CAS BACnet Wireshark Report tool

CAS BACNET WIRESHARK REPORT TOOL

The Chipkin BACnet Wireshark Report Tool is a tool to help debug problematic device installations on sites with BACnet networks. The tool decodes the captured BACnet messages from a Wireshark PCap log file into their XML representations and outputs a comprehensive report containing important information and statistics. The outputted report and xml files provide the user with an informed understanding of their network so that they can easily locate and debug problematic devices.

• Global PDU Count
• Packet-size statistics
• Hop count statistics
• Network information
  • Network addresses
  • Number of sent messages and received messages and their service type
  • BACnet networks
  • Device addresses
  • BACnet objects
  • BACnet object properties and a history of their values

EXECUTING THE TOOL

Command Line Syntax:

   CASBACnetWiresharkReport [path to pcap file] [packet number]

Command Line Arguments:

• Path to PCap File  (Optional) - The path to a single Wireshark log to be processed.    Default: All files in the executable's root folder.
• Packet Number  (Optional) - The  number of the packet in the specified Wireshark log to be processed (all other packets will be ignored).   Default: All packets in the Wireshark log.

Command Line Examples:

The following command decodes and processes every Wireshark log in the root folder of the CASBACnetWiresharkReport.exe program. The Report.txt file will contain a separate report section for each log and an XML representation of every packet in every log will be outputted:

   CASBACnetWiresharkReport

The following command will output a report file that contains the BACnet information and statistics only concerning the fourth packet in wireshark_log.pcap (which is in the executables root directory), as well as the XML representation of the fourth packet:

   CASBACnetWiresharkReport wireshark_log.pcap 4

EXAMPLE REPORT

WIRESHARK BACNET REPORT TOOL v1.0.0
---------------------------------------------------
FYI: Packets received: 154
FYI: Packets successfully processed: 154
FYI: Packets unsuccessfully processed: 0
 
Global PDU Count
-------------------
- Abort: 8 
- Complex-Ack: 31 
- Confirmed-REQ: 76 
- Error: 20 
- Simple-Ack: 7 
- Unconfirmed-REQ: 12 
 
Packet Statistics
-------------------
Packet size stats:
     Average packet size: 89 bytes
     Largest packet size: 532 bytes (Pkt: 153)
     Smallest packet size: 15 bytes (Pkt: 2)
 
     Packets with size 1-60 bytes: 109 (70%)
     Packets with size 61-100 bytes: 1 (0%)
     Packets with size 101-300 bytes: 34 (22%)
     Packets with size 301-1200 bytes: 10 (6%)
     Packets with size 1201+ bytes: 0 (0%)
 
Hop count stats:
     Lowest hop count: 255 bytes (Pkt: 1)
 
     Packets with hop count 1-49: 0 (0%)
     Packets with hop count 50-99: 0 (0%)
     Packets with hop count 100-249: 0 (0%)
     Packets with hop count 250-255: 76 (100%)
 
Networks Information
-------------------
Network Address: 172.16.21.102
     Sent.Messages: 22
     Recv.Messages: 18
     Sent.PDU.ConfirmedRequest: 22
     Recv.PDU.ComplexAck: 10
     Recv.PDU.Abort: 5
     Recv.PDU.Error: 3
 
     BACnet Network: 0 (Local network)
          Device Address: 0 (Local device address)
 
Network Address: 172.16.21.101
     Sent.Messages: 62
     Recv.Messages: 61
     Sent.PDU.UnconfirmedRequest: 7
     Sent.PDU.ComplexAck: 20
     Sent.PDU.SimpleAck: 7
     Sent.PDU.Abort: 8
     Sent.PDU.Error: 20
     Recv.PDU.ConfirmedRequest: 61
 
     BACnet Network: 389 
          Device Address: 0x05F17D 
               Object Identifier - device: 389501
                    Property - apduTimeout: 3000 (Pkt: 4)
                    Property - applicationSoftwareVersion: v1 (Pkt: 6)
                    Property - description: [Error: Error-class: property, Error-code: unknownProperty] (Pkt: 8)
                    Property - deviceAddressBinding: {No response}
                    Property - location: [Error: Error-class: property, Error-code: unknownProperty] (Pkt: 12)
                    Property - objectName: Chipkin Automation Systems Simulated Bacnet Device 1 (Pkt: 16)
                    Property - firmwareRevision: {No response}
               Object Identifier - analogInput: 1
                    Property - objectIdentifier: analogInput, 1 (Pkt: 32)
                    Property - eventState: normal (0) (Pkt: 32)
                    Property - units: noUnits (95) (Pkt: 34)
                    Property - outOfService: false (Pkt: 34)
                    Property - objectType: analogInput (0) (Pkt: 34)
                    Property - objectName: Analog Input 1 (Pkt: 34)
                    Property - presentValue: 100 (Pkt: 37)
                    Property - statusFlags: b0000 (Pkt: 37)
                    ...

Example XML

Important:  CAS BACnet Wireshark Report Tool requires Wireshark  to be installed.

Note: Only *.pcap Wireshark log files are supported at this time.

Note:  See section 4 of the  CAS BACnet Wireshark Report Tool Manual  to learn how to create a Wireshark log of your network.

Tip:  We highly recommend filtering any non-BACnet IP messages out of Wireshark logs before they are passed to the BACnet Wireshark Report Tool.