Difference between revisions of "Wireshark"

From BACnet Wiki
Jump to: navigation, search
 
Line 1: Line 1:
 
Wireshark is a premier, open source, Ethernet packet sniffer with a BACnet decoder.
 
Wireshark is a premier, open source, Ethernet packet sniffer with a BACnet decoder.
 +
 +
===Using Wireshark===
 +
#Establish what BACnet port you are interested in (usually 47808)
 +
#Run Wireshark
 +
#Before starting a capture, set the capture filter to "udp port 47808". This avoids capturing huge amounts of "office traffic"
 +
#Start the capture
 +
#When your interesting event has been captures, stop the capture, and save the capture log to a file.
 +
  
 
===Why can't I see my BACnet Traffic on Wireshark?===
 
===Why can't I see my BACnet Traffic on Wireshark?===

Latest revision as of 10:47, 3 October 2018

Wireshark is a premier, open source, Ethernet packet sniffer with a BACnet decoder.

Using Wireshark

  1. Establish what BACnet port you are interested in (usually 47808)
  2. Run Wireshark
  3. Before starting a capture, set the capture filter to "udp port 47808". This avoids capturing huge amounts of "office traffic"
  4. Start the capture
  5. When your interesting event has been captures, stop the capture, and save the capture log to a file.


Why can't I see my BACnet Traffic on Wireshark?

Unless Wireshark is running on one of the nodes of interest, it will only receive broadcasts. It cannot 'see' the directed traffic between two other nodes.

There are a few ways to see this traffic

  1. Run Wireshark on one of the nodes that is sending or receiving the BACnet traffic - and you probably cannot do this, even if you know which node it is.
  2. Modify your Ethernet switch settings to mirror all packets out of a single port which your test PC running Wireshark get plugged into. This is the industry standard way of doing this.