Simple Network Management Protocoland

Internet-Connected Embedded System Controllers

by Rick Nungester

May 1, 2011

Project Report for aMaster of Science in Computer Science Degree

atEastern Washington University

{Draft 2, “{}” marks follow-up items.}

2

Abstract

Network Management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. [Clemm 2006] A typical network management scenario would be a group of network administrators monitoring and controlling the Internet service of a large office building. Communication between a “managing entity” (e.g. a network administrator’s PC) and a “managed device” (e.g. a routerlocated several floors away) is accomplished using Simple Network Management Protocol (SNMP). This protocol provides a common way to query information (e.g. “How many UDP packets sent on port X since last reset?”), control behavior (e.g. “Clear your routing table.”), and respond to asynchronous events initiated by the managed device (e.g. “My port #2 is broken.”). SNMP is also used to remotely monitor and control Internet-connected printers, security cameras, and other devices containing embedded micro-controllers. Development of these Internet-connected embedded micro-controllers typically involves single-board computers and related hardware/software tools. This paper provides an overview of network management, SNMP, and the author’s efforts to use SNMP to provide PC control of a remote single-board computer.

3

Table of Contents1. Background............................................................................................................................. 42. Network Management and SNMP.......................................................................................... 4

2.1. Network Management Terminology............................................................................... 52.2. Network Management Overview.................................................................................... 52.3. Simple Network Management Protocol (SNMP) ........................................................... 6

2.3.1. Overview................................................................................................................. 62.3.2. History..................................................................................................................... 72.3.3. Protocol Data Units................................................................................................. 82.3.4. Security ................................................................................................................... 82.3.5. Use With Single-Board Computers ........................................................................ 9

3. Hardware Overview................................................................................................................ 94. Microchip MPLAB Integrated Development Environment ................................................. 115. Microchip TCP/IP Stack ....................................................................................................... 126. iReasoning MIB Browser ..................................................................................................... 137. Hardware Platform 1: Modtronix SBC65EC........................................................................ 14

7.1. Programming: Modtronix Network Bootloader............................................................ 167.2. Debugging: Modtronix Embedded Debugger............................................................... 167.3. Remote Access: DDNS and Port Forwarding............................................................... 17

8. Hardware Platform 2: Modtronix SBC66EC........................................................................ 208.1. Programming/Debugging: Microchip PICkit 3 ............................................................ 21

9. Hardware Platform 3: Microchip PIC32 Ethernet Starter Kit .............................................. 2210. The Working System ........................................................................................................ 2311. Conclusions/Retrospective................................................................................................ 23

11.1. Remaining Work, Notes for Future Developers ....................................................... 2412. References......................................................................................................................... 2513. Appendix A: Eigen Wireless StaAlert SA3600 Data Sheet.............................................. 2614. Appendix B: SBC65EC LED Remote Control Program .................................................. 2815. Appendix C: TCP/IP Demo Application “Build-All” ...................................................... 3116. Appendix D: Source File Complexity (Line Counts) ....................................................... 3417. Appendix E: Project Lab Book / Progress Log................................................................. 3618. Appendix F: The StaAlert Team, and StaAlert v1............................................................ 39

4

1. Background

One of the requirements for an Eastern Washington University masters degree in computer science is to complete 8 or more credits of Computer Science 600 (Research Thesis) or 601 (Research Project). This report addresses the latter. The formal statement of this project from its Special Course Approval/Registration Form is “Work with Eigen Wireless (Bob Conley) and Industrial Communication (Scott Grimmett) on their StaAlert (fire station alert) product, adding an embedded secure Internet configuration and communication interface.”

Section 2, “Network Management and SNMP”, is replicated from a term paper done for class CSCD 533 “Advanced Computer Networks”, taken while working on this project. The remaining sections deal with using SNMP to communicate between a PC and a single-board computer.

The StaAlert SA3600 version 1{2-page .pdf advertisement as Appendix 1?} was introduced by Eigen Wireless December 2010. This project was accomplished from January to May, 2011. StaAlert version 1 was a fast-track “show feasibility” product based on discreet electronics -- no micro-controller unit (MCU) and no Internet connectivity. Its function and features are unimportant to this project, except that it is an example of a fairly simple electronic device requiring the flexibility of a low-cost, Internet-connected, secure MCU. The rest of this paper addresses those needs in general, with one application being the StaAlert SA3600.

2. Network Management and SNMP

(This section is taken from the author’s CSCD 533 “Advanced Computer Networking” term paper. Simple Network Management Protocol (SNMP) is the protocol used to monitor and control the project SBCs.)

Network Management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. [Clemm 2006] A typical network management scenario would be a group of network administrators monitoring and controlling the Internet service of a large office building. A central protocol used between a “managing entity” (e.g. a network administrator’s PC) and a “managed device (e.g. a router/switch located several floors away) is the Simple Network Management Protocol (SNMP). This protocol provides a common way to query information (e.g. “How many UDP packets sent on port X since last reset?”), control behavior (e.g. “Clear your routing table.”), and respond to asynchronous events initiated by the managed entity (e.g. “My port #2 is broken.”). SNMP can also be used to monitor and control Internet-connected devices such as printers and security cameras.

The Internet consists of many complex interacting pieces of hardware and software – computers, routers, switches, links, and more. Components will malfunction and be misconfigured. Network administrators must be able to react to, and avoid if possible, these problems. Network Management is the science and art of maintaining, servicing, and expanding the network. A key protocol used in network management is SNMP.

5

2.1. Network Management Terminology

A Network Operations Center (NOC) is a hub of network service and support, housing multiple network administrators and their network management hardware and software.

A managing entity is an application running in a centralized network management station in an NOC. Examples are Cisco’s Network Application Performance Analysis (NAPA) suite of network management tools, or Hewlett-Packard’s OpenView suite.

A managed device is a piece of network equipment that resides on the network. An example is a multi-card modular Cisco router.

A managed object is a piece of hardware within a managed device, for example one network card within a Cisco router.

A Management Information Base (MIB) is a collection of information related to a managed object, for example, statistics on all traffic handled by one network card within a Cisco router.

The Structure of Management Information (SMI) is the language used to define the management information residing in a managed object. It is a set of common structures and a way to refer to variables in the database.

A network management agent is a program running in the managed device that interfaces between the managing entity and managed object.

A network management protocol specifies the syntax and semantics used among managing entities and network management agents. An example is SNMP.

2.2. Network Management Overview

“Network management includes the deployment, integration, and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost.” [Saydam 1996] Some examples of the type of information network administrators would benefit from knowing include [Kurose & Ross, 2010]:

Detecting the failure of an interface card at a host or router Detecting a host computer being turned off or otherwise going offline Monitoring traffic to pro-actively deploy additional hardware and avoid bottlenecks Detecting misconfigured routers by monitoring rapid changes in routing tables To verify conformance to Service Level Agreements (SLAs), monitoring service

availability, latency, and throughput. (Verizon and Sprint are just two of the many network providers that guarantee SLAs.)

Detecting intrusion (for example, certain types of packets, certain unexpected ports being used, or certain sources of packets)

6

The ISO network management model includes the following 5 areas of concern:

Performance management: To measure, analyze, and control the performance of network components such as links, routers, hosts, and end-to-end abstractions like network path.

Fault management: To detect and respond to fault conditions on the network, such as hardware unexpectedly going off-line.

Configuration management: To monitor and change the configuration of network devices.

Accounting management: To monitor and control log user/device interactions in line with contracted usage-based billing and resource-access privileges.

Security management: To control access to network resources according to an established policy.

2.3. Simple Network Management Protocol (SNMP)

2.3.1. Overview

SNMP is an application layer communication protocol that defines a client-server relationship. Its relationship to the TCP/IP Protocol Stack is shown in Figure 1 [Shirbhate 2009].

SNMP describes a standard method to access variables residing in a remote device. It also specifies the format in which this data must be transferred and interpreted. Once a device is SNMP-enabled, any SNMP compatible host system SNMP Manager/Client can monitor and control that device, as shown in Figure {2?}.

7

2.3.2. History

SNMP version 1 (SNMPv1, 1988) was described in these Internet Engineering Task Force (IETF) Request For Comments (RFC) documents 1065, 1066, and 1067. In 1990 these were replaced by the following RFCs having the same titles:

1155: Structure and identification of management information for TCP/IP-based internets

1156: Management information base for network management of TCP/IP-based internets

1157: A simple network management protocol

These were replaced in 1990 by RFCs 1155, 1156, and 1157 having the same names. In 1991, RFC1156 (called MIB-1) was replaced by RFC 1213 (MIB-2).

SNMPv1 has been criticized as having poor security. Authentication of clients is done using a type of password, called a “community string” that is transmitted in clear text. It is easily discovered by “packet sniffing” using readily-available tools such as Wireshark

SNMPv2 (1993, RFCs 1441 through 1452, 12 total!) improved on version 1 in the areas of performance, security, and manager-to-manager communications. But its “party-based security system” was thought by many to be overly-complex and not widely accepted.

SNMPv2c (1996, RFCs 1901 through 1908), called “Community-Based SNMP” replaced the party-based security of SNMPv2 with the community-based security scheme of SNMPv1. SNMPv2c is officially a “Draft Standard” but is widely considered the de facto SNMPv2 standard.

SNMPv2u (1996, RFCs 1909 and 1910), called “User-Based SNMP” is a compromise that offers greater security than SNMPv1, but without the complexity of SNMPv2. SNMPv2* was a commercial variant of SNMPv2u.

SNMPv1 and SNMPv2 are incompatible in the areas of message formats and protocol operations. RFC 2576 (“Coexistence between Version 1, Version 2, and Version 3 of the

8

Internet-standard Network Management Framework”) defines two possible SNMPv1/v2c coexistence strategies: Proxy Agents and Bilingual Network-Management System.

SNMPv3 (2002, RFCs 3411 through 3418, also known as STD0062) is the current standard version of SNMP. It added cryptographic security and new textual conventions and terminology.

In practice, SNMP implementations often support multiple versions, typically SNMPv1, SNMPv2c, and SNMPv3. (This is the case for the Microchip TCP/IP Stack.)

2.3.3. Protocol Data Units

SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI Model). SNMPv2 (RFC 3416) defines seven types of messages, known generically as Protocol Data Units (PDUs):

SNMPv2 PDU Type Sender-to-Receiver Description

GetRequest manager-to-agent Get >= 1 MIB values

GetNextRequest manager-to-agent Get next MIB value

GetBulkRequest manager-to-agent Get many MIB values

SetRequest manager-to-agent Set >= 1 MIB values

Response agent-to-manager or manager-to-manager Reply

SNMPv2 Trap agent-to-manager Interrupt

InformRequest manager-to-manager Request remote MIB values

Agents listen on UDP port 161 for Gets and Sets. Managers listen on UDP port 162 for Traps and InformRequests. Responses go from any available source port to the originator’s request port.

The most common use of these PDUs is for a manager to ask an agent for information (GetRequest, GetNextRequest, or GetBulkRequest) and the agent to reply (Response). Caution must be used if SetRequest is implemented in an agent, because coupled with limited security it allows malicious interference with proper agent operation. Traps and manager-to-manager communication round out the PDU set, but are used less than manager-agent request-response.

The SNMP PDU is typically carried in the payload of a UDP datagram. Since UDP is not a reliable transport protocol, SNMP requests or responses may never reach the intended receiver. To help with this problem, the SNMP PDU includes a Request ID field. The manager uses this field to number its requests to an agent, and the agent responds with the same Request ID value. It is up to the manager to decide how to react if a response is not received within a certain timeout interval after a request is sent. Retransmission of the request one or more times might be appropriate. The important thing to notice is that the SNMP standard leaves this up to the user’s application code.

2.3.4. Security

9

SNMPv1 and SNMPv2c (the de facto version 2 standard) use the same community-based security model that exchanges important data in cleartext, so it is readily available to intruders. SNMPv3 improves this security problem. “SNMPv3 can be thought of as SNMPv2 with additional security and administration capabilities” [RFC 3410]. It implements “user-based security” [RFC 3414], with the concepts of user name and associated password, key value, or access privileges. SNMPv3 provides:

Encryption. SNMPv3 PDUs can use the Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode. This is a shared-key system, wherein both manager and agent need to know the same key. (Thus how to get the key from manager to agent is an issue.)

Authentication. SNMPv3 uses Message Authentication Code (MAC) to provide protection against tampering. Again, manager and agent must know the same key, raising the issue of how to get the key from manager to agent.

Protection against playback. A playback attack is when an attacker records a message (encrypted or not) and plays it back at a later time. It is as valid to the receiver as the original message. The solution is the same as used in the 3-way TCP handshake, and involves use of a “nonce” -- a number that a protocol will use only once in its lifetime. SNMPv3 uses a similar approach, wherein the receiver requires the sender to include a value in each message that is based on a counter in the receiver.

Access control. SNMPv3 allows agents to limit monitoring and control of specific MIB items to only certain users. This mapping is maintained in a Local Configuration Datastore (LCD), which itself can be considered MIB data.

2.3.5. Use With Single-Board Computers

“SNMP is used in a variety of applications where remote monitoring and controlling of the network node is desired, such as a network printer, online Uninterrupted Power Supply (UPS), security cameras, home and industrial appliances monitor and control, automatic energy meter readings, etc. Unlike more familiar human-oriented protocols, like HTTP, SNMP is considered a machine-to-machine protocol [Shirbhate 2009]”.

It is this machine-to-machine attribute that makes SNMP attractive for use in secure control of Internet-connected single-board computers.

