Wireshark

I have been using Wireshark to capture and analyze the Ethernet based protocols. It's a freeware / open source tool released by GNU.

Some useful Info about Wireshark

In computing, Wireshark (formerly known as Ethereal) is a free software protocol analyzer, or "packet sniffer"application used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer. In June 2006 the project was renamed from Ethereal due to trademark issues.

The functionality Wireshark provides is very similar to tcpdump, but it has a GUI front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network card into promiscuous mode.

Wireshark is released under the GNU General Public License, and it uses the cross-platform GTK+ widget toolkit. It runs on Unix and nix-like systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD and Mac OS X (although GTK+ only works with X11 on Mac OS X, so the user will need to run an X server such as X11.app), and on Windows.

Wireshark is software that "understands" the structure of different network protocols. Thus it's able to display encapsulation and single fields and interpret their meaning. Wireshark uses pcap to capture packets, so it can only capture on networks supported by pcap.

Features

• Data can be captured "from the wire" from a live network connection or read from a capture file.
• Live data can be read from Ethernet, FDDI, PPP, token ring, IEEE 802.11, classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
• Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
• Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
• Display filters can also be used to selectively highlight and color packet summary information.
• Data display can be refined using a display filter.
• Hundreds of protocols can be dissected.

Security

Capturing raw network traffic from an interface requires special privileges on some platforms. For this reason, Wireshark often runs with superuser privileges. Taking into account the huge number of protocol dissectors, which are called when traffic for their protocol is captured, this can pose a serious security risk given a bug in a dissector. Due to the rather large number of vulnerabilities in the past (of which many have allowed remote code execution) and developers' doubts for better future development, OpenBSD removed Ethereal from its ports tree prior to its 3.6 release.

One possible alternative is to run tcpdump, or the dumpcap utility that comes with Wireshark, with superuser privileges to capture packets into a file, and later analyze these packets by running Wireshark with restricted privileges on the packet capture dump file.

Website:

www.wireshark.org

Modbus TCP

Modbus - IDA

Modbus-IDA is a group of independent users and suppliers of automation devices that seeks to drive the adoption of the Modbus communication protocol suite and the evolution to address architectures for distributed automation systems across multiple market segments. Modbus-IDA will also provide the infrastructure to obtain and share information about the protocols, their application and certification to simplify implementation by users resulting in reduced costs.

Modbus - Technical overview

MODBUS is an application-layer messaging protocol, positioned at level 7 of the OSI model. It provides client/server communication between devices connected on different types of buses or networks. The de-facto industrial serial standard since 1979, MODBUS continues to enable millions of automation devices to communicate. Today, support for the simple and elegant structure of MODBUS continues to grow. The Internet community can access MODBUS at a reserved system port 502 on the TCP/IP stack.

MODBUS is a request/reply protocol and offers services specified by function codes. MODBUS function codes are elements of MODBUS request/reply PDUs. This protocol specification document describes the function codes used within the framework of MODBUS transactions

Modbus allows for the administration of a net of devices, for example a system that measures temperature and humidity and communicates the results to a computer. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. Versions of the Modbus protocol exist for serial port and Ethernet.

Modbus RTU is a compact, binary representation of the data. Modbus ASCII is human readable, and more verbose. Both of these protocols are serial based. The RTU format follows the commands/data with a cyclic redundancy check checksum, while the ASCII format uses a longitudinal redundancy check checksum. Modbus/TCP is very similar to Modbus RTU, but is transmitted within TCP/IP data packets.

An extended version, Modbus Plus (Modbus+ or MB+), also exists, but remains proprietary to Modicon. It requires a dedicated co-processor to handle fast HDLC-like token rotation. It uses twisted pair at 1 Mbit/s and has installations specs very similar to EIA/RS-485. However, it is NOT EIA/RS-485. MB+ includes transformer isolation at each node, which makes it transition/edge triggered instead of voltage/level triggered. A few EIA/RS-485 repeaters work with it by side-effect, but don't get your hopes up that you can support Modbus Plus with your computer's standard serial port.

Each device that intends to communicate using Modbus has a unique address. Any device can send out a Modbus command, although usually only one master device does so. A Modbus command contains the Modbus address of the device it is intended for. Only the intended device will act on the command, even though other devices might receive it. All Modbus commands contain checking information, ensuring that a command arrives undamaged. The basic Modbus commands can instruct a RTU to change a value in one of its registers, as well as commanding the device to send back one or more values contained in its registers.

