Posts made by LynneJohn

@vladimir Looks really good. I'm going to send this log over to our BACnet stack supplier to see if he has any extra feedback. To me this looks much better than running a 485 to USB connection into WireShark.

Thanks again for all the help. Any chance you could release this into your standard layer plugins?

BACnet_38400_heavery_traffic_error_v5.7z

@vladimir
Here is a log that is working very well until time stamp 9:55:07 +00:46.470 and then the decode stops.

Thanks again for all the help.

BACnet_38400_heavery_traffic_error_v4.7z

@vladimir Sorry for the delay. Upload symbol is there but I get an error that file is too big. The log is 1Mbyte in size. Is there a way to reduce the size once the log is loaded into IO Ninja?

Thanks.

[0_1709752179535_BACnet_38400_heavery_traffic_error_v4.njlog](Uploading 100%)

@vladimir That icon does not show on my Firefox. I'll try a different browser.

Most likely, you just commented out the padding code, but forgot to add a semicolon ;

Exactly correct as I had missed the '+' on the line above.

Traces look very good now as I will try to move to your latest code. Tried using the upload images(right most icon) to send a 7z zip file but I don't have privileges for it.

@vladimir Removing the padding gives this trying to load the Analyzer:

Inserting the changes to BacNetMsTpParser.jnc(without the modification to the padding) it runs very well with an occasional issues toward the end of a large packet:

While using this analyzer should we have been running Settings->Log Engine->Binary Data->Binary Data Merge with a 3msec threshold. Should we still be using this ?

Just want to also add how nice it is to be able to see the packets.

Thanks.

Re "stop" of the analyzer -- could you share the original .njlog with the large packet?

How do I send you the log that is out of sync. I'll try your fixes and report back. Also here are a couple frame types if you want to add them to the analyzer:

enum BacNetMsTcpFrameType: uint8_t {
	Token                       = 0,
	PollForMaster               = 1,
	PollForMasterReply          = 2,
	TestRequest                 = 3,
	TestResponse                = 4,
	BacNetDataExpectingReply    = 5,
	BacNetDataNotExpectingReply = 6,
	ReplyPostponed              = 7,
	ExtendedDataExpectingReply	= 32,
	ExtendedDataNotExpectingReply = 33,
	CustomFrame					= 254,
	NoFrame						= 255
}

Wow, this is great. Couple questions:

• The Pre-release does not have an install script(msi file.) Can I just drop the folders into the current C:\Program Files\Tibbo\IO Ninja directory?

Loaded your analyzer(on version 5.5.0) using Settings->Add-on Plugins->Layers->Add and selected BacNetMsTp.njplg(this was a guess).

• It ran very well except that after a large packet came through it seemed to stop(see timestamp 16:21:35 +00:06:437. Looked through the scripts(everything you sent) to see if there was a max number of bytes for a packet but did not find one.

Thanks again.

@vladimir After adding "Force Latin-1 encoding" to the Log Regex Markup settings I'm getting color highlights but no new timestamps when it see's the pattern.

Is there any way to get the log to show a timestamp at the beginning of each 55 FF pattern?

Thanks

@Vladimir I think at this point it would be nice to do a basic packet decode of sender/receiver and and packet type as it is only one byte long so 255 possibilities.

How do you get to the Transmit pane if it is greyed out(un-selectable) ?

Really appreciate the information.
I tried using RegEx Markup with default Session settings and it does not want to break the packets up.

Using Session->Settings->Log Engine->Binary Data->Binary Data Merge with a value of 3msec it looks better but I'm really after the timestamp of each packet.

We have tried using a 485 to USB to monitor the BACnet traffic, but there is a point where the tokens are shown with the exact same timestamp and I suspect that the USB on the PC can't keep up with data which is surprising given the link speed is only 38400.

Thanks again for the help.

