[Winpcap-users] use of winpcap with PLC net

Jean-Luc Pamart jlpamart at yahoo.fr
Fri Jan 25 20:02:24 GMT 2008



Guy Harris a écrit :
> Jean-Luc Pamart wrote:
>
>> I have a home net with :
>>
>> 2 windows PC1 and PC2 (with winpcap and wireshark)
>> 1 linux Arm PC3 (with libpcap and snort)
>> 1 Modem-router xDSL : M
>>
>> they are connected on a PLC ( Intellon INT51X1 (14 bps))
>
> (Presumably you mean "14 Mbps" - or "14 Mops", if you prefer. :-))
yes 14 mbps (homeplug 1.0 i suppose) :-)
>
> The INT51X1 is just a chipset:
>
>     http://www.intellon.com/products/homeplug/int51x1.php
>
> and they say it "provides three types of host interface for maximum 
> system flexibility:
>
>     o A USB1.1 device interface for connection to a USB host
>     o An MII PHY (IEEE 802.3u) / GPSI interface for interconnection to 
> microcontrollers or Ethernet controllers
>     o An MII Host / DTE interface (IEEE 802.3u) for direct connection 
> to an Ethernet PHY"
>
>> like this :
>>
>> PC1          PC2            PC3
>> eth               eth              eth
>> eth/PLC      eth/PLC      eth/PLC
>> ====================== M ====Internet
>
> So I assume that's something such as
>
>     PC1        PC2        PC3         M
>     eth        eth        eth        eth
>      ^         ^         ^         ^
>      |         |         |         |
>      v         v         v         v
>     eth/PLC        eth/PLC        eth/PLC        eth/PLC
>        ^           ^           ^           ^
>        |           |           |           |
>     ======================================================
>             (your home electrical wiring)
>

Exactly like this :

PC1        PC2        PC3           eth        eth        eth           
^         ^         ^            |         |         |            
v         v         v           eth/PLC        eth/PLC        
eth/PLC             ^           ^           ^           ^
      |           |           |           |
   ======================================================PLC/WLAN Modem 
router   to the internet
           (your home electrical wiring)

My PLC/WLAN Router has eth connections but nothing is plugged into.

> I.e., you have, for each PC, and for the modem, a device with an 
> INT51X1 in it, which bridges between Ethernet and HomePlug, with each 
> of those device's Ethernet interface plugged into a bridge device.  
> (Or is there a single device that has multiple Ethernet interfaces, 
> into which several of the machines are plugged, with one connection to 
> your home electrical wiring?)
>
> Or does the modem directly connect to your home electrical wiring with 
> HomePlug?  Do the PC's have an MII/GMII plug that directly connects to 
> the INT51X1?
>
So I have for each PC  a INT51X device (ETH <->PLC)
My PLC modem (a french brand OLITEC CPL400) is plugged into my home 
wires and noting else (the eth connections are useless)
It's pretty simple and it works fine !!!

>> My problem : I don't see (with snort or wireshark) any traffic to and 
>> from foreign machines ...
>> I see broadcast messages, messages to and from the sniffer PC but 
>> nothing else
>
> If the network is as I described, with an Ethernet cable between each 
> PC and an Ethernet-to-HomePlug gateway, then, if the Ethernet adapter 
> on the PC is in promiscuous mode, that only means that it'll capture 
> all traffic on that Ethernet; if the Ethernet-to-HomePlug bridge 
> doesn't itself pass traffic not intended for the host onto that 
> Ethernet, you won't be able to see that traffic, and there's no signal 
> that goes over an Ethernet to indicate that one of the hosts on the 
> Ethernet has gone into promiscuous mode, so the bridge doesn't know 
> that it *should* pass that traffic onto the Ethernet.
No :-(   , it's not my problem I think : i have * no use of hub-switch 
*. (it would be too simple :-( )

> Searching for
>
>     HomePlug promiscuous
>
> in Google found
>
>     https://neon1.net/prog/plconfig.html which indicates that at least 
> some powerline bridges can be put into promiscuous mode.  
I'll try to test this to see what happend.

Before that, I ask to my brand if my CPL/ETH can be put into promiscuous 
mode. They don't give me a direct answer, they say that the
devices are absolutely "transparent" ... that means I suppose : all the 
traffic in the power lines are pushed to the ETH part.
On one hand I a not sure of their answer and on the other hand : when 
you install the device, you don't have to configure something :
you put the device into the socket and it's ok. And you can change the 
devices between PC... So, if the PLC devices must filter the ethernet
packets how they can do ? They doesn't know the IP adress of the ETH 
interface host. The most simple (in the brand point of view) is to always
put the devices to promiscuous mode. It's the task of the ethernet 
interface of the PC to filter (or not in promiscuous mode).

I miss something ?

> I don't know whether that program will work on your bridges.  There 
> might be other tools for putting your bridge into promiscuous mode; I 
> assume you're running Windows on the machine on which you're trying to 
> capture traffic (because you asked the winpcap-users mailing list), so 
> there might be a tool that came with your bridges that lets you put a 
> bridge into promiscuous mode.
>
I try to capture traffic from my Windows machine and from my little 
Linux Arm Machine
>> (yes I know : it's a very common problem) but after days of research :
>>
>> - PLC net is bus like
>> - at least my linux ethernet card pass to promiscuous mode (dmesg : 
>> eth0 promiscuous ...)
>

So, if I can resume the directions :

- my devices CPL (with INT51X) must to put in promiscuous mode and I 
haven't made this operation
- it's a problem of my 2 ethernets devices (one Linux, one Windows) they 
says they go to the promiscuous mode and it's false
=> i will try with USB/CPL in windows
- I am desparate ;-)

> ...and if you're running Linux on that machine, there might be another 
> tool (it sounds as if plconfig directly uses BPF, so, unless it's been 
> ported, it won't work on Linux, but other tools might exist).
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>




More information about the Winpcap-users mailing list