The dissection of a CIP Message Router Response packet contains some spurious information.
Under the heading "Common Industrial Protocol", after the Additional Status Size field, there appear a Request Path Size and a Request Path. These don't correspond to any bytes in this packet. The Request Path Size and Request Path are present in the previous packet, a Message Router Request, so this spurious information seems to be a hangover from that packet.
Ethernet II, Src: Rockwell_98:a9:83 (5c:88:16:98:a9:83), Dst: LcfcHefe_91:c1:f9 (54:e1:ad:91:c1:f9)
Internet Protocol Version 4, Src: 10.141.114.211, Dst: 10.141.114.93
Transmission Control Protocol, Src Port: 44818, Dst Port: 6779, Seq: 267, Ack: 285, Len: 70
EtherNet/IP (Industrial Protocol), Session: 0xB176B060, Send RR Data
Encapsulation Header
Command: Send RR Data (0x006f)
Length: 46
Session Handle: 0xb176b060
Status: Success (0x00000000)
Sender Context: 19000000d8917902
Options: 0x00000000
Command Specific Data
Interface Handle: CIP (0x00000000)
Timeout: 5
Item Count: 2
[Request In: 165]
[Time: 0.001961000 seconds]
Common Industrial Protocol
Service: Unknown Service (0x54) (Response)
1... .... = Request/Response: Response (0x1)
.101 0100 = Service: Unknown (0x54)
Status: Success:
General Status: Success (0x00)
Additional Status Size: 0 words
[Request Path Size: 2 words]
[Request Path: Connection Manager, Instance: 0x01]
[Path Segment: 0x20 (8-Bit Class Segment)]
[Path Segment: 0x24 (8-Bit Instance Segment)]
CIP Connection Manager
Service: Forward Open (Response)
1... .... = Request/Response: Response (0x1)
.101 0100 = Service: Forward Open (0x54)
Command Specific Data
O->T Network Connection ID: 0x0943c0b7
T->O Network Connection ID: 0x80fe0001
Connection Serial Number: 0x0002
Originator Vendor ID: Rockwell Software, Inc. (0x004d)
Originator Serial Number: 0x26fe450d
O->T API: 7500.000ms
T->O API: 7500.000ms
Application Reply Size: 0 words
Reserved: 0x00
[CIP Connection Index: 0]
