I am quite new to the BACnet protocole but I am facing some troubles finding a device on a network.
Basically, I have a setup on a network 128.10.100.XXX/24 where I have multiple devices, as my nmap scan will show
root#xxx:/home/xxx# nmap -sP 128.10.100.120/24
Starting Nmap 7.80 ( https://nmap.org ) at 2022-11-02 05:11 UTC
Nmap scan report for 128.10.100.1
Host is up (0.00076s latency).
MAC Address: 00:50:06:XX:XX:XX (TAC AB)
Nmap scan report for 128.10.100.150
Host is up (0.00059s latency).
MAC Address: 00:80:4F:XX:XX:XX (Daikin Industries)
Nmap scan report for 128.10.100.160
Host is up (0.00024s latency).
MAC Address: 00:50:06:XX:XX:XX (TAC AB)
Nmap scan report for xxx (128.10.100.120)
Host is up.
When I run specific scans for BACnet, all devices have an open 47808 port:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-11-02 13:08 UTC
Nmap scan report for 128.10.100.150
Host is up (0.0093s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
47808/udp open|filtered bacnet
MAC Address: 00:80:4F:XX:XX:XX (Daikin Industries)
However, when I am trying to use BACnet utilities (BACpypes in python or bacnet-stack in node.js), no device is found. I tried multiple libraries and various setups (modifying the broadcast address, etc...) without any success.
I struggle to understand the reason...
Thank you in advance for your help,
A.
Have you validated your setup using 3rd party tools such as YABE ?
Fire up wireshark with a capture filter "port 47808", then look at the who-is from your app vs the who-is from YABE.
Also check the netmask on both devices match... this will affect the broadcast messages.
Speaking of which, try a directed who-is message to the controller from your app to see if the controller responds.
Things worth considering :-
Tools such as YABE, VTS and Wireshark - to learn from the success cases/successful instances of communication.
The network card (NIC) that your tools and/or libraries are using/selecting to send the ('service' request) messages - e.g. definitely don't mix routable addresses with non-routable 'private' addresses (between the BACnet 'client' IP & the 'server' IP).
(UDPv4-only) 'Broadcasts' will only work upon the local network (- if a BBMD is not present & correctly set-up to relay the broadcast on to another part/hop of the "internetwork"/connected networks).
If you're unlucky - with a particular device, your client port just might have to be 47808/0xBAC0; and just possibly for the broadcasts too.
Also try directed/'unicast' traffic/'service' requests too - e.g. attempting to read the device object instance # (DOIN) of a target device; check you've got/are specifying the correct DOIN when targeting/firing a request at a device.
Does the target device have a BACnet router or BACnet gateway in front of it (- therefore would also need the inclusion of a DNET & DADR paired values as part of addressing it)?
If so, are you talking the same variant of BACnet, e.g. IP - as in BACnet/IP between both the (BACnet) 'client' & 'server'/serving device?
If it's a commercial/enterprise device, does it have a IP whitelist - to allow for the processing of incoming requests?
Related
I'm trying to interface a device with python.
The device is connected to another machine in the same network (the university network) and I know it's Port number.
I can access the device from the PC where it is plugged with the following code:
dev = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
dev.connect(('137.195.53.140',51019))
where '137.195.53.140' is the PC ip, and 51019 is the port number.
However, if I try the same from another machine, ipython gets stack at the command "dev.connect(('137.195.53.140',51019))", and when I abort the evaluation and then look at "dev" I get this:
<socket.socket fd=15, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('137.195.204.85', 50393)>
where '137.195.204.85' is the IP of the machine I'm using, and the port number I've no idea.
Since ssh works with no problem within this network, I thought that my approach for accessing the device would have worked as well.
Does anyone have any clue for this? I'm sorry if I haven't been clear, but I know absolutely nothing of networking (and not very much of Python either tbh).
There's couple of things to consider:
Your university network ports
Your device's opened ports
Your network might have the 51019 port blocked. Also, ssh uses port 22 to make it's connection. Every port is a world, so there's the chance that just because 22 is open, it doesn't mean that another is. School networks usually have a pretty rigid policy on port closing for security and blocking unwanted sites too.
You can test your device access by pinging it as
$ ping 137.195.204.85
If that works, then you can go trying different ports
I'm currently encountering an issue in RedHat 6.4. I have two physical NICs which I am trying to bond together using LACP.
I have the corresponding configuration set up on my switch, and I have implemented the recommended configuration from the RedHat Install Guide on my NICs.
