Is it possible to connect the Ethernet port (of a Raspberry Pi) directly to a Modbus TCP RJ45 port (such that the devices can talk to each other)? Or is this not possible without a converter?
I am unsure if this is the correct forum, but I believe this should not be specific to the Raspberry pi.
Short answer - Yes... But....
As per the comments this is possible but there are a few things you will need to do (i.e. some configuration will be needed).
I think it's worth nothing that "Modbus TCP RJ45 port" is not really a meaningful term. Modbus is an application layer protocol; this depends upon a number of underlying layers:
Transport layer - TCP
Network layer - IP
Datalink Layer - Ethernet
Physical Layer - Ethernet cable with RJ45 connectors
You don't need to understand this in detail; the point is that before ModbusTCP will work you need to have a working TCP network (which all Modbus-TCP devices will support; generally via an RJ45 Ethernet connection). As such a better question probably is "If I run a CAT-5 cable between a Raspberry Pi and another device (Modbus TCP unit) will I be able to connect via TCP?" (a lot more people know about TCP/IP networking than Modbus!).
The first thing to consider is Ethernet. Running a cable directly between two older devices will often not work because they needed a crossover cable. Almost all modern equipment (including the Pi) supports Auto MDI-X which means the cable will just work. You can also connect the units via a switch (and doing this removes the need for Auto MDI-X).
Next you need to consider the IP layer. When you connect your Pi to your home network it will (usually!) be given an IP address by a DHCP service (usually running on your router). If you are connecting the Pi directly to the device then there will be no DHCP service so you will need to manually assign IP addresses to the devices (and ensure the subnet is correctly configured). A common way to check if an IP connection is working is to use the ping command.
With the lower layers working ModbusTCP will generally 'just work'. Many ModbusTCP devices also offer a browser based configuration and checking that you can access that is a good way to confirm that the network link is working.
One further question is probably "should I do this"; it's OK to hook things up this way to make some quick changes. However generally you will want the Pi to access other network resources so connecting everything to a router (home router will work; for remote devices a cell router is often used). You can either give the Modbus unit a static IP manually or use the routers configuration pages to assign it a static DHCP lease (otherwise it's IP might change from time to time).
Related
I need to create a TCP session "manually", without using the connect() function. I have tried to use RAW sockets. But in this case, I only get copies of the incoming IP packets. The original incoming packets slip through to the kernel and it generates an ACK response packet that damages my protocol.
Next, variant 2, I can write a virtual eth interface driver (kernel module) and route incoming traffic to it using iptables. But there is a patched non-original (non vanila) kernel on the machine. Normal linking of the module with the kernel is not possible.
Variant 3. I also tried not to assign an IP address to the NIC interface. In this case, the network TCP/IP layer module in the kernel is not activated and it is possible to generate and receive arbitrary IP packets on the link (ethernet) layer using the PF_PACKET socket domain type in the socket() function. But at this time, any other applications using the TCP/IP protocol can’t work.
How can this problem be solved in other ways?
It would be nice if it were possible to intercept packets going from the network interface to the kernel, that is, intercept the SKBuf buffer. But I don't know how to realize it.
Apparently you are trying to create a tunnel. Instead of trying to hijack an existing interface, the proper way to create a tunnel is to create a new interface, using a kernel module or TUN/TAP. However, tunnels are normally intended to receive traffic generated on the machine which runs the tunnel software, or at least routed through it. That means you will also have to set up the kernel to route the traffic to your tunnel.
You can create a new interface as a TUN/TAP interface. It is like a virtual ethernet driver except you don't need to write a new kernel module. It is designed for tunnels (hence the name).
The difference between TUN and TAP is that a TUN interface is an IP interface that receives IP packets from the kernel's IP routing system, and a TAP interface receives Ethernet packets (which may contain IP packets) so it can alternatively be part of a bridge (a virtual Ethernet switch - which only looks at the Ethernet header, not the IP header).
I think for your scenario, you will find it easiest to create a TAP interface, then create a bridge (virtual Ethernet switch) between the TAP interface, and the interface which the other host is connected to. Neither one needs an IP address - the kernel will happily pass Ethernet-layer traffic without attempting to process the IP information in the packet. Your tunnel software can then emulate a host - or tunnel to an actual host - or whatever you want it to do.
Or in visual form:
If you want the host to also be able to talk to the machine running the tunnel software - without going through the tunnel software - then you may choose to put an IP address on the bridge.
According to http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns892/ns894/white_paper_c11-525307.html
Each virtual machine is given a dedicated network interface card. My question is, how do a server containing about 10 virtual machines, ever support 10 NIC's ?
Those NICs are probably virtual. Packets from them are routed to the physical NIC(s) and the other way around. It's pretty much the same thing as you get in modern WiFi routers: at home you only have one Ethernet port from your Internet Service Provider, it's in the modem. You connect your router to it, but your router may have 2+ Ethernet ports to which you can connect multiple PCs.
They can be physical too and either be directly accessible to VMs or indirectly.
I am not expert on this subject, need your suggestions. I have a few devices on ethernet/LAN. I wanted to have these devices communicate over LAN without going into their network configurations. Below is my plan, please let me know if this can be achievable:
1) I install TCP/IP stack on these devices
2) I give them their hostnames like device1, device 2 etc....
3) I configure these devices for local-link networking, so that they can configure themselves and get their IPs.
4) I use socket programming and access each device by using hostnames.
Please let me know if this can be done without much hassle, and let me know if I have missed out something in above mentioned points.
Thanks in advance.
This is basically a good approach.
If your embedded devices have a good IPv6 stack, I recommend using it instead of IPv4. link local addresses work better with IPv6. Most IPv4 stacks are configured to try to obtain an address from a DHCP server first, and only fall back to link local addresses if they can't get one. The link local address and DHCP address might be mutually exclusive, so the link local address doesn't become operational until after DHCP has been tried and timed out. The link local address might even be disrupted if DHCP periodically retries. Although the devices will normally be connected to each other and there won't be a DHCP server, you don't want to disable DHCP, because the devices probably should obtain a DHCP address if they are ever connected to a wider network. With IPv6 on the other hand, the link local addresses come up immediately when the interface comes up, and stay up continuously while other IP addresses (from autoconf or from DHCPv6) may come and go.
Link local addresses alone won't let the devices contact each other by hostname, but dns-sd (mDNS, zeroconf) will. If you are using Linux then you can use avahi as a dns-sd stack.
Better than using hostnames, consider having the devices probe for each other by dns-sd service type. If you are using a custom protocol between your devices, make up a unique service tpe name and have the devices advertise themselves it and probe for it with dns-sd.
I'm writing a C# remote control for my media player. It runs on my Android phone.
I have a client app listening for TCP connections on my computer which, one a connection has been established, processes commands (Volume up, volume down, ...). I've tested that part using telnet 127.0.0.1 on my computer, and it works great.
Things are trickier when it comes to connecting from my phone, since it's not on the same network (I don't have Wi-Fi, only wired connections), so I'm not sure how to proceed. Basically I want to connect to a computer that's behind a router.
Should I rather host the TCP server on my phone, and have the PC connect to it? Take IRC as an example: although I'm behind a router, I can connect to servers outside, without port forwarding.
Or if hosting the server on my computer is fine, how do I connect to it?
I don't understand everything to this yet, so feel free to correct me if I got something wrong.
It would be more logical to keep the PC hosting the server, and configure your router to forward connections to your PC. You have two options:
Establish a DMZ: all incoming connections on the router will be forwarded to one PC only. This is easiest when you only have 1 PC on the network that needs to accept connections.
Configure port forwarding: you can instruct the router to forward connections incoming on port X to the IP Y on port Z. This way, multiple PC's can listing for connections (using different ports on the router). It is also a bit more secure.
How to set these up depends on your router, but most routers just accept connections on their port 80 and offer an easy web-interface. If you give your router brand, we can link you to the manual.
Things are trickier when it comes to connecting from my phone, since
it's not on the same network (I don't have Wi-Fi, only wired
connections), so I'm not sure how to proceed. Basically I want to
connect to a computer that's behind a router.
What you want to achieve is possible, but you need to learn about NAT traversal and hole punching.
Most often, devices behind a NAT/Router have a private IP address only valid on the LAN. Remote devices can't guess it. This private address is translated into a public IP address by the NAT when the device wants to communicate with the WAN.
The easy solution is you can give a public IP address to the device behind the NAT. In this case, remote devices on the WAN will easily be able to reach it, because its address is public.
I want to monitor the HTTP traffic sent/received from my iPhone. The iphone is connected to the Internet via my wifi router.
I want to capture packets from my windows 7 station.
Thanks for your help.
You have a few options here:
If your wireless router has a port mirroring or port spanning feature, turn it on and point it at your workstation's IP. Use Wireshark on your workstation to look at the packets arriving on the interface assigned to that IP.
If your workstation has a wireless card, get Connectify for Windows 7 (turns wireless card into Wifi Hotspot). Connect iPhone through Windows 7 wireless, and workstation through ethernet to the internet. Your workstation will effectively act as a router for your iPhone and you will be able to record iPhone's packets passing through it.
Get an ethernet hub (make sure it is not a switch, you won't see all packets on every interface with a switch), and connect your workstation, wifi router and internet to it.
Get a switch with port mirroring feature, configure port mirroring to forward a copy of all packets to your workstation.
Another option that I wish someone would have mentioned to me is pfSense. This is an operating system based on BSD made to serve as a firewall. Top of the line routers have, say 400 Mhz of processing speed, and unimpressive amounts of ram. The lowest-end computer you'll find these days has better specs than that, and of course, it's upgradeable. You don't have to bother with those terrible Cisco licenses (no DHCP with no license, 20 DHCP users at one license level, 100 users at an higher lever? Ludicrous), etc. Best of all, you have "root' access to the system, so you can run whatever you want on it (including wireshark, say)!!
Make sure you have two sufficiently fast ethernet cards. You'll set your wireless router to not do NAT (because pfSense will be doing that), then you can get to work setting up your VPN server, etc. without thinking about cisco licensing, etc.