This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 13 and 14
Revision 13 as of 2008-10-02 15:03:08
Size: 3247
Editor: SteveKarg
Comment: Changed SourceForge references
Revision 14 as of 2012-08-08 00:51:34
Size: 3247
Editor: GuyHarris
Comment: BACnet/IP runs over UDP, not TCP.
Deletions are marked like this. Additions are marked like this.
Line 43: Line 43:
You cannot directly filter BACnet protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one. You cannot directly filter BACnet protocols while capturing. However, if you know the [[UDP]] port used (see above), you can filter on that one.

BACnet

BACnet, the ASHRAE building automation and control networking protocol, has been designed specifically to meet the communication needs of building automation and control systems for applications such as heating, ventilating, and air-conditioning control, lighting control, access control, and fire detection systems. The BACnet protocol provides mechanisms by which computerized equipment of arbitrary function may exchange information, regardless of the particular building service it performs. As a result, the BACnet protocol may be used by head-end computers, general-purpose direct digital controllers, and application specific or unitary controllers with equal effect.

The BACnet protocol specifies transport over a number of datalink layers including ARCNET, MS/TP (RS-485), PTP (RS-232), LonTalk, and Ethernet. BACnet also specifies communication over UDP/IP which is known as BACnet/IP. Other datalink layers are proposed.

History

A brief BACnet history can be found at http://en.wikipedia.org/wiki/BACnet

Protocol dependencies

  • UDP: BACnet/IP uses UDP as its transport protocol. The default UDP port for BACnet traffic is 47808 (0xBAC0), but depending on the project specification other ports are also possible.

  • LLC: BACnet Ethernet uses LLC as its transport protocol. For BACnet traffic, DSAP is 0x82, SSAP is 0x82.

  • ARCNET: BACnet ARCNET uses ARCNET as its transport protocol.

  • MSTP: BACnet MS/TP uses either MSTP natively, or from the Cimetrics U+4 converter, LLC SNAP as its transport protocol.

Example traffic

wireshark_bacnet_stack_services.png

Wireshark

The BACnet dissector is fully functional.

Preference Settings

The dissector has no preference settings.

Example capture file

Here is a simple example capture file of some BACnet services generated by the BACnet Stack at SourceForge:

There are some sample BACnet capture files at:

Display Filter

A complete list of BACnet display filter fields can be found in the BACnet NPDU display filter reference, BACnet APDU display filter reference, and BVLC display filter reference

  • Show only the BACnet based traffic:
     bacnet || bvlc || bacapp

Capture Filter

You cannot directly filter BACnet protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.

  • Capture only the BACnet/IP traffic over the default port (47808):
     udp port 47808

Discussion

Protocols/bacnet (last edited 2012-08-08 00:56:38 by GuyHarris)