Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84805members
354263posts

QB450 traffic capture

Remote Operations Forum

Collaborate and share knowledge on the extensive range of remote systems and devices, including SCADA radios and RTUs, on the Schneider Electric Exchange Remote Operations (formerly SCADA & Telemetry) forum. From commissioning SCADA integration devices and software, to enhancing existing installations or troubleshooting, connect with a global community of experts and users. Subscribe today.

Solved
Michael2
Crewman
Crewman
0 Likes
3
293

QB450 traffic capture

We are using QB450 with the latest firmware and have found that it is sending out a UDP message on the WAN (over the air) interface to 225.0.1.37 source and destination port 285,  Is this a backend trio poll?? 


Accepted Solutions
Joel_Weder
Commander Commander
Commander
0 Likes
0
266

Re: QB450 traffic capture

Hello again Michael,

 

I queried the Trio engineers and got this reply: 

 

-----------------

 

225.0.1.37 source and destination port 285 is a multicast address used by an authenticator to periodically update all its supplicants when Radio Access Control is enabled.  The user can see this coming from the WAN using the customer wireshark air capture tool.

 

------------------

 

Joel Weder
Remote Operations Specialist
Schneider Electric

See Answer In Context

3 Replies 3
Joel_Weder
Commander Commander
Commander
0 Likes
0
281

Re: QB450 traffic capture

Hello Michael,

 

I am not familiar with any activity in the Q radio that might generate such traffic. We can ask the engineers about it however. Please let us know exactly what firmware version you are using. Also, as it may be related to the radio's configuration please save and upload a copy of the config file here along with your response. We'll try to get an answer to you within a few days.

 

Joel Weder
Remote Operations Specialist
Schneider Electric
BevanWeiss
Spock
Spock
0 Likes
0
275

Re: QB450 traffic capture

I've never heard of a protocol on UDP 285, so that's definitely a bit unusual.

225.0.1.37 is a multicast IP address, an unknown port number and a multicast IP address like that would have me a bit suspicious that there might be some malware present on a device on the network.

What devices do you have behind the radios?

 

Do you have any means of monitoring the traffic at each radio (i.e. a managed switch with a mirroring port so that you can capture all the traffic on the network)?  I'd recommend doing this and running wireshark to monitor the traffic.

 

You could also activate some of the firewall functionality available in the Trio radios to limit any spread of malicious activity on the network.


Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..
Joel_Weder
Commander Commander
Commander
0 Likes
0
267

Re: QB450 traffic capture

Hello again Michael,

 

I queried the Trio engineers and got this reply: 

 

-----------------

 

225.0.1.37 source and destination port 285 is a multicast address used by an authenticator to periodically update all its supplicants when Radio Access Control is enabled.  The user can see this coming from the WAN using the customer wireshark air capture tool.

 

------------------

 

Joel Weder
Remote Operations Specialist
Schneider Electric