Wireshark (www.wireshark.org) is an open source packet capture utility that can be used to capture and inspect BACnet packets on your network. This tool should only be used to diagnose and troubleshoot BACnet communication after it is determined that existing log data isn’t gathering the detail needed to troubleshoot.
After installing Wireshark on the Events2HVAC server, you must start a capture session using a capture filter to only capture BACnet packets. If you are capturing standard BACnet packets on the default UDP port, you would enter this filter in the capture filter data field in the interface options dialog:
Open the interface options:
Enter the capture filter (see table 1 below), select the correct NIC card, and press START.
After the capture is started, you will begin to receive any BACnet packets that are sent or received on the NIC card using the capture filter parameters.
You can initiate any BACnet commands on the server to try to troubleshoot communications. Once you are done capturing all of the necessary packet information, hit the STOP item in the Capture menu.
Save the capture data to a file:
Name the capture file and save.
Typical Capture and Display Filters
Table 1- Sample Capture and Display Filters
Wireshark Web Resources:
- Analyzing BACnet with Wireshark Article
- Index of BACnet capture files
- NPDU Display Filter Reference
- ADPU Display Filter Reference
- BVLC Display Filter Reference