Ask Your Question
0

Unable to capture packets when two BACnet devices communicate.

asked 2024-09-23 10:18:37 +0000

Hello Everyone, I'm currently facing challenges capturing BACnet traffic using Wireshark in my network setup. In the context of BACnet networking, we are utilizing the YABE (Yet Another BACnet Explorer) tool for device discovery and communication. When YABE sends a ReadProperty request to a BACnet device, Wireshark successfully captures the corresponding packet response. However, we are encountering an issue where no packets are captured when direct device-to-device requests are initiated.

This discrepancy raises concerns about the visibility of BACnet communications in our network setup, particularly regarding the effectiveness of packet capture tools like Wireshark. It suggests potential issues with network configuration, communication protocols, or device settings that prevent successful capture of inter-device communication.

We seek to identify the root cause of this issue to ensure comprehensive monitoring of BACnet traffic, facilitating effective troubleshooting and analysis within our network

Network Setup

  1. BACnet Devices: Connected via LAN cables to switch
  2. PC Running Wireshark: Connected to the same switch via a WiFi.

What I have tried:

  1. Wireshark Configuration: Selected the correct network interface. Enabled promiscuous mode. No capture filters applied; I've tried both with and without filters.

  2. Network Check: Ensured that both PC and BACnet are on the same subnet. Pinged the BACnet device from PC successfully. But unable to ping from one PC to the 2nd device which is connected to the 2nd PC.

The Problem:

Despite the above steps, I am unable to capture any BACnet packets in Wireshark.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-09-23 11:56:57 +0000

grahamb gravatar image

See the wiki page on Ethernet Capture setup, noting the issues when using a switch.

A Wireshark installation can only capture traffic that passes the capture point, so direct traffic between the two BACnet devices will NOT show up on your capture point.

edit flag offensive delete link more

Comments

Thank You for your prompt reply. To address the issue, I connected both of my PC's and BACnet devices to a network hub to facilitate packet capture.

While this setup allows me to see the BACnet request packets sent from one device to another, I am still unable to capture the response packets. I should be able to observe both the request and response packets, this is quite puzzling.

siddhantpurohit gravatar imagesiddhantpurohit ( 2024-09-24 09:33:27 +0000 )edit

What is your "hub" device? Some "hubs" are actually switches.

grahamb gravatar imagegrahamb ( 2024-09-24 10:36:14 +0000 )edit

Thank you for your prompt reply. I checked the details of the "hub" device; it suggests that it is a L2 switch. My switch is "D-Link DES-1005A."

siddhantpurohit gravatar imagesiddhantpurohit ( 2024-09-25 05:17:59 +0000 )edit

The D-Link device appears to be an unmanaged switch.

As hubs are obsolete and rare these days I have used the small Netgear switches that support port mirroring, e.g. the GS105e

grahamb gravatar imagegrahamb ( 2024-09-25 07:54:04 +0000 )edit

Thank you for your prompt reply. Which one would you suggest, as we have to test communication between multiple devices within different subnets for a BBMD network for BACnet? I am looking for a L3 managed switch. Thanking you, in anticipation.

siddhantpurohit gravatar imagesiddhantpurohit ( 2024-09-26 11:35:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-09-23 10:18:37 +0000

Seen: 117 times

Last updated: Sep 23