However, when I start my network services, I'm seeing my LACP IP on the physical NICs as well as the bonding interface (respectively eth0, eth1 and bond0). i'm thinking I should only see my IP address on my bond0 interface?
The connectivity with my network is not established. I don't know what is wrong with my configuration.
Here are my ifcfg-eth0, eth1 and bond0 files (IP blanked for discretion purposes).
ifcfg-eth0 :
DEVICE=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
ifcfg-eth1 :
DEVICE=eth1
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
ifcfg-bond0 :
DEVICE=bond0
IPADDR=X.X.X.X
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
NM_CONTROLLED=no
BONDING_OPTS="mode=4"
Thanks to anyone who can pinpoint my problem.
Jeremy
Let me answer my own question here in case anyone is having the same issue.
Turns out I just needed to deactivate the "NetworkManager" service on my RedHat Server. Turn it off, and deactivate it, then works like a charm.
Network bonding : Modes of bonding
Modes 0, 1, and 2 are by far the most commonly used among them.
Mode 0 (balance-rr)
This mode transmits packets in a sequential order from the first available slave through the last. If two real interfaces are slaves in the bond and two packets arrive destined out of the bonded interface the first will be transmitted on the first slave and the second frame will be transmitted on the second slave. The third packet will be sent on the first and so on. This provides load balancing and fault tolerance.
Mode 1 (active-backup)
This mode places one of the interfaces into a backup state and will only make it active if the link is lost by the active interface. Only one slave in the bond is active at an instance of time. A different slave becomes active only when the active slave fails. This mode provides fault tolerance.
Mode 2 (balance-xor)
Transmits based on XOR formula. (Source MAC address is XOR’d with destination MAC address) modula slave count. This selects the same slave for each destination MAC address and provides load balancing and fault tolerance.
Mode 3 (broadcast)
This mode transmits everything on all slave interfaces. This mode is least used (only for specific purpose) and provides only fault tolerance.
Mode 4 (802.3ad)
This mode is known as Dynamic Link Aggregation mode. It creates aggregation groups that share the same speed and duplex settings. This mode requires a switch that supports IEEE 802.3ad Dynamic link.
Mode 5 (balance-tlb)
This is called as Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load and queue on each slave interface. Incoming traffic is received by the current slave.
Mode 6 (balance-alb)
This is Adaptive load balancing mode. This includes balance-tlb + receive load balancing (rlb) for IPV4 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the server on their way out and overwrites the src hw address with the unique hw address of one of the slaves in the bond such that different clients use different hw addresses for the server.
~]#service NetworkManager stop | chkconfig NetworkManager off
Try This and if not continue with bellow command too
~]#service network start/restart | chkconfig network on
I'm using a PXI 8109 running Pharlap OS.
I'm trying to use the second ethernet interface of my PXI to send UDP and TCP packets.
Here the configuration of my two ethernet interfaces:
eth0 (primary):
IP : 10.0.0.3
subnet mask : 255.0.0.0
eth1 :
IP : 192.168.10.9
subnet mask : 255.255.255.0
For UDP, I have no problems, packets are sent to the second interface as I want. I think it work because there is a "net address" input on the "UDP Open" VI so the system can choose the right interface.
For TCP, I use the "TCP Open connection" VI but there is no this kind of input. And it is not working : I assume the system is trying to use the primary interface but it can't route packets...
For information, my two networks are physically independant.
Can you help me finding out what's going on ? Is it possible to use TCP on the second ethernet interface ?
TCP open is meant to open a connection to another computer, if you feed a valid (in one of the two subnets) TCP address it should open a connection on that specific interface.
I assume you need to use the TCP listener function and according to this KB article, you can specify on which address you want to listen. So yes, you should be able to use a specific ethernet interface.
disclaimer: I am not sure if all this info is valid on Pharlap as well.
Basically, the decision which NIC to use is up to the OS and I believe that normally it would choose based on the subnet of the address you're trying to connect to and those of the NICs - I don't know what the IP address is (maybe it's in the subnet of the wrong card?), but the subnets of the NICs certainly appear to be different from each other (10.0.0.0 and 192...).
On Windows, I believe you can set the routing tables to have some more control of this (although I don't know if you would be able to force something to go through the "wrong" NIC), but I have no idea how much control you would have over this on Phar Lap. I would suggest some searching. Here are a couple of relevant links:
http://forums.ni.com/t5/LabVIEW/RT-How-do-I-use-two-independent-Ethernet-ports/td-p/721269
http://forums.ni.com/t5/LabVIEW/Communicating-through-two-ethernet-ports-on-the-same-computer/m-p/1509450#M565374
I finally solved my problem. This was not related to the TCP connection ...
