Way to capture packets from Gateway to PLC?

I’m having trouble writing to a tag from my project to a Click PLC. There’s no errors that show up in Ignition designer and when I do

result = system.tag.writeBlocking(['[default]MOD1-MOD3/Open_Command'], [1])
print result

the result is [Good], but its not actually writing to the tag (as this particular tag triggers an office door and it is not opening when this is written to).

I am able to use Click Software to see the ladder logic and write to the tag that way and I get the expected results. I am also able to capture packets that are sent to it that way. I wanted to compare what is sent from the Click Software to the PLC versus what the Gateway is sending. But I cannot seem to capture anything from the gateway going to the PLC in WireShark (with the filter ip.dst==ThePLCIPAddress).

Is this something I won’t be able to capture? I started thinking maybe its on purpose and I won’t ever be able to catch them due to some security measures, but I also thought maybe this is the reason why none of my tag writes are doing anything.

Should I be able to capture packets from the gateway to the PLC if I use OPC Quick Client from the gateway to write a value to a tag? We are all on the same network.

Yes, as long as you’re running Wireshark on the same machine as the Ignition Gateway.

Forget the filters for now - did you select the right network adapter in Wireshark before starting the capture?

I am running Wireshark from my personal laptop. We are all on the 192.168.57.XXX network. I am able to ping the PLC and the Gateway from my computer. However, when I do ip.dst==GATEAWYIP I only see stuff from my computer going to it, no one elses (despite knowing other clients are open and working), so I think you are correct that it has to do with my network adapter.

Luckily I have access to the gateway computer so I think the easiest best way forward is to log on to that and set up wire shark there. Thanks, good to know that I should be seeing something.

You can’t capture traffic between the gateway and PLC from your laptop, that’s not how Wireshark works. You have to run it on one of the machines involved in the traffic you’re interested in.

1 Like

Ok. For some reason I thought I had done something like that before, but it must be one of those artificial memories.

I believe you can actually capture from your laptop, but you would need to be on the same switch and mirror the port the PLC or gateway is on. Probably not worth it.

Trying to keep things simple here :grimacing:

I always put tshark on my Linux servers. (Most are headless.)