Wireshark Tool

Owned by Kimberly Cruz (Unlicensed)
Aug 12, 2021
3 min read

Wireshark Tool

We recommend to download the Wireshark tool to help troubleshoot bacnet communication issues on the server that FIN is hosted on. It is a free and open source packet analyzer. Its what we use to diagnose the bacnet network traffic and packets.

Installation

After downloading it, follow the install process. During installation, make sure all components are selected, Install Npcap is selected, don't need USBPcap. Then as its installing, you'll see the Npcap window where nothing needs to be selected, just install. This would be needed to see the available networks on the machine. Then Wireshark will complete installing.

Using Wireshark

Once the user has installed it and open it up, it would look something like below depending on version installed and see the available networks. We're going to cover some basics and few tips and tricks that we use for filtering.

The user will be able to see which network has activity in it by the line next to it on the right. If its flat, it means no activity going on there, but if its wavy, then there is some activity. Normally the bacnet traffic would be on an Ethernet network. The user would be able to mouse over the network and see if it has the IP being used by FIN because that is what it would be listening on.

Narrow Capture

If the user wants to narrow the traffic that is to be investigated so that they don't get ton of noise from unwanted traffic, they can follow the below.

The user can narrow traffic to just the network and standard bacnet port when capturing by specifying the network and port in the filter field.

  1. First select the network to capture

  2. Then in the filter enter "port 47808"

  3. Then hit Enter, or double click on the network (in our case Ethernet 2), or select the blue fin icon top left corner

  4. Then you'll see something like the below where wireshark is now actively capturing any available traffic on that network and port. You can see in the top left corner on the header where its listening to confirm your capture settings.

  5. Or they user can not select a network or port and just start capturing anything and then filtering by using "bacnet"

Stop Capture and Continue

This would only be available if currently capturing packets.

  1. If the user wants to pause capturing, then they would select the red square top left corner.

  2. If the user wants to continue/restart capturing, then would select the green fin with what appears to be a reload arrow.

Filtering Capture

Below are some ways the user can filter when capturing packets.

  • FIN IP: 

  • Bacnet Device IP: