GE / IP FANUC Series 90/30 In Stock

World's Largest Warehouse

of GE 90-30, Genius, and RX7i

Mon-Fri 8AM-5PM EST


How to Find a PLC IP Address

In the wake of the Industrial Internet of Things (IIoT) era, the demand for more data from processes and systems that were not traditionally connected to industrial systems continues to increase. The end goal is to ensure connectivity between different systems while making better use of the equipment and machines. Today, industrial automation is not limited by the walls of a factory facility anymore. This has been made possible by state-of-art PLCs that allow more and more automation to be handled through remote communication. The latest PLC technology gives you the ability to monitor operations via a website to check the condition of equipment or determine other statistics. An Internet Connection is all you need.

Ethernet is one of the standard information networks that enable factory controllers like PLCs to access data embedded in Input/Output devices, operator workstations, and drive systems. The Ethernet is becoming more popular with the increasing need for real-time or very close to real-time information links within the factory floor. For instance, terminating the bottle fill operation in a Coca-Cola production facility would require more highly time-precise data communications than accessing the next page on a website. Most people associate the Ethernet with the physical cable behind machines, but this cable is just the physical part of the Ethernet, which acts as the transfer media. The Ethernet cable consists of a series of communication protocols such as the Internet Protocol (IP), and the Transport Control Protocol (TCP).

At the foundation of TCP/IP communication is IP communication. In IP communication, each device in the network is identified by its Internet Protocol Address. The IP address is an interface identifier for a network of systems or machines, it also provides the location of a specific piece of machinery or equipment, more like a physical address. Since an IP address is a unique identifier, it enables PCs to send and receive information or data to and from specific PLCs or machines in a given network.

Currently, there are two standards of IP addresses: Internet Protocol Version 4(IPv4) and Internet Protocol Version 6(IPv6). IPv4 is the earliest version, dating back to when Internet Protocol was initially designed; it consists of a 32-bit IP number. IPv4 is still in scarce use today, but with the rapid developments in the internet age, a more advanced IP address was needed. This led to the development of IPv6 in 1995, though it wasn’t standardized until 1998, its deployment started in the mid-2000s and continues to date. The IPv6 uses 128bits for the IP address.

Remote Connection of a PLC 

Since IP addresses are mainly used for PLC communication in remote locations, it is necessary to understand how the remote setup is done. The most recent PLCs are fitted with an Ethernet port on the controller. This Ethernet port controls the remote Input/Output devices on the Ethernet network based on protocols such as the EtherNet/IP, Modbus/TCP(UDP), Profinet, and others. Also, the Ethernet is used to program or/ and debug the internal software of the PLC controller. These features and utilization of other Ethernet services such as FTP and web server make remote administration of a control process readily possible.

The first step in remotely connecting a PLC is to set up the controller to handle data communication from both the local network and wider networks like the Internet. This is achieved by adding a gateway address to the Ethernet settings on the PLC controller. Once the gateway address is added, the PLC can send and receive IP messages that are not established inside the local network. Usually, the gateway address is assigned to an Ethernet router. The router directs the IP traffic to the correct Ethernet device within the Local Area Network (LAN). The most appropriate way of routing the network traffic between a Wide Area Network (WAN) and LAN is through the use of a Network Address Translation (NAT).

NAT provides a means of taking up a single PLC IP address, supplied by the Internet Service Provider (ISP), as well as allowing multiple controllers to share the same Internet connection. This connectivity is always easy whenever you are working with a PLC with a known IP address, but it becomes a hurdle whenever your PLC has an unknown IP address and you don’t know how to find it. If the IP address is unknown, it is very difficult to communicate to the PLC over the Ethernet. This article will show you the tricks of finding an unknown PLC IP address.

Detecting an Unknown IP Address

There are several tools available on the internet that can be used to detect unknown PLC IP addresses. This article discusses the three simplest tools, which include: 

A) Advanced IP Scanner

This is an open-source third-party software, which is used to detect unknown IP addresses within a particular gateway range. The Advanced IP Scanner software is free, easy-to-use, and a fast network scanner. The method works by scanning the gateway range within which your PLC is located. The most common way of performing an IP address scan using this software is through the native commands supported by the O/S of your PC or desktop computer. Generally, modern PLCs have real-time Operating Systems like OS-9 or VxWorks. If the PLC is within a small network with a few IPs, then native commands like ping and ipconfig can assist you to scan the IPs and track your unknown PLC. The scanning process using a PC or a desktop computer is simple is as follows: 

1) Download the Advanced IP Scanner Software, install it onto the PC or desktop computer connected to your PLC, and then open the software.

2) Enter the gateway range of your supposed PLC IP address, as shown in the figure below. Alternatively, if you are not sure or you don’t know the gateway range, click on the “IP” button in the toolbar; this will automatically set the IP address range in your PC subnet as well as the gateway range.

3) Click the “Scan” button. During this process the scanner detects all the IP addresses within the specified gateway range. Once the process is completed you will get a list of all the devices in the network as well as their IP address, including that of your PLC of interest.

However, this IP scanner can only scan the selected network, if you can’t find your PLC on the scanned network, double-check that you’re scanning the correct network. The Advanced IP Scanner tool is only useful if you know the gateway range of your PLC; otherwise, it won’t be able to detect a device outside your PC or desktop range.
Additionally, applying this technique for large-scale networks is almost impossible. As large-scale networks perform dynamic IP allocations, they consist of multiple subnets; they are continuously scaling up to support increasing computational needs. These characteristics make it impossible to scan your network manually. A highly suitable alternative is the “OpUtils” Advanced IP Scanner, which is geared towards easing the task of network IP scanning. This software supports both IPv4 and IPv6 addresses, allowing you to scan your network in seconds and access the scan result in your console. It is also available for both Linux and Windows operating systems.

B) Wireshark Software

Wireshark is an open-source software, used as a network analyzer and monitor. It allows you to detect a network of IP addresses in any gateway range (no range limitations), in a single scan. This software comes in handy when you have no idea what your PLC’s IP address is and PLC’s gateway range is unknown. Wireshark allows you to check out network traffic in real-time, whenever any PLC comes online you can readily identify its IP address. Wireshark can find a PLC IP address using two different requests, which include:

1) Finding a PLC IP address using DHCP Requests
Using Dynamic Host Configuration Protocol (DHCP) traffic on Wireshark you can determine the IP address of an unknown PLC on your network. However, this method works only if it is the host (i.e., the PLC in this case) requesting an IP address. For instance, the PLC can send a DHCP protocol message, which the Wireshark software can use to map the PLC’s physical IP address; by analyzing the packets exchanged.

2) Wireshark PLC IP address puller using ARP Requests
Wireshark can use Address Resolution Protocol (ARP) requests to get the IP address of an unknown PLC on your network. Usually, the ARP is a broadcast request which is meant to assist the client’s PC/ desktop or any other machine to map out the entire host network. Compared to DHCP requests, ARP requests are more foolproof because even PLCs with a static IP address will readily generate ARP traffic once they are powered on.

One important thing to note is that when you use Wireshark and close it up, the PC/ desktop Ethernet port gets blocked at times; this makes it impossible to ping any PLC from the client machine. However, this rarely occurs and once it happens you can just re-open the Wireshark software and scan again; this will reopen your Ethernet port.

C) Using a SIM-IPE PLC Tool

This tool is designed and distributed by PLC Tools Company and comes in handy when you find yourself in a job site in which the PLC controlled systems are not connected to any HMIs like PCs or LCD displays; so, they have no way of showing the IP addresses. In such situations, all you need to do is to directly plug the SIM-IPE into the PLC’s spare Ethernet port and discover its IP address. This tool has further been advanced in that you can plug it into an Ethernet switch using its Read Unknown IP feature. Once it is plugged, it will swiftly list all the IP addresses on the network, including the model numbers and MAC (Machine Access Code) addresses. These details will enable you to easily locate the particular PLC you’re interested in, as well as its IP address.

