Analyzing network traffic with Wireshark

TwinCAT/BSD has a packet sniffer as standard. The tcpdump program monitors the Ethernet interfaces, records the network traffic and saves the data in a file on the industrial PC.

The saved file can then be copied to a development computer, opened with Wireshark and analyzed.

Requirements:

Wireshark installed on development machine: https://www.wireshark.org/download.html
Wireshark User's Guide: https://www.wireshark.org/docs/wsug_html_chunked/

Proceed as follows:

1. Enter the doas tcpdump -i igb1 -s 0 -w DHCP.pcap command in the console. In this sample, igb1 corresponds to Ethernet interface X000.
-i Ethernet interface.
-s Length of the snapshot. The value "0" sets the length to the default value of 262144 bytes.
-w File in which the output should be stored.

2. Confirm the command with the administrator password.

tcpdump: listening on igb1, link-type EN10MB (Ethernet), capture size 262144 bytes

3. You can stop recording at any time by pressing [Ctrl] + [c].

33523 packets captured
33531 packets received by filter
0 packets dropped by kernel
Administrator@CX-3B151A:~ %

4. In this sample, the DHCP.pcap file is saved in the home directory under /usr/home/Administrator.

5. Copy the DHCP.pcap file to a development computer using the WinSCP client (see: Managing files with the WinSCP client).

You have successfully recorded the network traffic on the Ethernet interface igb1. You can then open and analyze the DHCP.pcap file with Whireshark.
Analyzing network traffic with Wireshark 1:

Analyzing network traffic with Wireshark 1: