Hirose: Connecting the future
Industrial Ethernet Book Issue 41 / 99
  Print this Page   Send to a Friend  

Network analysis and the challenge of Industrial Automation protocols

Anyone who ever needed to monitor Ethernet-based network traffic will undoubtedly have used the open-source analyser software WireShark, successor to the famous Ethereal monitor software. It is both free and highly functional. This has raised the bar for all other network analysers. Either you do better than WireShark or perish. Microsoft, with its new release of Netmon software, is not about to perish.
By Rob Hulsebos

There used to be another network analyser hiding in shadow of WireShark. Microsoft?s own network analyser software, Netmon v2, never became very popular. Its user-interface was not particularly userfriendly and proved difficult to work with. Proprietary protocols were difficult to add.

But in any case, you first had to find the software. Microsoft delivered it only with Server versions of Windows, and even then only as an option. Most people didn?t bother and just installed WireShark in five minutes or less via Internet.

Microsoft has recently released a completely new version (3.1) which I have had the opportunity to beta-test. Surprisingly, Netmon 3.1 has been extended to add support for new network protocols in a very easy way, and now beats WireShark in this aspect with a wide margin. For the industrial networking market where many protocols exist, multiply and proliferate, Netmon 3.1 can be a valuable addition to any network specialist?s toolbox. And, in contrast to WireShark, you don?t need a degree in computer science to make Netmon support your own chosen protocol.

Microsoft has listened?
Microsoft has listened well to the complaints about the previous version, and this has resulted in a very interesting feature in the new release: the ability to decode any network protocol by simply adding a script that decodes the data (bytes) in a network message to a human-readable format. Netmon itself has scripts to decode the most popular network protocols, but there is no support for any of the new protocols used in industrial Ethernet ? for example Profinet, Ethercat, Powerlink, Sercos-III and many others. When using WireShark it is possible to get the protocol decoders (called ?dissectors?) from the various user groups. Recently, while working with Ethercat I wanted to get the Ethercat dissector from the Ethercat Technology Group, but this is only possible after becoming a member of this group.

This presents far too much trouble simply to obtain a dissector.

Armed with the new Netmon release and just a few hours of work spent mainly learning the intricacies of the special programming language (NPL ? Network Parsing Language) used by Netmon to decode a network message, I had a simple script to decode the main part of the Ethercat network messages. NPL is completely tuned to decoding network messages, and Netmon then takes care of the presentation of the data on screen (see the screen dump).

By contrast WireShark requires that you obtain the source-code, supporting tools and a compiler kit to be able to recompile the modified software. Only then can you start programming C/C++ in order to make your own dissector. WireShark is then recompiled, your new dissector is tested, and if it doesn?t work as expected (not an uncommon with bespoke software?) you make the necessary modifications and start over again.

Apart from the time it takes to get the job done, one must have far more knowledge of the WireShark-internals and the programming language. For an example, see: www.codeproject.com/useritems/custom_dissector.asp.

Netmon 3 enjoys a much simpler sequence: you edit your script, instruct Netmon to import it, and you are ready to go. The development cycle can be compressed to just a few minutes.

Worked Ethercat example
I have reproduced a small part of my Ethercat NPL program below. Mainly it requires information about the fields in a network message, how large they are, and how they should be displayed. Netmon itself takes care of delivering the network messages, and displays the results without any further effort.

In my opinion Netmon 3.1 emerges a clear winner due to its flexibility over the addition of new network protocols. Industrial Automation with its multitude of protocols has a particularly pressing requirement for an easy-to-extend network analyser. The time it took to write this article is already longer than the effort needed to add a second network protocol to Netmon!

Netmon 3 is available for free from the general Microsoft download website. Even if you don?t need the extensibility features, give Netmon 3.1 a look ? particularly in support of wireless networks.

Code sample from Netmon dissector

Protocol ETHERCAT = FormatString(?%s', EthercatFrameTable(this)) 

UINT16 EthercatFrameHeader { 
UINT16 FrameLength:11 = FormatString(?Length %d(0x%x)', this, this); 
UINT16 Reserved:1 = ? Unused'; 
UINT16 Type:4 = FormatString(?%s', EthercatFrameTable(this)); 

while [done == 0] { 
UINT8 EthercatCmd = EthercatCmdTable(this); 
UINT8 Index; 

switch (EthercatCmd) { 
  case 0x01: _struct APRDStruct { 
    UINT16 AutoIncrementAddress;         
	UINT16 PhysicalMemoryAddress = FormatString(?%d (0x%x) ?, 
	  this, this) + PhysicalAddressTable(this); 
  case 0x02: _struct APWRStruct { 
    UINT16 AutoIncrementAddress; 
	UINT16 PhysicalMemoryAddress = FormatString(?%d (0x%x) ?, 
	  this, this) + PhysicalAddressTable(this); 
  case 0x0D: _struct ARMWStruct { 
    UINT16 AutoIncrementAddress; 
	UINT16 PhysicalMemoryAddress = FormatString(?%d (0x%x) ?, 
	  this, this) + PhysicalAddressTable(this);         

UINT16 LengthIndicator { 
UINT16 Length:11 = FormatString(?%d bytes', this); 
UINT16 Reserved:4 = ? Unused'; 
[done = (Next ? 0:1)] 
UINT16 Next:1 = this ? ? (1) Another telegram follows' : 
  ? (0) Last telegram'; 

UINT8 Data[LengthIndicator.Length]; 
UINT16 WorkingCounter; 


Rob Hulsebos has been a vendor, user, teacher, consultant and author for industrial networking.

Source: Industrial Ethernet Book Issue 41 / 99
   Print this Page    Send to a Friend  


Analog Devices: Time Sensitive Networking
ICDC: Your best ODM partner
DINSpace fiber optic and Cat 6 patch panels

Get Social with us:

© 2010-2019 Published by IEB Media GbR · Last Update: 24.04.2019 · 42 User online · Privacy Policy · Contact Us