Dave Zug wrote: > The BacNet protocol is supported by Ethereal (hows that pronounced BTW?) > but it is only broken down in the tree view if the packets come across > using the $BAC0 (47808) port... otherwise these are shown as generic UDP. > Since configurations can be changed on these devices I am monitoring, I'm > wondering if there is a way I can MANUALLY dictate to Ethereal that "UDP > #1000" for example, is "BacNet".... or if Ethereal itself might modify the > detection method (probably not very efficient to do the latter) > > any suggestions for me?
Mark one of the UDP packets and use Tools/Decode As... and select BVLC (BACnet Virtual Link Control). That will decode packet to and from a certain port number with the BVLC dissector. Unfortunately you have to do this each time you start Ethereal and maybe also for several different port numbers. Extract from packet-bvlc.c: ----------------------------- /* Taken from add-135a (BACnet-IP-standard paper): * * The default UDP port for both directed messages and broadcasts shall * be X'BAC0' and all B/IP devices shall support it. In some cases, * e.g., a situation where it is desirable for two groups of BACnet devices * to coexist independently on the same IP subnet, the UDP port may be * configured locally to a different value without it being considered * a violation of this protocol. * * This dissector does not analyse UDP packets other than on port 0xBAC0. * If you changed your BACnet port locally, use the ethereal feature * "Decode As". */