There are many modems that support Modbus. Some of them were specifically designed for this protocol. Different implementations use wires, wireless communication and even SMS or GPRS. Typical problems the designers have to overcome include high latency and timing problems.

Modbus-IDA
37 Wheeler Road
North Grafton
MA 01536
USA
Tel: +1 508 435 7170
Fax: +1 508 435 6929
info@modbus-ida.org
www.modbus-ida.org

Schneider Electric Becomes a Principal Member of ODVA

ODVA announced that Schneider Electric, S.A., a worldwide leader in power and control and a member of ODVA, will significantly increase its level of support for the organization by becoming one of its principal members, alongside Cisco Systems, Eaton Electrical, Omron Corporation, and Rockwell Automation. Schneider Electric’s increased participation in ODVA coincides with ODVA's plans to extend the CIP Network specifications to provide compatibility of Modbus®/TCP devices with networks built on the Common Industrial Protocol (CIP™). This extension will give existing Modbus/TCP users a clear path to CIP Network architectures while protecting their automation investments.

Schneider Electric’s increased support of ODVA reflects the company’s plans to deploy EtherNet/IP as a foundation of its network strategy. This action, by a global fortune 500 company, is a major indication of industry's continued push to adopt network technologies for automation that use standard, unmodified Ethernet and Internet technologies. Users will benefit through significantly increased interoperability between the largest installed base of industrial Ethernet networks - EtherNet/IP and Modbus/TCP - as well as between automation products from a growing number of vendors. Combined, these benefits will reduce cost, time and risk for users deploying and maintaining their network architectures.

"Our customers want the interoperability and seamless integration of the factory floor that networks using standard, unmodified Ethernet can provide, and one network for control, information, configuration, safety, synchronization and motion,” said Adrien Scolé, Senior Vice President of Innovation for the Automation Business, Schneider Electric. “EtherNet/IP is the answer to meeting our customers’ needs by providing compatibility with existing Modbus/TCP products and systems in combination with the complete suite of services contained in CIP. For these reasons, we are eager to team with ODVA to help make EtherNet/IP the most widely used industrial network available."

Katherine Voss, Executive Director, ODVA, agreed: "ODVA is delighted Schneider Electric is increasing its support of the organization and our technologies, most notably EtherNet/IP. Schneider Electric is an industry leader in driving adoption of standard, unmodified Ethernet technologies on the factory floor and throughout the enterprise. ODVA looks forward to leveraging the vast experience of Schneider Electric in automation and their expertise in Ethernet and Internet technologies to continue to expand the capabilities of ODVA technologies. ODVA especially salutes Schneider Electric for putting users first in making the decision to build its network strategy with an industrial Ethernet solution that provides interoperability of multi-vendor systems and protects the customer's investment."

EtherNet/IP was introduced in 2001 and has more than 1.125 million installed nodes. EtherNet/IP and Modbus/TCP are the two most popular industrial Ethernet protocols, representing over 50 percent worldwide market share, according to the most recent market study from ARC Advisory Group.

“This is a big development in the automation industry,” said Harry Forbes, Senior Analyst at ARC Advisory Group. “It is unusual to see several automation majors joining in such close collaboration, especially in a strategic area such as industrial Ethernet, and it adds to the value of ODVA and its CIP Network technologies in the automation industry. Automation users of Modbus/TCP can now look forward to benefiting from CIP Networks. Schneider Electric products will also benefit from the many capabilities of CIP, but end users will be the real winners here because future CIP Networks will offer an even broader range of choices.”

Schneider Electric plans to have its next generation of EtherNet/IP products, incorporating connectivity to existing Modbus/TCP devices, in 2008. ODVA will provide an overview of the concept planned for The EtherNet/IP Specification to support Modbus/TCP devices on EtherNet/IP networks at its next press conference scheduled for Monday, April 16, 2007 at 15:00 hr in the Dresden Room of the Convention Center at the Hannover Fairgrounds in Hannover, Germany.

About Schneider Electric
A member of ODVA since 2003, Schneider Electric is the world's power and control specialist. Through its world-class brands, Merlin Gerin, Square D and Telemecanique, Schneider Electric anticipates and satisfies its customers' requirements in the residential, building, industry and energy and infrastructure markets. With 105,000 employees and operations in 190 countries, Schneider Electric generated sales of €13.7 billion in 2006 through 13,000 distributor outlets. Visit Schneider Electric at http:\\www.schneider-electric.com\

About ODVA
ODVA is an international association comprised of members from the world's leading automation companies. Collectively, ODVA and its members support network technologies using the Common Industrial Protocol (CIP™). These currently include DeviceNet™, EtherNet/IP™, CompoNet™, and the major extensions to CIP — CIP Safety™, CIP Sync™, and CIP Motion™. ODVA manages the development of these open technologies, and assists manufacturers and users of CIP Networks through tools, training and marketing activities. In addition, ODVA offers conformance testing to help ensure that products built to its specifications operate in multi-vendor systems. ODVA also is active in other standards’ development organizations and industry consortia to drive the growth of open communication standards. For more information, visit its web site at www.odva.org.

