Hi all, today I had a very interesting appointment with a large pharmaceutical company which are planning on giving PLC4X a try. If this works this would be a huge thing for our project as well as that company. After discussing multiple options of safely communicating PLC data from inside the production-network to a less safe network, we started investigating the protocols going over the wire.
The controllers used are Emerson DeltaV MV Controllers and they communicate with a matching Emerson OS (Operator-System … not OperatING System) … for me this is sort of a Emerson SCADA System. What directly popped my eye was that all communication is done using UDP on port 18507 and every packet sent starts with the first two bytes “0xFA” and “0xCE” … “FACE” … I couldn’t find any mention of a protocol name and hereby no spec or whatsoever information. Right now I’m doing a manual pattern detection in my WireShark recording and will definitely start automating that to prove my assumptions. But I was hoping that someone here on the list might be able to provide some information and eventually give me the one or the other useful hint. But for now … done enough hex-dump-reading for today … #ifdef PLC #define PLC = Plenty of Lovely Craftbeer #endif Have a nice weekend :-) Chris
