The purpose of this post is to explain how best to connect to an existing network to capture data between a PLC and a scanner using an Ethernet switch. A common mistake people make is not using port mirroring, which means that the Ethernet switch sends a copy of all network traffic on one port to another. This post explains the incorrect and correct configurations.
(Note that this post does not show how to use an Ethernet traffic/packet analyzer like WireShark to capture data traffic over a network, or how to interpret the data captured. Packet analyzer software applications have detailed descriptions on the type of data being captured and what the data captured means, and each application has unique variations and features. Also, if the device seems to be losing its connection to the network or is not responsive, just connecting to a network like this will not solve the problem).
Incorrect Configurations
Incorrect Configuration #1
In the setup depicted above, each device is connected to a port on the Ethernet Switch. A link between the PLC and the scanner has been established. Although the computer is physically on the same network, no data is passed to it. So, if an Ethernet packet analyzer were running in the computer, the analyzer would not see any of the traffic between the PLC and Scanner.
This is because the connection between the PLC and scanner is set to “Unicast,” which means data is configured to pass just between the PLC and the scanner.
Incorrect Configuration #2
If an application were used in the computer to interact with the PLC, a network packet analyzer running on the computer would just see the data transmitted and received between itself and the PLC.
As you can see in the above illustration, there is only a connection between the PLC and the computer. The problem would be similar if an application were used in the computer to interact with the scanner.
Incorrect Configuration #3
In a network like the one shown above, where there are few devices on the network, “Multicast” can be used. However, for every message sent, all devices on the network need to acknowledge the sender, regardless of the intended destination. So, the computer running the Ethernet packet analyzer will have some unwanted impact on the network.
Correct Configuration
A more effective way to monitor the Ethernet traffic is to use a Managed Ethernet Switch with port mirroring capability. With port mirroring enabled, the Ethernet switch sends a copy of all network traffic on one port to another.
In the illustration above, traffic being transmitted and received in Port 2 of the Managed Ethernet Switch is mirrored on Port 3. This way, a computer running the Ethernet packet analyzer attached to the mirroring port will be passive and just monitor/record the traffic as opposed to adding to it.
[custom_author=Wilson Lee]