We have come back to looking to have IO Ninja decode BACnet and maybe someone could help us understand how using a Jancy script could work with BACnet MS/TP packets. Defining the different fields is understandable until you get BACnet packets that have specific data which is attached onto the end of the packet. How do you tell Jacncy that if the packet length goes beyond the CRC you need to process it?

Thanks


import "crc16.jnc"

enum MyEnum: int8_t {
	Value1,
	Value2,
	Value3,
}

pragma(Alignment, 1);

[ displayName = "BACnet packet" ]
struct MyPacket {
	[ displayName = "Preamble" ]
	int16_t m_field1;

	[ displayName = "Frame type" ]
	int8_t m_field2;

	[ displayName = "Destination Address" ]
	int8_t m_field3;

	[ displayName = "Source Address" ]
	int8_t m_field4;

	[ displayName = "Length" ]
	uint16_t m_length;

	[ displayName = "CRC-8" ]
	uint8_t m_checksum;

	[ userAction = "Initialize" ]
	void initialize(char const* name) {
		m_field1 = MyEnum.Value1;
		m_field2 = 2;
		m_field3 = 3;

		size_t size = strlen(name) + 1;
		if (size > sizeof(m_name))
			size = sizeof(m_name);

		memcpy(m_name, name, size);
	}

	[
		userAction = "Update length",
		autorun = "Auto-update length"
	]
	void updateLength() {
		m_length = dynamic sizeof(this);
	}

	[
		userAction = "Update checksum",
		autorun = "Auto-update checksum"
	]
	void updateChecksum() {
		m_checksum = crc16_ansi(this, dynamic sizeof(this));
	}
}

Is there any way to break these packets apart or export the log?

Thanks

We looked at the Modbus Packet Templates because ModBus RTU uses time gaps to signal the Beginning/End of a packet. It is not clear how the time stamp works with this as timestamps are not shown in the templates. Tried doing a straight hex dump of the log file to see if we could import it into WireShark but when you save the log as a text file, WireShark takes it as a single packet. Any way to break the packets apart by gaps in the time stamp?

After changing the wiring(flipping TX+ and TX-) we now have the correct data showing. If there any way to have the packets broken into lines based on byte patterns or time stamps(the current view has to packets lumped into the same line?)

Thanks.

IO Ninja
TX + TX
TX- RX
GND Gnd

Our control attaches to a BACnet server via RS485 and we are trying to capture comms between the two. Currently we have the IO Ninja TX+/TX- and GND attached to the the servers TX, RX and Gnd. The issue we are having is that the bytes do not look correct. Here is the dump of what the internal controller packet memory sees(notice the 55FF which is correct):

00> TX: 55FF000C200000A9
00> RX: 55FF05200C0018D3010C000106C0A80182E38B
00> RX: 02759A0E0C034000021E09081F537E
00> TX: 55FF070C2000003E
55FF060C200113E30120000106C0A80182E38BFF309A0E0C034000021E
00> TX: 55FF000C200000A9
00> TX: 55FF000C200000A9
00> TX: 55FF000C200000A9

The serial tap trace looks like the byte start is is taken on the wrong clock edge(55FF becomes 5500.) The serial settings are correct and we don't see any other filters/tweaks we could try:

A BACnet vendors likes to runs a 485 to USB and feeds that into wire shark on a PC but we would rather stick with the serial tap as it's important to see the data in real time(USB capture on a PC can be to slow.)

Any advice is appreciated.

So it looks like my byte count of 0x04 is incorrect. Change the beginning of the packet:
From 0x01 0x04 0x04
To 0x01 0x04 0x10

Serial Tap - UART setting 19200, 8N1

We are monitoring ModBus RTU comms between two different processors(STM32F030 and ESP32). When you look at the raw serial output the packets look correct but when you add the ModBus layer, it seems to be breaking the packets from the STM32F030 up in the middle of transmission. When it does this you start seeing CRC errors because the analyzer has broken the packet apart. Why does the ModBus analyzer break the tx packet mid transmission?

Thanks...

Raw Serial:

ModBus: