sniffer

package module

v0.1.1 Latest Latest Go to latest Published: Oct 17, 2020 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andreaaizza/sniffer

Links

Open Source Insights

README ¶

Introduction

This is a Modbus RTU sniffer, which can be utilized to passively read traffic from a RS-485 half-duplex or full duplex serial line (transmit and receive on the same single serial line). It also provides the capability of scanning to identify the valid speed and serial frame configuration the Modbus RTU bus; a scan is successful in case both a request and the corresponding response are found.

A scan with debug flag can be utilized to read serial data from duplex lines, but niether Modbus data is not decoded nor scan succeeds.

This is tested on linux (also GOARCH=arm), can be extended to windows.

Install

It requires Go and Protobuf.

git clone github.com/andreaaizza/sniffer
cd sniffer 
make proto
go install ./cmd/snifferModbusRTU

Examples

Connect to a RS-485 serial (you might possibly need a hardware converters) with active traffic.

Scanner

Scan half-duplex port /dev/ttyUSB0 for all speed/frame combinations:

snifferModbusRTU -d1 /dev/ttyUSB0 -scan

To scan duplex ports you need to add -duplex and the second port -d2 dev/ttyUSB1. E.g.:

snifferModbusRTU -d1 /dev/ttyUSB0 -d2 /dev/ttyUSB1 -duplex -scan

Restrict scan to just 9600 bps configurations (add -duplex if you wish):

snifferModbusRTU -d1 /dev/ttyUSB0 -b 9600 -scan

You might use frame format restriction e.g. -f 8E1.

Sniffer

Sniff traffic from half-duplex port /dev/ttyUSB0 with baud 38400 and frameformat 8N1:

snifferModbusRTU -d1 /dev/ttyUSB0 -b 38400 -f 8N1

Sniff traffic from duplex port /dev/ttyUSB0 (tx, requests), /dev/ttyUSB1 (rx, responses/exceptions) with baud 9600 and frameformat 8N1:

snifferModbusRTU -d1 /dev/ttyUSB0 -d2 /dev/ttyUSB1 -duplex

License

See LICENSE file

Documentation ¶

Index ¶

Variables
type Config
- func ScanPort(conf Config, speed *int, frame *string, scanForSeconds int, debug bool) *Config
- func (c *Config) PrettyString() (s string)
type Result
type Results
type Sniffer
- func NewModbusRTUSniffer(conf Config) (s *Sniffer, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var File_sniffer_proto protoreflect.FileDescriptor

View Source

var ModbusSpeeds = []int{9600, 19200, 38400, 115200, 57600, 4800, 2400, 1200}

Modbus data for scanning, most frequent first

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Ports []*logger.Config
}

func ScanPort ¶

func ScanPort(conf Config, speed *int, frame *string, scanForSeconds int, debug bool) *Config

Scan for Modbus RTU valid serial port configuration connect one 485 line to an active line with traffic to run this

func (*Config) PrettyString ¶

func (c *Config) PrettyString() (s string)

type Result ¶

type Result struct {
	Request  *dissector.Result `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
	Response *dissector.Result `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"`
	// contains filtered or unexported fields
}

func (*Result) Descriptor deprecated

func (*Result) Descriptor() ([]byte, []int)

Deprecated: Use Result.ProtoReflect.Descriptor instead.

func (*Result) GetRequest ¶

func (x *Result) GetRequest() *dissector.Result

func (*Result) GetResponse ¶

func (x *Result) GetResponse() *dissector.Result

func (*Result) PrettyString ¶

func (r *Result) PrettyString() string

func (*Result) ProtoMessage ¶

func (*Result) ProtoMessage()

func (*Result) ProtoReflect ¶

func (x *Result) ProtoReflect() protoreflect.Message

func (*Result) Reset ¶

func (x *Result) Reset()

func (*Result) String ¶

func (x *Result) String() string

type Results ¶

type Results struct {
	Results []*Result `protobuf:"bytes,1,rep,name=results,proto3" json:"results,omitempty"`
	// contains filtered or unexported fields
}

func (*Results) Descriptor deprecated

func (*Results) Descriptor() ([]byte, []int)

Deprecated: Use Results.ProtoReflect.Descriptor instead.

func (*Results) GetResults ¶

func (x *Results) GetResults() []*Result

func (*Results) ProtoMessage ¶

func (*Results) ProtoMessage()

func (*Results) ProtoReflect ¶

func (x *Results) ProtoReflect() protoreflect.Message

func (*Results) Reset ¶

func (x *Results) Reset()

func (*Results) String ¶

func (x *Results) String() string

type Sniffer ¶

type Sniffer struct {
	Results Results
	// contains filtered or unexported fields
}

func NewModbusRTUSniffer ¶

func NewModbusRTUSniffer(conf Config) (s *Sniffer, err error)

NewModbusRTUSniffer creates and starts a sniffer for Modbus RTU Process runs on go routine, which can be stopped with Sniffer.Close() You need to secure main program does not exit e.g. for{select{}} if 1 port is provided, then it sniffs half-duples if 2 ports are provided, then is sniffs duplex (Requests on port[0] (tx), Responses/Exception on port[1] (rx)

func (*Sniffer) Close ¶

func (s *Sniffer) Close()

Close closes

func (*Sniffer) GetResultsAndFlush ¶

func (s *Sniffer) GetResultsAndFlush() (res Results)

GetResults return results, and flushes

func (*Sniffer) GetResultsCount ¶

func (s *Sniffer) GetResultsCount() int

func (*Sniffer) ProtoBytesAndFlush ¶

func (s *Sniffer) ProtoBytesAndFlush() (b []byte, err error)

ProtoBytes extracts results as protobuf Marshalled bytes

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
decode
snifferModbusRTU
dissector
logger
signals
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL