Ask Your Question

Revision history [back]

Dissection of CIP Message Router Response

The dissection of a CIP Message Router Response packet contains some spurious information.

Under the heading "Common Industrial Protocol", after the Additional Status Size field, there appear a Request Path Size and a Request Path. These don't correspond to any bytes in this packet. The Request Path Size and Request Path are present in the previous packet, a Message Router Request, so this spurious information seems to be a hangover from that packet.

Ethernet II, Src: Rockwell_98:a9:83 (5c:88:16:98:a9:83), Dst: LcfcHefe_91:c1:f9 (54:e1:ad:91:c1:f9)
Internet Protocol Version 4, Src: 10.141.114.211, Dst: 10.141.114.93
Transmission Control Protocol, Src Port: 44818, Dst Port: 6779, Seq: 267, Ack: 285, Len: 70
EtherNet/IP (Industrial Protocol), Session: 0xB176B060, Send RR Data
    Encapsulation Header
        Command: Send RR Data (0x006f)
        Length: 46
        Session Handle: 0xb176b060
        Status: Success (0x00000000)
        Sender Context: 19000000d8917902
        Options: 0x00000000
    Command Specific Data
        Interface Handle: CIP (0x00000000)
        Timeout: 5
        Item Count: 2
        [Request In: 165]
        [Time: 0.001961000 seconds]
Common Industrial Protocol
    Service: Unknown Service (0x54) (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Unknown (0x54)
    Status: Success: 
        General Status: Success (0x00)
        Additional Status Size: 0 words
    [Request Path Size: 2 words]
    [Request Path: Connection Manager, Instance: 0x01]
        [Path Segment: 0x20 (8-Bit Class Segment)]
        [Path Segment: 0x24 (8-Bit Instance Segment)]
CIP Connection Manager
    Service: Forward Open (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Forward Open (0x54)
    Command Specific Data
        O->T Network Connection ID: 0x0943c0b7
        T->O Network Connection ID: 0x80fe0001
        Connection Serial Number: 0x0002
        Originator Vendor ID: Rockwell Software, Inc. (0x004d)
        Originator Serial Number: 0x26fe450d
        O->T API: 7500.000ms
        T->O API: 7500.000ms
        Application Reply Size: 0 words
        Reserved: 0x00
        [CIP Connection Index: 0]

Dissection of CIP Message Router Response

The dissection of a CIP Message Router Response packet contains some spurious information.

Under the heading "Common Industrial Protocol", after the Additional Status Size field, there appear a Request Path Size and a Request Path. These don't correspond to any bytes in this packet. The Request Path Size and Request Path are present in the previous packet, a Message Router Request, so this spurious information seems to be a hangover from that packet.

Link to capture file: link text

Ethernet II, Src: Rockwell_98:a9:83 (5c:88:16:98:a9:83), Dst: LcfcHefe_91:c1:f9 (54:e1:ad:91:c1:f9)
Internet Protocol Version 4, Src: 10.141.114.211, Dst: 10.141.114.93
Transmission Control Protocol, Src Port: 44818, Dst Port: 6779, Seq: 267, Ack: 285, Len: 70
EtherNet/IP (Industrial Protocol), Session: 0xB176B060, Send RR Data
    Encapsulation Header
        Command: Send RR Data (0x006f)
        Length: 46
        Session Handle: 0xb176b060
        Status: Success (0x00000000)
        Sender Context: 19000000d8917902
        Options: 0x00000000
    Command Specific Data
        Interface Handle: CIP (0x00000000)
        Timeout: 5
        Item Count: 2
        [Request In: 165]
        [Time: 0.001961000 seconds]
Common Industrial Protocol
    Service: Unknown Service (0x54) (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Unknown (0x54)
    Status: Success: 
        General Status: Success (0x00)
        Additional Status Size: 0 words
    [Request Path Size: 2 words]
    [Request Path: Connection Manager, Instance: 0x01]
        [Path Segment: 0x20 (8-Bit Class Segment)]
        [Path Segment: 0x24 (8-Bit Instance Segment)]
CIP Connection Manager
    Service: Forward Open (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Forward Open (0x54)
    Command Specific Data
        O->T Network Connection ID: 0x0943c0b7
        T->O Network Connection ID: 0x80fe0001
        Connection Serial Number: 0x0002
        Originator Vendor ID: Rockwell Software, Inc. (0x004d)
        Originator Serial Number: 0x26fe450d
        O->T API: 7500.000ms
        T->O API: 7500.000ms
        Application Reply Size: 0 words
        Reserved: 0x00
        [CIP Connection Index: 0]