Wireshark (www.wireshark.org), an open source packet capture utility, can be utilized to capture and inspect BACnet packets on your network. This tool should only be used to diagnose and troubleshoot BACnet communication only after it is determined that existing log data isn’t gathering the detail needed to troubleshoot.
After installing Wireshark on the Events2HVAC server, you must start a capture session using a capture filter to only capture BACnet packets. If you are capturing standard BACnet packets on the default UDP port, you would enter this filter in the capture filter data field in the interface options dialog:
Open the interface options:
Enter the capture filter, select the correct NIC card, and press START.
After the capture is started, you will begin to receive any BACnet packets that are sent or received on the NIC card using the capture filter parameters.
You can initiate any BACnet commands on the server to try to troubleshoot communications. Once you are done capturing all of the necessary packet information, hit the STOP item in the Capture menu.
Save the capture data to a file:
Name the capture file and save.
Table 1- Sample Capture and Display Filters
Wireshark Web Resources:
•Analyzing BACnet with Wireshark Article
http://kargs.net/captures/AnalyzingBACnetWithWireshark.pdf
•Index of BACnet capture files
http://kargs.net/captures/
•NPDU Display Filter Reference
http://www.wireshark.org/docs/dfref/b/bacnet.html
•ADPU Display Filter Reference
http://www.wireshark.org/docs/dfref/b/bacapp.html
•BVLC Display Filter Reference
http://www.wireshark.org/docs/dfref/b/bvlc.html