Is your IT department super security-conscious? Maybe they’ve asked you to start filtering and scrubbing all your packet captures (pcaps), and you don’t know where to begin?
Here’s where to start: you’ll want to filter for BACnet traffic in Wireshark to ensure you don't export and save sensitive IT data. It’s a quick, cheap, and easy way to secure your data when you need to troubleshoot. In just five steps, you can export a packet capture (pcap) from Wireshark that only includes BACnet. From there, upload into Visual BACnet and start digging into those packets!
1. Open a capture in Wireshark, or start a new capture.
2. Navigate to the top filter bar on the left hand side.
3. Enter “bacnet || bacapp” and click Apply. Note that if you have BBMDs on your network sending BBMD-specific requests, you may also have to include “bvlc” in your filter (so, “bvlc || bacnet || bacapp”).
4. Export the specified packets (all those displayed) as .pcap files by going to File, then Export Specified Packets.
5. Upload into Visual BACnet, and start troubleshooting!
Alternatively, follow this video's instructions to easily capture BACnet traffic.