Just started using Wireshark to read network traffic for BACnet.

I set the capture filter to “ether host xx:xx:xx:xx:xx:xx” to read only traffic for a certain device. If you use a display filter instead of a capture filter, it captures all the network junk. The tighter the capture filter, the better.

 I have also set the display filter to “bacnet.version > 0” in order to see only BACnet traffic. I am sure there is a better way.


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: