Allen-Bradley netstat?

sbagdon

Member
S
Join Date
Oct 2020
Location
Michigan
Posts
7
did a search, nothing came up...


Doing an audit, and looking for an active port-inventory, such as netstat... yet can't seem to find anything like that for our Allen-Bradleys.


Does such a thing exist, as netstat, in the plc world?


Thx!
 
sbagdon said:
did a search, nothing came up...


Doing an audit, and looking for an active port-inventory, such as netstat... yet can't seem to find anything like that for our Allen-Bradleys.


Does such a thing exist, as netstat, in the plc world?


Thx!
Click to expand...

A little more specific????? Would System Ferret do the trick? It reports all the Ethernet/IP devices on a network, but not specifically included in a PLC's I/O usage.
The other brute force method would be to look at the Web Page for the ethernet adapter, and print out the IP tables...ARP entries, etc.
 
There is no command-line interface to most PLCs, so no netstat "command." There might be something in the web pages, if the PLC has a server. I expect this will have to be done externally and empirically i.e. try to connect to each port of the PLC using UDP and TCP, and then do some research to find what ports those are.


Sidebar: "audit" suggests "security audit" to me; are these PLCs accessible to non-company-internal actors i.e. the 'net? That is generally a Bad Idea. Think of a PLC on a network like IoT: the S stands for security.
 
This is mainly for documentation purposes... netstat in win/unix shows all active listeners, plus all active inbound/sockets, for both sender and receiver. trying to create some visio docs, for onboarding/training.

fping will show all IPs with icmp turned on (much more useful then ping, with cidr options...), that's easy enough. We know all our PLC devices, it's the socket-traffic entering/exiting we want to measure (not just go by verbal historicals).

nmap will show active listeners on the remote hosts, yet there's some things it misses, and doesn't show outbound sockets.

and yes, we know about external risks... ;)

the best we've come up with is a man-in-the-middle logger, yet that involves some things we don't want to do.

thx!
 
sbagdon said:
This is mainly for documentation purposes... netstat in win/unix shows all active listeners, plus all active inbound/sockets, for both sender and receiver. trying to create some visio docs, for onboarding/training.

fping will show all IPs with icmp turned on (much more useful then ping, with cidr options...), that's easy enough. We know all our PLC devices, it's the socket-traffic entering/exiting we want to measure (not just go by verbal historicals).

nmap will show active listeners on the remote hosts, yet there's some things it misses, and doesn't show outbound sockets.

and yes, we know about external risks... ;)

the best we've come up with is a man-in-the-middle logger, yet that involves some things we don't want to do.

thx!
Click to expand...

Many of features of the "Words With Few Vowels" function you appear to be wanting do appear, in a variety of formats, in real time, on the web page for the ethernet interface that accesses the PLC. None are logged, except in a statistical fashion, so, yes, you'll need a MITM type of appliance to scrub through all that.
 
drbitboy said:
There is no command-line interface to most PLCs, so no netstat "command." There might be something in the web pages, if the PLC has a server. I expect this will have to be done externally and empirically i.e. try to connect to each port of the PLC using UDP and TCP, and then do some research to find what ports those are.


Sidebar: "audit" suggests "security audit" to me; are these PLCs accessible to non-company-internal actors i.e. the 'net? That is generally a Bad Idea. Think of a PLC on a network like IoT: the S stands for security.
Click to expand...

I haven't gone down to the port analysis level, but advanced IP scanner lets you scan a subnet, and then scans if there are webpages for devices. Rockwell devices can then be filtered all together by searching for "Rockwell", as the webpage title usually has rockwell.
 

Similar Topics

D
Getting connected to Allen Bradley Ultra3000
Hi how's it going. Was just wondering if someone could help me out. Recently one of the guys over on the LinuxCNC forums put me onto getting an...
2
Replies
15
Views
287
plvlce
P
N
2707-NC5 Allen Bradley Cable Pinout
Hello, Does anyone have one of these cables and willing to open the case so I can see the cable connections inside? 2707-NC5 I have sourced the...
Replies
3
Views
87
Mickey
Mickey
P
Allen Bradley Parts
Currently trying to find: micrologix ethernet interface 1761-NET-ENI AIC to micrologix 761-CBL-AM00 Ser C cable These are used for micrologix...
Replies
3
Views
135
tlf30
tlf30
U
allen bradley kinetix 300 E11 fault code
in allen bradley kinetix 300 drive first E31 error shows after resting drive E11 error occurs need solution to reset E11 fault code
Replies
4
Views
174
robertmee
R
R
Allen-Bradley Analogue Input 1756-IF16 Scaling
Hi, I have a ControlLogix system with 1756-IF16 analogue inputs. I can't scale the inputs at the card as there is a requirement to facilitate...
Replies
14
Views
461
Rich0147
R
Back
Top Bottom