3. Hardware Overview

The first step in choosing a hardware platform is to select a micro-controller manufacturer. There are at least 40 MCU manufacturers {reference to http://www.interfacebus.com/Controllers.html} including Advanced Micro Devices (AMD), Intel, Microchip, Motorola, Texas Instruments, and Zilog. The Microchip PIC family {reference} of MCUs was chosen because of experience with them by StaAlert team members, good development tools and support, low cost, and (a big assumption) “we should be able to get the job done, in a reasonable time, with reasonable cost”.

10

As shown above, there are many Microchip PIC MCUs. It is desirable to choose the lowest-cost MCU that will satisfy the requirements of the project. The requirement of secure Internet connectivity is the hardest requirement to satisfy within the project.

It was desirable to use an off-the-shelf single-board computer (SBC) if possible, at least for concept investigation. Later in development, Eigen Wireless could decide whether to include a purchased SBC in every StaAlert product shipped (expensive but fast), or reuse the hardware design and make/load/test custom printed-circuit boards (low-cost but slow). There are several manufacturers of SBCs based on Microchip PIC MCUs, including Microchip and Modtronix.

In the course of this project, three SBCs were evaluated. In order, these were the ModtronixSBC65EC, the Modtronix SBC66EC, and the Microchip PIC32 Ethernet Starter Kit.

Single-Board Computer MCUData Bus

KB Flash

KB RAM Cost

Modtronix SBC65EC PIC18F6627 8-bit 98 3.8 $60Modtronix SBC66EC PIC24FJ256GB206 16-bit 256 96 $75Microchip PIC32 Ethernet Starter Kit

PIC32MX795F512L 32-bit 512 128 $72

All three SBCs provide Internet connectivity based on the Microchip TC/IP Stack, with free source code written in C. But the three boards vary significantly regarding input/output and other features: high/low logic levels; pulse-width-modulator (PWM) outputs; analog-to-digital converter (ADC) inputs; universal asynchronous receiver/transmitters (USARTs); serial interfaces; Universal Serial Bus (USB); Electrically Erasable Programmable Read-Only Memory (EEPROM); Ferroelectric RAM (FRAM); Light-Emitting Diodes (LEDs); push-button switches; serial/USB program download; power requirements, etc. All these differences were less important than finding a secure Internet controller for simple electronics circuits, in reasonable time.

11

4. Microchip MPLAB Integrated Development Environment

One of the main reasons for basing development on Microchip PIC MCUs was their free MPLAB Integrated Development Environment (IDE) {reference to http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=1406&dDocName=en019469&part=SW007002}.

This Windows-based software application integrates source code (C or PIC assembly) management, revision control, compilers, assemblers, linkers, debugging (hardware/software breakpoints, single-stepping, register/variable watching, PIC MCU Simulator…), program download to PIC MCUs, and more. It supports both Microchip and 3rd-party development tools.

Giving a rough indication of its complexity, the MPLAB IDE comes with a 350-page downloadable User’s Guide. Separate documentation is available for compilers, linkers, libraries, and specific debugging hardware.

Microchip provides a complete suite of free software tools to go with the MPLAB IDE, including limited-functionality versions of their commercial C compilers. (A different compiler is needed for PIC18/8-bit, PIC24/16-bit, and PIC32/32-bit MCUs.) But the limitations in the free versions are minor, being essentially just a lack of compiler space/time optimizations.

12

5. Microchip TCP/IP Stack

The Microchip TCP/IP Stack is one of 7 components in the Microchip Application Libraries.

Just as the Stack has MCU dependencies (above), each feature within the Stack has hardware platform dependencies:

13

It is worth mention that significant time needs to be spent trying to navigate through such documentation. The Application Libraries table above was found on a web page. The Platform/Feature table was found in the 1100-page TCP/IP Help file (with help from a Forum user that answered one of my posts). A keen eye will notice that the PIC32 Ethernet Starter Kit is not listed in the above table. This led to another Microchip Forum post by the author, resulting in verification by a user (not Microchip) that indeed it is missing, but is the same as the "PIC32 Starter Kits - ENC28J60" and "PIC32 Starter Kits - ENC624J600" columns (with neither ENC* part being on the Ethernet Starter Kit). The lack of Non-Volatile Memory (NVM) explained why I couldn’t set a static IP address, as is presented in the TCP/IP Demo Application web pages. As I write this paragraph I discovered a new version of the TCP/IP Demo Application (version “4/26/11”), downloaded it, looked in the README.txt file for changes, and found no mention of any! So I posted again to the Forum to ask where this information is. This kind of frustration is commonplace when trying to integrate various versions of hardware and software, even from a single company.

The TCP/IP Stack includes the following protocols, as well as Secure Sockets Layer (SSL), NetBios Name Service, Domain Name System (DNS) client and server, and Ethernet Device Discovery.

6. iReasoning MIB Browser

PC software is required that will communicate with the SBC over the Internet using SNMP. Microchip documentation for their TCP/IP Stack includes an application note that describes their SNMP support in detail {reference to Microchip AN870b}. This document mentions 3 providers of SNMP PC software: CastleRock Computing “SNMPc Manager”, LUTEUS “LoriotPro”, and iReasoning “MIB Browser”. The iReasoning MIB Browser {reference to http://ireasoning.com/mibbrowser.shtml} was selected because:

There are 3 versions of MIB Browser: Personal (free), Professional ($295 per license), and Enterprise ($595 per license). SNMPv3 is only supported in the Professional and Enterprise versions, but both of these have 30-day free trial periods.

iReasoning provides a separate product, the Java SNMP API ($475). MIB Browser is built on this API. Eigen Wireless could use the API to develop its own end-user Graphical User Interface (GUI) for their StaAlert product.

In Microchip’s documentation for their TCP/IP Stack, under SNMP configuration details, iReasoning MIB Browser is used as their example PC software. (This was actually discovered after deciding to go with iReasoning MIB Browser, but was confirmation that the right software was selected.)

14

This software allows thorough testing of SNMPv1, SNMPv2c, and SNMPv3 in the Microchip TCP/IP Stack

7. Hardware Platform 1: Modtronix SBC65EC

15

The Modtronix SBC65EC was investigated first because it was available, not necessarily because it made the best technical sense. (This decision led to lots of time being spent on things not important to project goals, but was interesting and educational.) Out-of-the-box, after power (12V DC) and Ethernet are applied, this SBC can be browsed to at http://mxboard and will display web pages:

These pages allow configuration and use of all features of the SBC. However (and this wasn’t discovered until significant time was spent), the SBC65EC is based on the Microchip TCP/IP Stack v3.75 (2006-08-14). Modtronix then made significant modifications to that code. Microchip published Application Note 870A “"An SNMP Agent for the Microchip TCP/IP Stack" (42 pages) {reference to the app note} in 2003. They updated it to AN870B "SNMP V2c Agent for the Microchip TCP/IP Stack" (40 pages) {reference to that app note} in 2009. This information, along with searching Modtronix user-forum posts, led to the conclusions that:

At best, the source code provided with this SBC will support SNMPv1, not SNMPv2c or SNMPv3.