I was using a property node "Value (signaling)" to trigger the TCP connection and it seems that this is not supported on RT Targets.
This is why it was working on localhost.
Thanks for the help anyway ;)
We have about 30 clients connected to a single cable-modem/router (Fritzbox 6360). Some clients also connect to a TP-Link W-LAN Router which is also connected to the cable modem.
Sometimes the internet is very slow and we can see an continous upstream (6 MBit/s). Unfortunately we can not see which clients cause that traffic. The Fritz Box provides a functionality to capture network traffic and then analyze it with Wireshark.
Following interfaces can be captured by the cable modem:
Internet connection
Interface 0 ('internet')
Routing interface
Network interfaces
tunl0
cni0
lbr0
wan0
eth0
lan
erouter0
esafe0
And there is an option to launch DTrace (default parameters are)
-D -s -m -i256 -dect -dlc -c1 -c2 -c3 -c4 -c5 -nt3 -d2 -d3
We already captured different interfaces and tried to understand the data with Wireshark but without much success. What would be right way to see which Client is uploading Data at the moment?
In Wireshark, to get a list of IP addresses and what percentage of the trace each of the IP Addresses are taking up, go to Statistics->IP Addresses.. and click "Create Stat" in the box that pops up while leaving the the "Filter" option blank. You should be able to figure out which of your client ip is hogging up the most bandwidth with this.
For a visual comparison, click "Statistics->IO Graph", and in the second filter next to Graph 2, type "ip.src == x.x.x.x" (where x.x.x.x is the ip address of the uploader you suspect is taking up the most bandwidth) and click "Graph 2". This will give you a packets vs time graph. You can also filter out other ip addresses as well to display simultaneously in the same graph for comparison.
Edit: I would also suggest keeping an eye out for IPv6 addresses.
since my Linksys router doesn't assign a fixed local IP to the computers (PC and Mac and Linux), i'd like to write a script so that every minute, the computers will update to each other so that
http://localhost/list.html
on each machine will contain a list of names of all PC and Mac and a link to their apache server (pointing to http://192.168.1.102, etc)
it looks like a way to find out the local IP address is by ipconfig on PC, and ifconfig on the Mac and Linux, and to do it programmatically, it will be gethostbyname().
But I tried on Ruby, that
irb(main):001:0> require 'socket'
=> true
irb(main):002:0> p Socket::gethostbyname("localhost")
["Core2Duo", [], 2, "\177\000\000\001"]
irb(main):005:0> p Socket::gethostbyname("core2duo")
["Core2Duo", [], 2, "\300\250\001g"]
=> nil
and ipconfig actually shows
IPv4 Address. . . . . . . . . . . : 192.168.1.103
so is this the right way to do it? I can hack it by executing "ipconfig" in Ruby and use regular expression to get the result, but would be nice to do it using a more standard way.
Socket::getaddrinfo might be more of what you're looking for:
Socket::getaddrinfo('localhost', 'http')
[["AF_INET", 80, "localhost", "127.0.0.1", ...]]
Socket::getaddrinfo('core2duo', 'http')
[["AF_INET", 80, "Core2Duo", "192.168.1.103", ...]]
Or, you might just try:
Socket::getaddrinfo('core2duo', 'http')[0][3]
"192.168.1.103"
You can do this in Java using:
Socket s = new Socket();
s.getLocalSocketAddress();
If you run Bonjour on your Windows systems and avahi on your Linux systems, you can do away with the need to determine each system's IP address. You can then simply address each system using "hostname.local". More info here.
Why not just turn off DHCP for those machines and assign them fixed IP addresses?
Edit in response to comments: At least as-of three years or so ago (last time I bought a router), Linksys routers allowed you to set the bottom IP address for the built-in DHCP server. Then, you go into the individual machines' network setup, disable DHCP, and assign physical addresses. For example, on my home network the router is 192.168.1.1, the Terastation is 1.2, the printer is 1.3, my Linux box is 1.99, and the router is configured to give out 1.100 and above.
The problem in the Ruby script might be that there is no DNS name resolution on your network, this is often hidden if you usually share stuff between computers with SMB/CIFS because that has it's own name discovery protocol.
If you are going to be broadcasting datagrams with the name/ip info in, then you don't really need a PC to know its own IP address. Just send the datagram containing its name, then use recvfrom() - or equivalents - to catch it at the other PCs. That way the receivers can extract the sender's IP address directly via the recvfrom() function.
As a bonus, that should work where the sending PC has more than one network adapter.