Verifying Known PLC IP Addresses 

D) Ping Command

In other cases, you might be knowing the IP address of your PLC but you want to connect to it or verify it. In such a case you can use the ping command which is available in Windows. Usually, the ping command sends data packets to the specified IP address on a network and then lets you know the duration of data transmission as well as the response time. It is a very fast and useful method to test your IP address and see if you are able to connect to it or not.

The first step in using this method is to connect the Ethernet cable directly from the PLC Ethernet port to the PC Ethernet port. Then you can try pinging with default IP addresses like or, but in this case, you have to make sure no other devices are connected to the network. However, if you know the PLC IP address to be something like and you want to verify or connect to it; the first thing you do is to check whether your PC’s IP address is in the same gateway or not. Here you can you can verify whether your PLC IP address is different from that of your PC and see if it is in the same gateway range.

Assigning an IP Address

In other cases, you may not be able to find your PLC’s IP address because the manufacturer’s default setting is for the user to assign an IP address to the PLC they purchase. For instance, Allen-Bradley PLCs’ are shipped with BOOTP/DHCP enabled; which is the factory’s default. The Bootstrap Protocol (BOOTP)/DHCP is an add-on tool for most Rockwell software packages that allows one to set the IP address of a brand-new PLC. The steps to assigning an IP address using this tool are as follows:

1) Connect your PLC and PC to an Ethernet switch.

2) Open the BOOTP/DHCP server, the shortcuts for doing so may vary for different PCs but the default one is: Start Menu > Rockwell Software Packages >BOOTP/DHCP.

3) In a few seconds, your PLC will begin to request an IP address. At this point, from the “Request History” select one of the requests and press “Add to Relation List”. Then, enter the IP Address you would wish to assign your PLC and press OK. Your PLC will then be added to the “Relation List”. So, when the PLC requests an IP address again, the assigned address will appear in the “IP Address“ column. 

However, the BOOTP/DHCP server only assigns a temporary IP Address to your PLC and at one point you will be required to assign the PLC a permanent IP Address. Also, setting a static IP address for the PLC is considered the best practice especially when you have to integrate remote access, SCADA, and device troubleshooting in the future. Hence, for the PLCs with BOOTP/DHCP enabled you have to disable it to give the PLC a static IP address. To disable the BOOTP/DHCP you need a Rockwell tool known as BootP DHCP EtherNet/IP Commissioning Tool.

The tricky part in assigning the Static IP address is making sure the PLC you’re communicating with is the one you need (in cases where there are several PLCs on-site). So, the first step will be to locate your specific PLC through its MAC address. Then on the BootP DHCP EtherNet/IP Commissioning Tool, select “Add Relation.” Then, right-click on the PLC and select “Disable BOOTP/DHCP”, as illustrated in the image below. Next, enter the desired network settings and click “OK”. It is recommended that you power cycle the system at this point, to be sure that the PLC has retained the assigned IP Address.

These are just a few of the most widely used software, and methods that are normally followed in detecting and verifying an unknown IP address for your PLC. There are still many more alternative ways to find your PLCs IP Address, depending on your PLC model, its documentation, and the manufacturer’s support. For more information please visit our website here, or contact us at sales@pdfsupply.com or 1-800-730-0292.  

This entry was posted on August 24th, 2021 and is filed under Uncategorized. Both comments and pings are currently closed.

Comments are closed.

PDF Electric & Supply Inc. sells new, new surplus and refurbished products which are sourced through independent channels. All warranties and support, if applicable, are with PDF Electric & Supply Inc. and not the manufacturer. PDF Electric & Supply Inc. is not an authorized distributor or representative for the listed manufacturers and makes no representations as to any quality control performed by any listed manufacturer on the products. The products listed on this website may vary as to their country of origin; the accessories, and other items included with the product; and the language used on the packaging, the parts, and any related instructions or printed material related to the products. This website is not sanctioned or approved by any manufacturer or tradename listed. Designated trademarks, brand names and brands appearing herein are the property of their respective owners.