How To Capture With Wireshark
Before you start a capture you can specify a capture filter. The effect of the filter is to prevent all packets being captured. Doing this can save space when you save the log and it might make it easier to find the packets you are interested in. However, there is some risk that you might filter out the packets of interest.
Before you start a capture you can specify a capture filter. The effect of the filter is to prevent all packets being captured. Doing this can save space when you save the log and it might make it easier to find the packets you are interested in. However, there is some risk that you might filter out the packets of interest.
For
example, a BACnet device might not operate correctly because it is
being hammered with packets from another protocol being sent incorrectly
to the BACnet device. Our advise is to capture as much as possible and
then filter what is displayed.
Here are some sample filters
Examples
Capture only traffic to or from IP address 172.18.5.4:
host 172.18.5.4
Capture only traffic to or from IP address 172.18.5.4 but exclude all FieldServer RUINET messages
host 192.168.1.81 and port not 1024
Capture traffic to or from a range of IP addresses:
net 192.168.0.0/24
or
net 192.168.0.0 mask 255.255.255.0
Capture traffic from a range of IP addresses:
src net 192.168.0.0/24
or
src net 192.168.0.0 mask 255.255.255.0
Capture traffic to a range of IP addresses:
dst net 192.168.0.0/24
or
dst net 192.168.0.0 mask 255.255.255.0
Capture only bacnet traffic: Assumes every device is compliant and is using the standard port.
port 47808
No comments:
Post a Comment