I'm working on a project where I have two Debian VMs that both have Pymodbus installed. I'm trying to setup a virtual testing environment where I can perform various cyber attacks on the two from a third Kali VM while they communicate. Unfortunately, I'm very new to unix and PLC programming, and am having some difficulty getting the two to communicate with each other. Ideally, the master should send data to the slave, who then updates some information and sends a response back. Does anyone know how to begin to get these two to work together? I'm really at a loss here, and I have no idea where to begin. Thank you so much, I really appreciate it.
I got pymodbus from here: https://pypi.python.org/pypi/pymodbus
Documentation located here: https://github.com/riptideio/pymodbus
P.S. I used pip to install the above .whl file, but I've seen other people install pymodbus by simply running a command, which makes me worry that I've done this all wrong.
You can run a test in one Debian VM system.
1. run the server file, and set the ip and port.
2. run the client file, and connect to the ip and port.
That is tcp/ip method and you can do serial method by the same file.Just look the comments in the above files. If any questions, let me know.
server picture:
client picture:
updated:
1.connect two PCs by local area network.Make sure two PCs can ping each other.
2.set synchronous-server.py:
StartTcpServer(context, identity=identity, address=("0.0.0.0", 5020))
which means listen all the coming connection requests from all ip.
3.setsynchronous-client.py(let's assume the server pc ip is "192.168.1.10", you should replace this ip to real server ip):
client = ModbusClient('192.168.1.10', port=5020)
4.run the two py files and it should works now.
Related
I have a Win11 laptop and I installed Yabe and was easily able to explore bacnet objects on my home thermostat. I'm trying to duplicate this on a Linux Laptop. My issue is that Yabe is not finding my thermostat on the Linux machine.
I'm running Linux Mint 21 Cinnamon 5.4.12. I installed Mono and downloaded Yabe. I am running with command "mono ./Yabe.exe". The Win11 laptop rules out thermostat setup/network issues. In the Yabe log window I get a message that says "error loading plugins". I did't try to install any plugins so I don't know where this is coming from and I'm not sure if it's even the root cause. Initially I just left the Yabe folder in my downloads folder. I also moved it to /usr/bin but that didn't solve anything. Any suggestions would be appreciated. I would really like not to have to use Win11 as it is a memory hog.
A similar question was raised on sourceforge but the answers have not helped me.
https://sourceforge.net/p/yetanotherbacnetexplorer/discussion/general/thread/1e78874922/?limit=25
Thank you for the suggestions. I ran Wireshark capture with filter "udp and port 47808" and received i-Am 100001 from the thermostat at 192.168.0.150 which is the static address I assigned. Like I said, since I literally have a Win-11 laptop sitting beside this one with Yabe installed and it sees the thermostat just fine, that rules out most network router issues. Also, I currently have the Linux firewall turned off. I believe it must be some bug with the Yabe installation on this version of Linux. I keep wanting to get away from Windows and rely solely on Linux and then I run into issues like this that make me realize why it's not universally adapted in industry.
At least for Windows, I believe that the plug-in DLLs are not strictly necessary/important; and you could drop the relevant plug-in DLLs alongside the 'YABE.exe' binary (- within the same folder); I've included a picture of plug-in DLLs' filenames.
Is both the (BACnet) client machine and server/thermostat machine using a public IP address, or at least a private IP address within the same subnet/network address range?
Have you got a Linux (and/or Windows) firewall blocking communication?
Can you see the 47808 port # open using the 'NMap' tool?
Also - for generic reference, an answer of mine for a half-similar question (- some points are could also be relevant here):
Things worth considering :-
Tools such as YABE, VTS and Wireshark - to learn from the success cases/successful instances of communication.
The network card (NIC) that your tools and/or libraries are using/selecting to send the ('service' request) messages - e.g. definitely don't mix routable addresses with non-routable 'private' addresses (between the BACnet 'client' IP & the 'server' IP).
(UDPv4-only) 'Broadcasts' will only work upon the local network (- if a BBMD is not present & correctly set-up to relay the broadcast on to another part/hop of the "internetwork"/connected networks).
If you're unlucky - with a particular device, your client port just might have to be 47808/0xBAC0; and just possibly for the broadcasts too.
Also try directed/'unicast' traffic/'service' requests too - e.g. attempting to read the device object instance # (DOIN) of a target device; check you've got/are specifying the correct DOIN when targeting/firing a request at a device.
Does the target device have a BACnet router or BACnet gateway in front of it (- therefore would also need the inclusion of a DNET & DADR paired values as part of addressing it)?
If so, are you talking the same variant of BACnet, e.g. IP - as in BACnet/IP between both the (BACnet) 'client' & 'server'/serving device?
If it's a commercial/enterprise device, does it have a IP whitelist - to allow for the processing of incoming requests?
I was using WSL to run ROS commands, and at a point i had to enable system to respond to broadcast icmp requests (for a multi master kind of a setup) i.e. on linux i had to make sure
cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
returns 0. but WSL does not contain such a file, so i was thinking of enabling it on windows. All the sources i have gone through suggest me to add a rule to firewall but my system is not responding to broadcast ping even when my system's firewall is turned off(domain, private and public have been turned off same with my buddy who is no the same network). i am using an android phone's mobile hotspot to check this.
it would be great if someone could help me on this.
thanks in advance.
I asked something similar
I don't know how to do it purely on WSL. But on windows you have to start the "TCPSVCS.EXE" process. located on System32
My setup is that I have a machine running little eclipse server in node, and I want to configure other machines on the LAN to run a website off of that first computer. Everything is working fine, but I have to manually tell the other computers which local IP address to use when opening chrome.
All computers at this point are running ubuntu.
Ideally I'd like to make a bash script on any new computer which finds the IP address of the computer running the express server, then opens chrome at that address.
Googling tends to get me answers for the question 'how to see all computers on my LAN'. It seems that I can achieve that in many ways, most notably nmap.
NMap works fine, but now my question is how I can make the server computer broadcast its status as the desired machine, then extract its sepcific IP address?
Some of the other possibilities I've considered are the following (I state why I'm not sure they're right for me, but please correct me if I'm wrong):
Hosts File
This requires setup for each collection of computers, which is undesirable
DHCP+DNS on router
Again requires set up on the router, which can't be guaranteed to have the required functionality every time.
DNS server on a machine
Again this requires knowing the IP address of the server
What I'd really like is for the process to be automatic – the server machine is happily running its local website, then any other computer that joins the network is able to find it then open that website in chrome, without the person installing the computer having to know the server's IP address. Is such a thing feasible?
On my root server, debian 7 is the operation system. Running kernel is 2.6.32.
I have the problem, that TCP/IP-connections seems to be "unstable".
ssh connections often hang or timeout. Webserver sometimes runs fast, sometimes the client (browser) is waiting and waiting for a response.
I dont know where to start right now for this problems. I made a hardware check requests at my ISP ticket system.
Is there a hint you can give me?
I would guess it is DNS related. I would isolate one destination to communicate to, and one location to communicate from. Using ping, I would determine if there was latency in the link itself (ping from the server to one destination and from your client workstation to the troubled server). Once you determine that times are predictable (no **'s)I would learn both IP addresses and put them in /etc/hosts.
When you run ssh I would consider using -vv to see what it is doing and maybe that will help.
The problem was a broken network adapter in the mainframe of the cluster. The provided fixed the issue.
I'm trying to write a bash script to merge 2 already-existing SSH connections.
For example, if I have an embedded device automatically creating an SSH connection to my server (from behind a firewall), how can I connect to that server in the middle, and jump into the already-existing connection from that embedded device?
I have looked into the possibility of using the server as a 'jump host', but it seems like I will need to reliably determine (and send SSH requests) to that embedded device?
I have also looked at having the embedded device create a 'screen' on the remote server and connect to that, but that just seems like it would be operating on the remote server.
I'm sorry if this is the wrong place to ask this, but I don't know where else to ask.
It sounds like your requirements are going to need either a uPNP solution or tunnelling solution to get through your firewall. The following link discusses reverse SSH tunneling as one part of this solution.
https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work