Other users have tried to get SNMPv1 working on this SBC and failed. It would be a huge programming project to get SNMPv3 working on this hardware, if

even possible.

Even though the SBC65EC was dropped at this point for purposes of the project, it is still a very impressive product. First of all, it costs only $60, and does not require any additional programming or debugging hardware. Second, it will provide Internet control of simple hardware circuits via its out-of-the-box web pages and no additional end-user programming. For simple home projects where limited security is adequate, this is a very good alternative.

16

7.1. Programming: Modtronix Network Bootloader

Even though the Modtronix SBC65EC proved inadequate for purposes of the project, it is worth mention that the board can be re-programmed over the Internet, using Modtronix Network Bootloader PC software {reference to http://www.modtronix.com/soft/netloader}.

Use of this software, and the boot-loader firmware pre-installed on the SBC65EC, allows programming the PIC18 MCU on the SBC without any Microchip programming hardware, even from a remote location! The boot-loader firmware on the SBC implements the IP, ARP and UDP protocols (port 54211). This programming process is totally open and insecure. I just thought it was very interesting and innovative, so worth mention here. (The above screen shot was captured by the author March 11, 2011.)

7.2. Debugging: Modtronix Embedded Debugger

Although I didn’t use the SBC65EC long enough to try its debugger, it is novel enough to mention here. When executing code compiled with debug output enabled, the SBC65EC provides RS-232 output of debugging information in a compressed few-byte format: <debug code>, <debug message>, <debug parameters>. This standardization keeps code size small (by not including long human-readable debug codes in the code), and allows interpreting/filtering by the Modtronix Embedded Debugger software {reference to

17

http://www.modtronix.com/soft/mxd}. This software searches a user-provided source-code directory tree root for the file *debug.xml. That file provides the translation from <debug code>, <debug message>, <debug parameters> to window tabs, human-readable messages, and program output values. In the screenshot below, the Default tab is shown, that displays all messages (TCP, HTTP, FSEE…). On the TCP tab for example, only the TCP messages are displayed, along with the current state of all TCP connections!

7.3. Remote Access: DDNS and Port Forwarding

Once the SBC65EC was online in my home, I had to determine how to give others access to it. This same issue would apply to any remotely-controlled device (such as StaAlert). It is desired anyone, from their PC, could browse to a URL (e.g www.nungester1.com) and see my “Modtronix SBC65EC Web Server” web pages. Two things are needed: Dynamic Domain Name System (DDNS), and Port Forwarding.

18

“Dynamic DNS is a method / protocol / network service that provides the capability for a networked device, such as a router or computer system using the Internet Protocol Suite, to notify a Domain Name System (DNS) name server to change, in real time, the active DNS configuration of its configured hostnames, addresses or other information {reference to Wikipedia “Dynamic DNS}.”

“Port forwarding or port mapping are names given to the combined technique of 1. translating the address and/or port number of a packet to a new destination, 2. possibly accepting such packet(s) in a packet filter (firewall), 3. forwarding the packet according to the routing table. … The technique is used to permit communications by external hosts with services provided within a private local area network {ref to Wikipedia Port Forwarding}.”

How to set up DDNS and port forwarding depends on how the local network is configured. The rest of this section uses my home network as an example. My Internet Service Provider is Comcast. Comcast cable Internet enters my home and is connected to a cable modem. Ethernet from that cable modem connects to a Linksys WRT54G Wireless-G Broadband Router. That router provides hard-wired Ethernet to 3 devices: a desktop PC, a laptop PC, and the project SBC. (Everything mentioned so far is in one room, my den.) The router provides wireless access to other devices that are not important to this discussion.

The following two images show the Linksys WRT54G router, and how to configure it for DDNS (“Setup” tab, “DDNS” selection). In addition to this setup, I needed to sign up for a free DDNS service with either DynDNS.org or TZO.org. These two providers are hard-coded into my Linksys router firmware – The router knows how to “talk” to them and only them. I chose DynDNS, created a free account there, and chose “rn3.dyndns.org” as my URL. Then rn3.dyndns.org will be resolved by DNS to be my current IP address. That IP address can change, for example after a home power outage when all connection to Comcastis lost and then re-established. Dynamic Host Configuration Protocol (DHCP) will be used to negotiate a new home IP address with Comcast. Whatever that new IP address is, DDNS will make rn3.dyndns.org resolve to it.

19

Port forwarding must be done for any Internet traffic reaching my home that I want to go to the SBC. For the Linksys WRT54G, this is done on the “Applications and Gaming” tab, “Port Range Forward” selection (shown below). Notice port 80 TCP (HTTP) and port 54123 UDP (Modtronix default for SBC UDP control) go to 192.168.1.53, the fixed IP address of the SBC65EC. (The other two rows are for HTTP and SNMP, port 161, when the SBC65EC is replaced with Hardware Platform 3: Microchip PIC32 Ethernet Starter Kit.)

20

8. Hardware Platform 2: Modtronix SBC66EC

Fortunately, almost coincident with realizing the SBC65EC would not work for the project, Modtronix introduced the SBBC66EC {reference to http://www.modtronix.com/product_info.php?cPath=1_36&products_id=416}, with first shipments late March 2011. Bob Conley of Eigen Wireless got one of the first units shipped. (The firmware build date was March 29, and it was shipped on March 30.) It was received on April 8, 2011. The SBC66EC comes with the latest Microchip TCP/IP Stack (v5.31, 2010-10-19) that includes preliminary SNMPv3 support! The code has only minor modifications by Modtronix. It has more memory and other benefits relative to the SBC66EC, at a cost increase of $15. Hopes were high.

Using the MPLAB IDE, the source code for this board was built and loaded onto the board (see section {reference to programming/debugging section}) with few problems. SNMPv2c code was enabled by un-commenting C “#define” statements. I was able to communicate between iReasoning MIB Browser and the Modtronix SBC66EC using SNMPv2c! (This milestone occurred April 16, 2011.)

{Add more regarding why the SBC66EC didn’t work out – Lack of documentation, replies to support questions, Microchip TCP/IP Stack v5.31 SNMPv3 not tested or supported on PIC24 16-bit MCUs…}

21

8.1. Programming/Debugging: Microchip PICkit 3

Microchip provides several hardware Programming/Debugging/Emulation alternatives for PIC MCU systems. Since Bob Conley was buying, for SBC66EC programming/debugging, we went with the least-expensive PICkit 3 (similar SBC65EC / PICkit 2 shown):

Compared to the Internet/RS-232 Programming/Debugging interface used for the SBC65EC, using the PICkit 3 with the SBC66EC should provide the added functionality of hardware breakpoints. (But I was not able to get this working, asked Modtronix for support {reference to http://forum.modtronix.com/index.php?topic=1382.0}, and did not

22

receive any. This was not the primary reason for dropping development on the SBC66EC, but contributed.)

9. Hardware Platform 3: Microchip PIC32 Ethernet Starter Kit

This SBC {http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=1406&dDocName=en545713} includes two PIC32 MCUs. The larger center PIC32 is the main controller. The smaller square PIC32 chip toward the reader is dedicated to high-speed programming and debugging of the main controller. Connectors on the front, from top to bottom, are the Ethernet port, high-speed to-PC-USB Debug, and user USB. On the rear is USB On-The-Go (OTG) for connection to Microchip PIC32 peripherals. In the background there are 3 pushbutton switches and 3 LEDs. During development there are only 2 cables connected to the board, Ethernet and Debug. (The board gets its power directly from the USB Debug cable when it is connected.)

This SBC allowed following Microchip instructions, with a few problems along the way, to modify the TCP/IP Stack source code to enable SNMPv3 functionality. These modifications amounted to installing the separately purchased Microchip Data Encryption Libraries (a $5 CD), and trivial commenting or un-commenting of a few compiler “#define” statements.

23

10. The Working System

The following screenshot shows the iReasoning MIB Browser, using SNMPv3, talking to the Microchip Ethernet Starter Kit, running Microchip TCP/IP Stack v5.31 plus TCP/IP Demo Application.

Details: The URL being visited (rn3.dyndns.org) gets translated using DNS to 67.168.145.151, my current Comcast home IP address. Should DHCP between my home and Comcast change that address in the future, DDNS will keep the association between the URL and my home IP address correct. Since my Linksys router is configured to forward port 161 (SNMP) to the SBC, MIB Browser is talking to the SBC. MIB Browser is configured to use SNMPv3, with the correct authentication and encryption to access the protected OID shown(snmpv3PvtDemoObject), and read its value as 10. Viola!

11. Conclusions/Retrospective

I kept a daily log of activities and time spent on this project. {Include it as an Appendix?} It took about 140 hours to get to the screenshot above. If someone had given me the following steps, I estimate it would have taken about 20 hours instead.

Purchase the Microchip PIC32 Ethernet Starter Kit.

24

Install its software CD, and build/run the demo programs. See file “PIC32MX Starter Kit User's Guide.pdf”, document title “PIC32 Starter Kit User’s Guide”, DS61159A, 2010, Chapter 4, “Starter Kit Demos”. These are several 1-file programs to demonstrate how to control the board. (The one .pdf file applies to 3 Starter Kits, one of which is the PIC32 Ethernet Starter Kit.)

Download the Microchip Application Libraries version 2010-10-19. Install only the TCP/IP Applications (1 of 11 available check-boxes). Build the "TCP/IP Demo App" (that includes "TCP/IP Stack v5.31"). Download/install/learn the iReasoning MIB Browser, Enterprise Edition. Turn on SNMPv3 as per instructions in the Microchip TCP/IP Stack Help File.

But this 120 hours “wasted” time is the nature of investigation-phase product development, or “research” – Paths are taken that might lead to the goal, but then don’t. Knowing why they don’t is gain.

Other project metrics follow, for posterity {update for final draft}:

159 email messages among StaAlert team members 21 email messages among EWU professors and me 6 Microchip Forum posts 11 Modtronix Forum posts (plus several updates) 157 hours total 143 saved screenshots and product photos 1.5 inches of printed materials (mostly read and marked-up, all at least skimmed)

11.1. Remaining Work, Notes for Future Developers

Whoever on the StaAlert team continues this work needs to get a copy of all my files. C:\MCALv2010-10-19_TCPIP\ is a read-only no-modifications installation of the Microchip Application Libraries, TCP/IP Applications only. C:\MCALv2010-10-19_TCP_RN1\ is a copy, with all but the TCP/IP Demo Application removed (8 subdirectories removed, leaving only 2), plus my additions and changes. All code changes are marked with “RN:” comments. The only addition is the installation of the Microchip Encryption Library as per Microchip documentation and notes in my lab notebook file (Project-Lab-Notebook.txt).

StaAlert MIB design StaAlert MIB file creation, compilation to Microchip File System binary image using

the mib2bib utility, merging into the code build process, function callouts to control and monitor hardware, test.

Security management process for distribution and maintenance of encryption keys. Future: Add Microchip Real-Time Operating System? Future: Make use of other Microchip Application Libraries (USB, Memory Disk

Drive)?

25

12. References

{from my CSCD 533 Network Management / SNMP paper. Others need to be added.}

CLEMM, ALEXANDER 2006. Network Management Fundamentals. Cisco Press.

KUROSE, JAMES F. AND ROSS, KEITH W. 2010. Computer Networking Fifth Edition. Addison-Wesley

SAYDAM, T., MAGEDANZ, T. 1996. From Networks and Network Management into Service and Service Management. Journal of Networks and System Management, Vol. 4, No. 4 (Dec. 1996), pp. 345-348.

SHIRBHATE, A., 2009, SNMP V2c Agent for Microchip TCP/IP Stack, Application Note AN870

WIKIPEDIA (http://en.wikipedia.org): “Network management”, “Simple Network Management Protocol”, “Single-board computer”

26

13. Appendix A: Eigen Wireless StaAlert SA3600 Data Sheet

27

28

14. Appendix B: SBC65EC LED Remote Control Program

The following Java program was written early in development to learn the capabilities of the Modtronix SBC65EC + PT24E-ASM Prototyping Board. {Forgot to mention the PT24E-ASM –Include it back in the SBC65EC section, and mention it also applies to the SBC66EC.}

// Test program for the Modtronix SBC65EC Ethernet-Enabled Single-Board// Computer with PT24E-ASM Prototype Board. The PT24E has 8 LEDs on// its rear panel. This program sends a pattern to those LEDs to show// how to control them. References: The SBC65EC and PT24E Data Sheets.// Rick Nungester, created 3/20/11, last modified 4/1/11.//// Command-line parameters are:// * delay after each LED output (ms)// * output mode (0/1 = terse/verbose)// Example:// java LedsOut 200 1

import java.io.*;import java.net.*;

public class LedsOut {

// Command-line parameters static int cmd_pause_ms; // ms to pause after each UDP command static boolean debugging; // true = verbose output

// Single-Board Computer (SBC) location final static String SBC_URL = "rn3.dyndns.org"; final static int SBC_PORT = 54123;

static InetAddress SbcIpAddr = null; // SBC_URL as an InetAddress static DatagramSocket mySocket = null; // output socket on this PC

// Send 'sendString' to the SBC using a UDP Datagram. public static void udpSend(String sendString) {

byte[] sendBytes = new byte[sendString.length()]; sendBytes = sendString.getBytes(); if (debugging) System.out.printf("Sending: %s\n", sendString); DatagramPacket sendPacket = new DatagramPacket( sendBytes, sendBytes.length, SbcIpAddr, SBC_PORT); try { mySocket.send(sendPacket); // SEND THE UDP DATAGRAM } catch (IOException e) { System.err.println("updSend: " + e.getMessage()); }

try { // pause after each output Thread.sleep(cmd_pause_ms); } catch (InterruptedException e) { System.err.println("updSend: " + e.getMessage()); } }

29

// main(): Execution starts here. public static void main(String[] args) {

// get input parameters (with no error checking) cmd_pause_ms = Integer.parseInt(args[0]); debugging = args[1].equals("1");

// Convert SBC_URL to an IP address. try { SbcIpAddr = InetAddress.getByName(SBC_URL); } catch (UnknownHostException e) { System.err.println("main: " + e.getMessage()); }

// Create a datagram socket for exchange of UDP packets with // the SBC. Let DatagramSocket() pick the port #. try { mySocket = new DatagramSocket(); } catch (SocketException e) { System.err.println("main: " + e.getMessage()); }

// Configure SBC port C, bits 0-1-2, as outputs. (See the PT24E // Data Sheet.) // When running the program after 20+ hours of inactivity, // sending the following command only one time sometimes results // in no LED output. Then further runs work fine. As a // workaround, sending it "a few" times seems to work. for (int i = 0; i < 3; i++) udpSend("cc0=0&cc1=0&cc2=0"); // config C0,1,2 as outputs

// Count 0 to 256, using the LS byte as LED output. (So the // pattern starts and ends with all LEDs off.) for (int b = 0; b <= 256; b++) {

// Using the LS byte of b, map the MS/LS nibble to the // top/bottom row of PT24E LEDs. int[] bits = { (b & 0x10) == 0 ? 0 : 1, (b & 0x01) == 0 ? 0 : 1, (b & 0x20) == 0 ? 0 : 1, (b & 0x02) == 0 ? 0 : 1, (b & 0x40) == 0 ? 0 : 1, (b & 0x04) == 0 ? 0 : 1, (b & 0x80) == 0 ? 0 : 1, (b & 0x08) == 0 ? 0 : 1 };

// Shift out all 8 bits one at a time, then latch to the LEDs. // Port C bit 0 holds the bit state. A rising edge on Port C // bit 1 shifts the bit into the shift register. A rising // edge on Port C bit 2 latches the 8 bits out to the LEDs. // The "pulse" commands (e.g. "c1p=0") have a parameter that // is the time to stay low (e.g. "0"). I tried 0 (fastest) // and it seems to work. I also tried separate commands to // create the pulse (e.g. "c1=0&c1=1") and that works too. // Minimize the number of UDP packets sent by building up a // single string to output all 8 LEDs. String bitStr = ""; for (int i = 0; i < 8; i++) { if (i > 0)

30

bitStr += "&"; // "and" for bits 1 through 7 only bitStr += "c0=" + bits[i] + "&c1p=0"; } System.out.printf("Display: 0x%02x\n", b & 0xff); udpSend(bitStr + "&c2p=0"); // latch out 8 bits to LEDs } mySocket.close(); }}

31

15. Appendix C: TCP/IP Demo Application “Build-All”

4/30/11 Microchip MPLAB IDE "Build All" output, for the Microchip TCP/IPStack + TCP/IP Demo Application + changes for static IP addressing andSNMPv3. Long lines are formatted for easier reading. Search for "RN:"to find annotations.

RN: The following banner is repeated at the end of the build, and commented there.

----------------------------------------------------------------------Debug build of project `C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.mcp' started.Language tool versions: pic32-as.exe v1.12, pic32-gcc.exe v1.12, pic32-ld.exe v1.12, pic32-ar.exe v1.12Preprocessor symbol `__DEBUG' is defined.Target debug platform is `__MPLAB_DEBUGGER_PIC32MXSK=1'.Sat Apr 30 12:00:35 2011----------------------------------------------------------------------

Clean: Deleting intermediary and output files.Clean: Deleted file "C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\Objects - TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET\ Announce.o".

RN: 69 similar deletes (ARCFOUR.o ... BigInt_helper_C32.o) removed.

Clean: Deleted file "C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.elf".Clean: Deleted file "C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.hex".Clean: Deleted file "C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.mcs".Clean: Done.

RN: .elf and .hex are described near the end of this file. The .mcs file must be an "intermediary" file that *might* exist before the build starts. After this successful build, a search of the whole project directory tree shows no .mcs files.

Executing: "C:\Program Files\Microchip\MPLAB C32 Suite\bin\pic32-gcc.exe" -mprocessor=32MX795F512L -x c -c "..\Microchip\TCPIP Stack\Announce.c" -o"Objects - TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET\Announce.o" -MMD -MF"Objects - TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET\Announce.d" -I"." -I"..\Microchip\Include" -D__DEBUG -D__MPLAB_DEBUGGER_PIC32MXSK=1 -g -DPIC32_ENET_SK_DM320004_INTERNAL_ETHERNET -Wall

RN: 69 similar compiles/assembles (ARCFOUR.c ... BigInt_helper_C32.d) removed. This is where most of the time of the build is taken.

RN: What follows is a *very long* single line, linking together 70 .o files and 1 library (Crypto\AES_PIC32MX.a, for SNMPv3 encryption) into the .elf and .map files (descriptions below).

Executing: "C:\Program Files\Microchip\MPLAB C32 Suite\bin\pic32-gcc.exe" -mprocessor=32MX795F512L

32

"Objects - TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET\

RN: The previous directory path prefix, and '.o"' suffix, were removed from the following 70 .o files, then they were re-formatted in groups of 4 for easier reading. This shows the protocols and main features in the build.

Announce ARCFOUR ARP AutoIP BerkeleyAPI BigInt Delay DHCPDHCPs DNS DNSs DynDNSENC28J60 ENCX24J600 ETHPIC32ExtPhy ETHPIC32ExtPhyDP83848ETHPIC32IntMac FileSystem FTP HashesHelpers HTTP2 HTTP ICMPIP LCDBlocking MPFS2 MPFS NBNS Random Reboot RSASMTP SNMP SNMPv3 SNMPv3USMSNTP SPIEEPROM SPIFlash SPIRAMSSL StackTsk TCP TCPPerformanceTestTelnet TFTPc Tick UART2TCPBridgeUART UDP UDPPerformanceTest ZeroconfHelperZeroconfLinkLocal ZeroconfMulticastDNS CustomHTTPApp CustomSNMPAppCustomSSLCert MainDemo BerkeleyTCPClientDemo BerkeleyTCPServerDemoBerkeleyUDPClientDemo GenericTCPClient GenericTCPServer LegacyHTTPAppPingDemo SMTPDemo UARTConfig MPFSImg2MPFSImg BigInt_helper_C32

RN: Lastly, the single library in the link is included.

"C:\MCALv2010-10-19_TCPIP_RN1\Microchip\Crypto\AES_PIC32MX.a"-o"TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.elf"-Os -Wl,--defsym=__MPLAB_BUILD=1,--defsym=__MPLAB_DEBUG=1,--defsym=__MPLAB_DEBUGGER_PIC32MXSK=1,--defsym=_min_heap_size=16000,--defsym=_min_stack_size=2048,-Map="TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.map"

RN: The link is done now, and the .elf/.map files created. Program "pic32-bin2hex.exe" converts the .elf to .hex (see below). I am guessing that the "Loaded" line is output by pic32-bin2hex.exe after it reads the .elf file.

Executing: "C:\Program Files\Microchip\MPLAB C32 Suite\bin\pic32-bin2hex.exe" "C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\ TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.elf"Loaded C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\ TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.elf.

----------------------------------------------------------------------Debug build of project `C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.mcp' succeeded.

RN: Assembler, Compiler, Linker, Archiver tool versions:

Language tool versions: pic32-as.exe v1.12, pic32-gcc.exe v1.12, pic32-ld.exe v1.12, pic32-ar.exe v1.12

RN: This is a major user setting. I made this a DEBUG, not RELEASE build:

33

Preprocessor symbol `__DEBUG' is defined.

RN: The next line identifies the target debug hardware. In this case, the PIC32 Ethernet Starter Kit.

Target debug platform is `__MPLAB_DEBUGGER_PIC32MXSK=1'.

Sat Apr 30 12:01:50 2011----------------------------------------------------------------------BUILD SUCCEEDED

RN: The build process results in 5 key files being created:- C:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App\ (my build dir) - TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET (name) - size, suffix, and notes: 9,455 .tagsrc << plain text, sources (.c, .S) and includes (.h) 968,695 .mptags << plain text, huge, every symbol in the build? 342,346 .map << plain text, detailed output memory map 1,040,848 .elf << binary, Executable and Linkable Format 821,949 .hex << plain text, address/data hex for programming SBC

RN: All the details of MPLAB IDE setup are defined in the Workspace File "TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.mcw" and all directories, sources, includes... in the Project File "TCPIP Demo App - C32 - PIC32_ENET_SK_DM320004_INTERNAL_ETHERNET.mcp".

34

16. Appendix D: Source File Complexity (Line Counts)

The following Windows Command Prompt output shows the two main directories of the build in the previous appendix, and the size in lines of all .c files in them. This helps see where the complexity of both the TCP/IP Stack and TCP/IP Demo Application lies. See “<<<” comments, showing that in both directories, SNMP is the “winner”.

>>> TCP/IP Stack <<<C> cdC:\MCALv2010-10-19_TCPIP_RN1\Microchip\TCPIP Stack

C> \cygwin\bin\wc.exe -l *.c | sort /r 61863 total <<< 1031 pages total (@ 60 lines per page) 5426 TCP.c <<< largest file, 90 pages. 4822 SNMP.c <<< SNMP next, 4220 SNMPv3.c <<< and next. Together 151 pages, > TCP, 15% total. 3844 ENCX24J600.c 3584 SSL.c 3166 ZeroconfMulticastDNS.c 2333 ENC28J60.c 2185 Helpers.c 1887 HTTP2.c 1724 SMTP.c 1514 ETH97J60.c 1472 TFTPc.c 1332 MPFS2.c 1150 ETHPIC32IntMac.c 1143 ZeroconfLinkLocal.c 1133 DHCP.c 1079 BerkeleyAPI.c 1068 UDP.c 1022 BigInt.c 987 RSA.c 919 ETHPIC32ExtPhy.c 907 SPIFlash.c 868 DynDNS.c 863 SNMPv3USM.c 846 Hashes.c 782 DNS.c 742 HTTP.c 737 AutoIP.c 675 ARP.c 642 MPFS.c 598 SPIEEPROM.c 593 FTP.c 529 UART2TCPBridge.c 521 DHCPs.c 488 ICMP.c 447 StackTsk.c 440 Tick.c 410 Telnet.c 402 SPIRAM.c 392 LCDBlocking.c 371 SNTP.c 325 TCPPerformanceTest.c 311 IP.c 296 NBNS.c

35

293 UART.c 265 Announce.c 254 FileSystem.c 214 DNSs.c 199 ETHPIC32ExtPhyDP83640.c 193 ETHPIC32ExtPhyDP83848.c 187 ETHPIC32ExtPhySMSC8700.c 183 ARCFOUR.c 170 ETHPIC32ExtPhySMSC8720.c 167 UDPPerformanceTest.c 159 Random.c 150 ZeroconfHelper.c 147 Reboot.c 87 Delay.c

>>> TCP/IP Demo Application <<<C> cdC:\MCALv2010-10-19_TCPIP_RN1\TCPIP Demo App

C> \cygwin\bin\wc.exe -l *.c | sort /r13287 total

2808 MPFSImg.c <<< auto-generated Microchip File System 2084 MPFSImg2.c <<< auto-generated 1956 CustomSNMPApp.c <<< largest, 32 pages, SNMP of course 1889 CustomHTTPApp.c 1197 MainDemo.c 585 LegacyHTTPApp.c 451 CustomSSLCert.c 369 SMTPDemo.c 362 UARTConfig.c 347 BerkeleyUDPClientDemo.c 257 WF_Config.c 223 GenericTCPClient.c 210 GenericTCPServer.c 204 BerkeleyTCPClientDemo.c 176 BerkeleyTCPServerDemo.c 169 PingDemo.c

36

17. Appendix E: Project Lab Book / Progress Log

The beginning and end of file Project-Lab-Notebook.txt follows, with 12.5 pages of log information removed from the center. {Update before final version.}

CSCD 601 Masters Project Lab Notebook=====================================

Reference Information=====================- Microchip - Microchip MPLAB IDE v8.66 (3/25/11) - C:\Program Files\Microchip\MPLAB IDE\Core\MPLAB.exe - MPASM Assembler v5.39 (v5.37 7/23/10 Release Notes) - C:\Program Files\Microchip\MPASM Suite\MPASMWIN.exe (/? = info) - MPLINK Object Linker & Utilities v4.38 (v4.37 7/23/10 Rel. Notes) - MPLINK Object Linker - MPLIB Object Librarian (same version/docs) - MP2COD COFF to COD File Converter (same version/docs) - MP2HEX COFF to HEX File Converter (same version/docs) - C:\Program Files\Microchip\MPASM Suite\mplink.exe (calls _mplink.exe, mp2cod.exe, and mp2hex.exe) - MPLAB C Compiler for PIC18 MCUs v3.36 (7/23/10, "MCC18") - I downloaded the forever-free "MPLAB C for PIC18 v3.36 in LITE mode, 7/30/2010" instead of the free-for-60-days Standard-Eval Version. * v3.37.01 (1/6/2011) is available. * C:\MCC18\ is the default installation directory, instead of C:\Program Files\Microchip\mplabc18\v3.36, which is similar to C:\Program Files\Microchip\mplabc30\v3.25 and other Microchip tools. - PICkit 3 In-Circuit Debugger, Assy # 10-00424-R2, Serial # BUR102114836, Firmware Suite Version 01.26.52, Firmware Type dsPIC33F/24F/24H (when developing for the Modtronix SBC66EC) * BUG: A single tool can give multiple version numbers. For example, C> "C:\Program Files\Microchip\MPASM Suite\MPASMWIN.exe" /? gives "MPASM 5.39" but release notes and MPLAB IDE Output Window say "MPASM 5.37".

- Modtronix - SBC65EC Single Board Computer, PCB REV3, Hardware V3.01 - Web Server v3.10 firmware - Includes *Modtronix* v2.51 TCP/IP stack that includes all modifications from the *Microchip* v3.75 TCP/IP stack. - BootLoader ("BLN") v1.00 - Network Bootloader v1.07 (7/23/08, PC Application) - http://www.modtronix.com/soft/netloader/ says "V1.07", and downloaded file name is "netloader_jre150_v107.exe", but a successful install/run results in "V1.06" on the window and in Help, About... (Just live with it.)

- My Work/Build Areas - Main project notes area - \My Documents\EWU\CSCD 601 Project\ - MicroChip Application Libraries, including TCP/IP Stack v5.31 - C:\MCALv2010-10-19\ - Development work area

37

- C:\MPLAB\data encryption libraries v2.6\ ($5 download) - C:\MPLAB\PIC18Tutorial\ (Tutorial done 1/30/11, notes in binder) - C:\MPLAB\SBC65EC\ (Modtronix SBC65EC development, 8-bit PIC18) - \fw_v3.10\ * websrvr65_v310_hw211.hex (FACTORY FIRMWWARE) * websrvr65_v310.img (FACTORY WEB PAGES) - websrvr_v310_rn1\ (MY BUILD DIRECTORY) - websrvr65_hw301.mcw (MPLAB Workspace File, v3.01 HW)

- websrvr65_mc_hw211.mcp (MPLAB Project File, v2.11/v3.01 HW) - C:\MPLAB\SBC66EC\ (Modtronix SBC66EC development, 16-bit PIC24)

- SNMP Security supported by iReasoning - HMAC-MD5 - Hash-based Message Authentication Code, Message Digest algorithm 5 - HMAC-SHA - Secure Hash Algorithm (0, 1, or 2) - CBC-DES - Cipher Block Chaining - Data Encryption Standard - CFB128-AES-128 - Cipher FeedBack (a mode of operation within AES) - Advanced Encryption Standard - CFB128-AES-192 - CFB128-AES-256

-----------------------------------------------------------------------------Project History/Log===================

- Pre-12/10, various talks, emails, project ideas, among Itron, F5, LHC2, Ciena, Dr. Imamura, Dr. Simmons...

- 12/13/10, StaAlert project overview meeting at Bob's house.

- 12/15/10, StaAlert celebration at Industrial Communications, w/photos.

- 01/03/11, EWU CSCD 601 project form signed by Dr. Taylor.

- 01/12/11, Modtronix SBC68EC board suggested, emails follow...

- 01/14/11, Modtronix SBC68EC Ethernet Board notes - Ethernet = RJ45/8P8C connector, cat5 cable... - CAN BUS = Controller-Area Network, a "vehicle bus" standard, for connecting smart components inside a vehicle/car. - RS-232 = Recommended Standard 232, serial I/O - I2C = I^2 C = Inter-Integrated Circuit, 2-wire interface, "multi- master serial single-ended computer bus invented by Philips that is used to attach low-speed peripherals to a motherboard, embedded system, or cellphone.

- 01/18/11, switched to SBC65EC board (more memory, no CAN bus)

- 01/22/11 - TIME: 4 hours (conservative) to here, started tracking time

- 01/29-30/11 startup notes - Modtronix - SBC65EC Internet-Enabled Single Board Computer - Hardware

38

(12.5 pages removed)

- 4/27/11 - Got a reply to my Microchip post about not being able to disable DHCP and set static IP address, subnet, gateway, DNS1, and DNS2. Answer: No EEPROM on Ethernet Starter Kit board, must be done in the code. - Changed file "TCPIPConfig PIC32 internal Ethernet.h" (my "TCPIPConfig.h" alternative configuration), to disable DHCP, disable AutoIP, and enable static IP addressing. - On the web pages, Network Configuration, "DHCP Enabled" is still checked, but it isn't. Just ignore it and leave it alone. Board access techniques: - http://192.168.1.53/ works, static IP on my home network - http://67.168.145.151/ works, my current Comcast home IP - http://rn3.dyndns.org/ works, Linksys DDNS & Port Forwarding - http://mchpboard/ works, NetBIOS access (? unclear to me) - Email to StaAlert team, "SNMPv3 training", passing on all necessary to download, install, and use iReasoning MIB Browser remotely to monitor/control the Microchip PIC32 Ethernet Starter Kit via SNMPv3. - TIME: 4 hours (141 total)

- 4/28/11 - Wrote Draft #1 of my project paper, and emailed it to Dr's. Taylor and Simmons, StaAlert team. Asked for "quick skim" feedback by end tomorrow. - TIME: 10 hours (151 total)

- 4/29/11 - Posted to Modtronix Forum, regarding my 4/13 post re SBC66EC and not being able to set a static IP address, explained and pointed to my Microchip Forum thread after having the same problem with the Microchip PIC32 Ethernet Starter Kit, that has no NVM, and perhaps Modtronix didn't configure the Stack to take advantage of the NVM on the SBC66EC. - Posted to Microchip Forum, regarding Static IP addressing problems on the PIC32 Ethernet Starter Kit, showing my code changes to configure it for static IP at power-on, in hopes of helping others. - More work on paper: page numbers, changed title, moved all SNMP info to start, added TCP/IP Stack section. - Arrgh! More problems navigating the forest of Microchip documentation, and a Forum post to try and clarify: - Microchip Application Libraries version 2010-10-19 include TCP/IP Stack v5.31. TCP/IP Stack v5.31 includes the TCP/IP Demo Application (no version number I can see). http://... shows a new version (4/26/11) of the TCP/IP Demo Application, only for use with the PIC32 Ethernet Starter Kit. What are the differences between the TCP/IP Demo Application included with TCP/IP Stack v5.31, and the new 4/26/11 version?! I would expect this to be in the README.txt file, but after downloading and reading it, no such luck. Is the problem with Microchip, or have I missed something? - More work on the paper. - TIME: 6 hours (157 total)

- 4/30/11 - More work on paper: appendix "Build-All", appendix "Project Lab Book". - TIME: 6 hours (163 total)

39

18. Appendix F: The StaAlert Team, and StaAlert v1

Left to right: Scott Grimmett, Bob Conley, Jon Thorpe, John Finch (?). Not shown: Jim Summers, Tim Hillstrom, Rick Nungester. Photo taken 12/15/2010.{Update picture? Add responsibilities? Skip it altogether?}