Modicon M-340

Schneider Electric has released the Telemecanique® brand Modicon® M340™ programmable automation controller (PAC), the newest addition to the Modicon line of PACs

The Modicon line began in 1968 with the introduction of the first ever programmable logic controller (PLC), capable of real-time logic solving. It continues today with the Modicon M340 PAC, a platform that not only offers reliable real-time logic solving, but also communication and database manipulation capabilities in multiple programming environments. The Modicon M340 PAC joins the Modicon Premium™ and the Modicon Quantum™, Schneider Electric’s other PACs programmed with Unity™ Pro, the latest IEC 61131-3 development software. These PAC’s comprise a full range of programmable controllers designed to affordably and effectively handle the requirements of very complex processing applications, such as multi basin aeration control or membrane filtration, to more straightforward applications such as grinders and belt presses. “The original Modicon PLC sparked an evolution in industrial performance that has been fostered by Schneider Electric’s ongoing commitment to developing innovative products that are reliable, safe, durable and easy-to-use,” said Richard Hutton, senior automation marketing specialist, Schneider Electric North American Operating Division। “The Modicon M340 builds upon that tradition and provides even greater efficiency and performance with a single development platform that uses common tagging and a single database for development tasks across a range of disciplines.”The Modicon family of PACs improves process performance by providing exceptional control and reliability, in addition to simplifying setup and implementation by standardizing on a single programming tool. The Modicon M340 PAC’s hardware and software is tightly integrated and like the more advanced Modicon PACs, it can be configured using Schneider Electric’s Unity software suite. The Unity suite offers a choice of five IEC languages, graphic programming and advanced online help. In addition, users can reuse developments among these PAC platforms to obtain maximum cost efficiencies and quality.The high-performance Modicon M340 PAC also enables fast execution of both Boolean processing and floating decimal calculations. It has 4MB of internal memory (upgradeable to 16MB), 256KB data and can manage applications with up to 70K instructions.“The Modicon M340 PAC also offers unparalleled openness and connectivity,” said Hutton. “It integrates a high-speed USB port and offers a choice of up to two additional communication ports — from CANopen™, Ethernet or Modbus® — unlike any other automation controller on the market. The Modicon M340 PAC’s modular architecture also complements industry application requirements.”This increased communications openness ensures that municipalities can access their processes in complete security via modem or standard asymmetric digital subscriber line (ADSL) serial link from anywhere. In addition, the USB port gives users a simple and high-performance connection with the programming PC without the need for a dedicated programming cable. Users also can connect to Ethernet, either point-to-point or via local or remote networks. Depending on the technology chosen, users can program online, transfer programs, access data files and manage remote operations and diagnostics thanks to open TCP standards and the embedded Web server functions.The Modicon M340 PAC further simplifies use by automatically backing up data and applications in its internal Flash memory and SD-based memory card, respectively. The "plug and load" technology of the memory card enables easy updating of applications or transfer to other machines with no disruption of operation. In “power on” mode, a new program is automatically transferred in the internal memory, and the same card can be used to load all installed PACs on identical machines. In addition, data files (recipes, traceability) or maintenance files can be stored and easily accessed from a PC or through a simple "drag-and-drop" via a File Transfer Protocol (FTP) site. No battery is required, helping users avoid the associated maintenance, or degradation due to heat. This increases reliability by eliminating program loss due to a failed battery during a power loss.The PAC easily integrates into the tightest spaces thanks to its compact dimensions. The Modicon M340 PAC also is flexible, accepting from 4 to 12 modules with maximum density of 64 channels per module. Each module is "hot swap" designed and automatically reconfigured by the CPU at replacement. In addition, the PAC offers a wide power supply choice with either AC or DC current with 24 VDC/0.9A sensor supply output.The rugged Modicon M340 PAC adapts to severe industrial environments, greatly exceeding the limits imposed by the International Electrotechnical Commission (IEC) standard। In addition, the PAC conforms to the restriction of hazardous substances (RoHS) European Directive on environment protection.

M340 Home Page.