand...

I haven't gone down to the port analysis level, but advanced IP scanner lets you scan a subnet, and then scans if there are webpages for devices. Rockwell devices can then be filtered all together by searching for "Rockwell", as the webpage title usually has rockwell.
 

Similar Topics

G
Allen-Bradley visualization architecture (SiVArc analogue)
Dear community, I am trying to find a tool for Allen-Bradley PLCs similar to SiVArch for Siemens PLCs to automatically generate faceplates and...
Replies
0
Views
38
Gunman
G
D
Allen Bradley 1734-AENT issue
Hi everyone, new to forum. Since very long time i having issue with 1734-AENT module, after some period of time its keep stuck in error (simmilar...
Replies
5
Views
224
dummy_bit
dummy_bit
K
Places to sell surplus Allen Bradley PLC's and various other items
Hello, I am new here. I am trying to find good places to sell some surplus items that I have that isnt through ebay. Does anyone have any sources...
Replies
5
Views
333
tlf30
tlf30
H
A/I module 1756-IF16 Allen Bradley
Hi all, installed on chassis A17 an A/I from Allen-Bradley , problem is what ever I do , all channels are sticked on value 39.9 and cannot change...
Replies
1
Views
131
dummy_bit
dummy_bit
geniusintraining
Allen Bradley Firmware flashing issues 1769-L24ER-BB1B
I have a 1769-L24ER-BB1B and I am trying to flash it to 34xx, its flashing red and faulted, when I try to flash it I get a popup stating it needs...
Replies
14
Views
247
geniusintraining
geniusintraining
Back
Top Bottom