Not sure how to get just your BACnet data into Optigo Visual Networks? Let’s quickly review how to create a PCAP file in just a few simple steps that’s both compatible with OptigoVN’s diagnostic systems, and won’t contain any sensitive data you’re team might worry about.
Get the Best Capture for OptigoVN
What most people don’t think about when creating capture files is the purpose and the data sensitivity. We’re showing you how to ensure only BACnet data relevant to troubleshooting your OT network is captured, ensuring your IT department, who may be super security-conscious, is happy you’re filtering any sensitive data out of your captures.
How to Filter for BACnet Data in Wireshark
- Open a capture in Wireshark, or start a new capture.
- Using the filter bar, enter
bacnet || bacapp
, or bvlc || bacnet || bacapp and click Apply. - Export the filter packet capture as a new file.
- Upload your PCAP file into Optigo Virtual Networks to begin troubleshooting!
Step #1: Open a Capture in Wireshark
To start, open Wireshark, then choose File>Open and navigate to the capture file you want to open. Make sure that “All Capture Files” is selected as your Files of type.
Alternatively, you can start a new capture directly in Wireshark and work with that.
Step #2: Set up a Filter for BACnet Data Only
Navigate to the top filter bar on the left-hand side. In the bar, type enter bacnet || bacapp
to filter your capture file to only BACnet traffic. If you have BBMDs on your network sending BBMD-specific requests, you may also have to include “bvlc” in your filter (so, “bvlc || bacnet || bacapp”).
You’ll now see your packet capture file with only BACnet-related frames. The Packet’s Displayed info bar on the bottom right will show you how much of your capture is now being displayed, confirming the filter works.
Step #3: Export the Filtered Packet Capture
Next, export the now filtered packet capture as a new PCAP file. Click on File > Export Specified Packets. The default selection for the Save as type, (Wireshark/ … -pacapng) should be used.
Step #4: Upload Your PCAP File into OptigoVN
To upload a PCAP file, select a Monitoring Node and click “Upload Files”. Select the PCAP file(s) you want to analyze from your device. Once you’ve uploaded a PCAP file, allow the system a few moments to process the data, then click the refresh icon to display the diagnostic results. We’ve created a quick tutorial showing you how.
Key Takeaways for Filtering for BACnet Data
While these best practices are generally sufficient to help diagnose and resolve problems, it’s not uncommon to have issues that occur outside of normal working hours, making them difficult to troubleshoot without a technician on site. In all cases, we highly recommend using our plug-and-play, Optigo Networks Hardware Capture Tool for all BACnet MS/TP packet capture activities, or installing our free Optigo Networks Software Capture Tool (available as a Windows or Linux application) for BACnet IP or BACnet Ethernet captures.