Dave Zug wrote:
> The BacNet protocol is supported by Ethereal (hows that pronounced BTW?)
> but it is only broken down in the tree view if the packets come across
> using the $BAC0 (47808) port... otherwise these are shown as generic UDP.
> Since configurations can be changed on these devices I am monitoring, I'm
> wondering if there is a way I can MANUALLY dictate to Ethereal that "UDP
> #1000" for example, is "BacNet".... or if Ethereal itself might modify the
> detection method (probably not very efficient to do the latter)
>
> any suggestions for me?
Mark one of the UDP packets and use Tools/Decode As... and select
BVLC (BACnet Virtual Link Control). That will decode packet to and from a
certain port number
with the BVLC dissector.
Unfortunately you have to do this each time you start Ethereal and maybe
also for several different port
numbers.
Extract from packet-bvlc.c:
-----------------------------
/* Taken from add-135a (BACnet-IP-standard paper):
*
* The default UDP port for both directed messages and broadcasts shall
* be X'BAC0' and all B/IP devices shall support it. In some cases,
* e.g., a situation where it is desirable for two groups of BACnet devices
* to coexist independently on the same IP subnet, the UDP port may be
* configured locally to a different value without it being considered
* a violation of this protocol.
*
* This dissector does not analyse UDP packets other than on port 0xBAC0.
* If you changed your BACnet port locally, use the ethereal feature
* "Decode As".
*/