How to Filter for BACnet Data in Wireshark

a computer screen displaying multicolored lines of code
In just five steps, you can export a packet capture (pcap) from Wireshark that only includes BACnet. From there, upload into OptigoVN and start digging into those packets! Check out the video below.

Not sure how to get just your BACnet data into Optigo Visual Networks? Let’s quickly review how to create a PCAP file in just a few simple steps that’s both compatible with OptigoVN’s diagnostic systems, and won’t contain any sensitive data you’re team might worry about.

 

Get the Best Capture for OptigoVN

What most people don’t think about when creating capture files is the purpose and the data sensitivity. We’re showing you how to ensure only BACnet data relevant to troubleshooting your OT network is captured, ensuring your IT department, who may be super security-conscious, is happy you’re filtering any sensitive data out of your captures. 

Step #1: Open a Capture in Wireshark

To start, open Wireshark, then choose File>Open and navigate to the capture file you want to open. Make sure that “All Capture Files” is selected as your Files of type.

Alternatively, you can start a new capture directly in Wireshark and work with that.

Step #2: Set up a Filter for BACnet Data Only

Navigate to the top filter bar on the left-hand side. In the bar, type enter bacnet || bacapp to filter your capture file to only BACnet traffic. If you have BBMDs on your network sending BBMD-specific requests, you may also have to include “bvlc” in your filter (so, “bvlc || bacnet || bacapp”). 

You’ll now see your packet capture file with only BACnet-related frames. The Packet’s Displayed info bar on the bottom right will show you how much of your capture is now being displayed, confirming the filter works.

Step #3: Export the Filtered Packet Capture

Next, export the now filtered packet capture as a new PCAP file. Click on File > Export Specified Packets. The default selection for the Save as type, (Wireshark/ … -pacapng) should be used.

Step #4: Upload Your PCAP File into OptigoVN

To upload a PCAP file, select a Monitoring Node and click “Upload Files”. Select the PCAP file(s) you want to analyze from your device. Once you’ve uploaded a PCAP file, allow the system a few moments to process the data, then click the refresh icon to display the diagnostic results. We’ve created a quick tutorial showing you how.

Key Takeaways for Filtering for BACnet Data

While these best practices are generally sufficient to help diagnose and resolve problems, it’s not uncommon to have issues that occur outside of normal working hours, making them difficult to troubleshoot without a technician on site. In all cases, we highly recommend using our plug-and-play, Optigo Networks Hardware Capture Tool for all BACnet MS/TP packet capture activities, or installing our free Optigo Networks Software Capture Tool (available as a Windows or Linux application) for BACnet IP or BACnet Ethernet captures. 

Share This Post

Don't want to wait?

Sign up now to get posts delivered right to your inbox the moment they go live.

Need Help Solving BACnet Issues?

Optigo Visual Networks is the industry leading software for troubleshooting and monitoring building automation networks, and it’s free!

An image of a laptop displaying the results of a diagnostic report run from Optigo Visual Networks BACnet monitoring app.