We have BACnet system configured using ports 47811. While using wireshark for analysis, we found BACnet messages on port 47811 is not recognized. asked 22 Jul '13, 04:39  RP_1985 edited 22 Jul '13, 06:04  cmaynard ♦♦ |
2 Answers:
Jasper is close, but the packets have to be UDP, and then you can select the BVLC (BACNet Virtual Link Control) protocol. BVLC also has preferences for additional UDP ports, so you can add another port there so you don't need to "Decode As" for each new capture. answered 22 Jul '13, 05:22  grahamb ♦ |
Usually I'd say you should try to use the popup menu on a packet that is not recognized and use the "Decode As" option to tell Wireshark how to decode the packet. But when I tested this I haven't seen anything called "BACnet", and it isn't listed in the protocol section of the preferences either. Maybe you can spot the correct protocol name though, in case it is not exactly called "BACnet". Other than that it is possible that Wireshark does not decode your protocol at all, or have you seen it work on other ports? answered 22 Jul '13, 05:08  Jasper ♦♦ edited 22 Jul '13, 05:09 |
I tried it on TCP and UDP, but didn't know about it being called "BVLC" :)
I had to look at the code to find out.
Thanks, grahamb,,,that's right...
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.