A demonstration of some of the tools available for performing online diagnostics on PROFINET networks using Netilities from Procentec, the BC-502-PN from Softing and the Ethernet Frame Analyser Wireshark®. We shall be monitoring a PROFINET system made up of hardware from Siemens, Wago, Moxa, Murr. Procentec & Softing.

1. PROFINET Frame
Analysis &
Diagnostic Tools
Peter Thomas
Control Specialists Ltd
www.controlspecialists.co.uk
Copyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

2. 2
Objectives
• A demonstration of some of the tools available
for performing online diagnostics on
PROFINET networks using Netilities from
Procentec, the BC-502-PN from Softing, the
Ethernet Frame Analyser Wireshark® and
PRONETA from Siemens.
• We shall be monitoring a PROFINET system
made up of hardware from Siemens, Wago,
Moxa, Murr. Procentec & Softing.
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

3. 3
PROFINET Demonstration Network
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2

4. Open Systems Interconnection (OSI) model
4
APPLICATION LAYER
(HTTP / SMTP / FTP)
PRESENTATION LAYER
SESSION LAYER
TRANSPORT LAYER
(TCP / UDP)
NETWORK LAYER (IP)
DATALINK LAYER
(MAC ADDRESS)
PHYSICAL LAYER
APPLICATION LAYER
(HTTP / SMPTP / FTP)
PRESENTATION LAYER
SESSION LAYER
TRANSPORT LAYER
(TCP / UDP)
NETWORK LAYER
(IP)
DATALINK LAYER
(MAC ADDRESS)
PHYSICAL LAYER
Device 1 Device 2
= Potential Delays
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

5. Device to Device Communication (PROFINET)
5
IO Controller IO Device
STANDARD
PRESENTATION
LAYER
SESSION LAYER
TRANSPORT
LAYER
(UDP)
NETWORK
LAYER
(IP ADDRESS)
DATALINK LAYER
(MAC ADDRESS)
PHYSICAL LAYER
REAL TIME STANDARD
PRESENTATION
LAYER
SESSION LAYER
TRANSPORT
LAYER
(UDP)
NETWORK
LAYER
(IP ADDRESS)
DATALINK LAYER
(MAC ADDRESS)
PHYSICAL LAYER
REAL TIME
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

6. Ethernet Switches
• PROFINET networks make extensive
use of switches.
• Simply plugging in a monitoring tool into
a spare port on the switch will not work
because switches only send messages to
the port to which the intended receiving
device is connected.
• To overcome this we set up one port as
a mirrored port (usually a feature of
managed switches).
• Make sure the mirrored port is bi-
directional.
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

7. 7
SETTING UP A MIRRORED PORT
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

8. Monitoring Ports
• Choosing which port to monitor is very important.
• If the switch you are monitoring has only one
outgoing connection to the IO Devices (Switch A)
then set the mirror port to monitor the outgoing
port.
IO Controller Switch A Switch B
Set Mirror port to Monitor this
port
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

9. Monitoring Ports
• If the switch you are monitoring has several IO
Devices, each connected to a port of its own, (Switch
B) then set the mirror port to monitor the port that
connects the switch to the IO Controller.
• If the diagnostic tool you are using needs to send out
DCP_IDENT requests then you will need a second
connection to a spare (non-mirrored) port on your
switch.
IO Controller Switch A Switch B
Set Mirror port to
Monitor this port
Set up a second
connection to a
spare port
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

10. Diagnostic Monitoring using a Managed Switch
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2
See previous slides regarding
which port to mirror and
whether or not you need two
cables.

11. 11
PROFINET & TAPS
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
IN OUT
USB
• If you do not have a switch that supports
port mirroring, an alternative is to use a
TAP.
• Taps have two RJ45 ports and are
connected in series with the device(s) that
you want to monitor.
• The PC connects to the Tap via a USB
interface.
• By definition, the installing of a tap
requires you to disrupt the network when
installing it.
• Note – This is NOT a bi-directional device
- i.e. it is only a listener.

12. Diagnostic Monitoring using a PROFINET Tap
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2
USB
The blue/dashed cable is connected to
a spare port to allow DCP_IDENT
requests to reach the IO Devices.
Copyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

13. WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2
Connection to web
server
MONITORING
DEVICE
24v Supply
Permanent Monitoring
Copyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

14. Demonstration
Copyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

15. 15
Netilities
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
Netilities is a pc-based engineering tool for monitoring the
status of a PROFINET network. It has features similar to the
PROFIBUS analyser ProfiTrace such as Live List, Bargraph,
Statistics and Report Generation.

16. 16
Netilities – Connecting to PROFINET
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2

17. 17
Netilities
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
DEMONSTRATION

18. 18
BC502-PN
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
The BC502-PN is a hardware-based PROFINET monitor
designed for permanent connection to the PROFINET network.
The diagnostics are then presented in real time via an in-built
web server. It has the advantage of not requiring a mirrored
port to connect to the network.

19. 19
BC502-PN – Connecting to PROFINET
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2

20. 20
BC502-PN
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
DEMONSTRATION

21. 21
Wireshark®
• Wireshark® is a network protocol analyser.
It lets you capture and interactively browse
the traffic running on a computer network.
• It is not dedicated to PROFINET and as
such cannot be compared to ProfiTrace.
• It is free to download and available from
www.wireshark.org
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

22. 22
Wireshark® – Connecting to PROFINET
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
WAGO 750-340
RACK03DEV1
192.168.0.31
00-0E-8C-9B-94-BD
SIEMENS ET200S
RACK03DEV2
192.168.0.32
00-1B-1B-25-B7-1D
MURR IMPACT20
RACK03DEV3
192.168.0.33
00-0F-9E-08-7F-DE
MOXA ETS-505
5-PORT
SWITCH
00-90-E8-0C-B6-29
SIEMENS
X208 8-PORT
SWITCH
192.168.0.1 (WEB)
00-0E-8C-9B-94-BD
SIEMENS
CP315-2 DPPN CPU
MASTERRACKCPU
192.168.0.2
00-0E-8C-FE-75-E2

23. 23
Wireshark®
• Wireshark® can be used to capture and
analyse PROFINET traffic during the
following events:-
– Start-Up
– Data Exchange
– Loss of Module
– Loss of Communications
– Duplicate Device Name
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

24. 24
Siemens – Hardware Configuration
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

25. 25
IEEE 802.3 EtherNet Frame
40 – 1500 BYTES
DATA
SOURCE
MAC
6 BYTES
DEST
MAC
ETHER
TYPE
FRAME
CHECK
SEQ
ETHER TYPE EXAMPLES
0800: Internet Protocol (IPV4)
0806: ARP
8892: PROFINET
88CC: LLDP
Format / Contents dependent
upon the value of the
ETHER TYPE
ETHERNET HEADER ETHERNET TRAILER
Note – VLAN Tags (Bandwidth Control / Prioritisation),
IFG (Inter Frame Gap), Preamble and
SFD (Start Frame Delimiter) bytes not shown.
ETHERNET FRAME
6 BYTES 2 BYTES 4 BYTES
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

26. 26
PROFINET Frame
SOURCE ADDRESS DESTINATION ADDRESS ETHERTYPE
PROFINET IO DATA CYCLE COUNTER DATA STATUS
FRAME ID
TXFR STATUS
ETHERTYPE 8892 = PROFINET, FRAME ID 8000 = REAL TIME CLASS 2
-- APPLICATION PROTOCOL DATA UNIT STATUS --
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

27. 27
PROFINET Frame (CPU to OUTPUTS)
SLOT 1
SLOT 2
SLOT 3
SLOT 4
IOPS SLOT 3/4
DIG OUT DATA
DAP
DAP = DEVICE ACCESS POINT (IO DEVICE STATUS) 00 = BAD, 80 = GOOD
IOPS = IO PROVIDER STATUS (DATA STATUS @ CPU) 00 = BAD, 80 = GOOD
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

28. 28
Common Protocols seen on PROFINET
• PNIO-DCP – Device Name / IP Address Assignment
• PNIO-CM – Start-up Services between an IO
Controller and each IO Device.
• PNIO – Cyclic IO Data Exchange
• PN-PTCP – Time Syncronisation
• PNIO-AL – Acyclic Alarms / Events
• ARP – IP Address – MAC Address Lookup
• LLDP – Device Identity & Properties.
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

29. 29
WIRESHARK - HomePage
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

30. 30
WIRESHARK – Frame Analysis
Packet Filter
Expression Filter Buttons
Packet Details Window
Packet Bytes Window
Packet List Window
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014

31. 31
Protocol Usage: Start-up to Data Exchange
Assign Device Name *
PNIO-DCP
/ ARP Assign IP Address
Establish Connection
PNIO-DCP
or LLDP
PNIO-CM
PNIO Cyclic Data Exchange
IO Device confirms Name SET
IO Device confirms IP Address SET
Connection Established
* DEVICE NAME ASSIGNMENT
Device Names can be set up Manually,
During configuration (or device replacement)
or Automatically on power-up.
Manual name assignment - Tools such as
Proneta from Siemens or Netilities from
Procentec provide this facility. Manual name
assignment uses PNIO-DCP (Discovery &
Control Protocol).
Automatic name assignment uses the
LLDP (Link Layer Discover Protocol) and
PNIO-DCP and requires the use of a
PROFINET Topology Configuration Tool.
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
Determine MAC Address

32. 32
Wireshark®
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
DEMONSTRATION

33. 33
SIEMENS PRONETA
www.controlspecialists.co.ukCopyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014
DEMONSTRATION

34. 34
Questions?
Peter Thomas
Control Specialists Ltd
peter.thomas@controlspecialists.co.uk
LinkedIN – http://www.linkedin.com/company/2198880
www.con
Tel +44(0)1925 824003
Mob +44(0)7971 405871
Copyright Control Specialists - PROFINET Frame Analysis and Diagnostic Tools - Apr 2014 www.controlspecialists.co.uk