Hi Simon,
I help maintain the BACnet (bacnet, bacapp, bvlc) dissectors in
WireShark. Sorry I didn't see your post sooner - I normally just scan
the subject lines for BACnet or BACapp or BVLC.
Either under Chapter "GUI" or "Dissection":
When a protocol is used on another port than Wireshark expects it to
be (such as BACnet on UDP port 48560) the context sensitive menu Item
"Decode as..." is GREAT, but finding what I need is not so great
since only an abreviation (in above example BVLC) can be selected
without any way of help. I suggest a tooltip when hovering over a
selected protocol item with the same content as in help --> Supported
Protocols (in above example BVLC: BACnet Virtual Link Control).
Do you have a capture for this? If so, I can look at what is required
for WireShark to analyze BACnet/IP on a UDP/IP port other than 47808.
Dissector specific
Item 19. What's the reason, the APDU part of BACnet/IP is not
dissected? Is it just the workload (for which a solution can be
found) or there a technical reason such as variable length, the
BACnet specific solution of segmenting or other?
The APDU portion is dissected and mostly complete since Ethereal
0.10.11. I will update the wishlist:
http://wiki.wireshark.org/WishList
Best Regards,
Steve