In some cases, it is desirable to capture (aka sniff) the network traffic in and out of a specific BACnet device or set of devices. For example, some BAS system have no BACnet traffic between the Server(s) and the first tier of controllers (e.g. edge controllers, supervisory devices), but BACnet communication is used between the first tier of controllers and field devices.
Since these "First tier controllers" are not computers on which we can simply install the Optigo Capture Tool, another method must be used to sniff the BACnet traffic.
One of the best alternative method is with the use of Mirror Ports (also known as SPAN ports). Mirror Ports are fairly simple to setup in manage switches. Effectively, we need the following to setup and use Mirror Ports to capture the desired BACnet traffic of a specific device:
- Define the "source" port to sniff the network traffic. This is the Ethernet port connected to the device on which we want to capture the BACnet traffic.
- Define a free Ethernet port on the same switch as a "destination" port
- Install and connect a computer to the "destination" port. The computer can be a VM, a laptop or the Optigo Hardware Capture Tool (contact Optigo sales@optigo.net for more information)
- Install and configure the Optigo Capture Tool on the computer (not necessary if using the Optigo Hardware Capture Tool)
- Request internet connection on the computer. This can be provided by providing internet access to the "destination port", or through a second port, or through WiFi.
Here is an example of a Mirror port setup using a laptop running the Optigo Capture Tool to capture the inbound and outbound BACnet traffic of a BAS Supervisory device.
The exact commands to setup mirror port will depend on the model of manage switch used. Typically, the commands will be
> configure terminal
> monitor session 1 source interface GigabitEthernet 1/0/1 both
> monitor session 1 destination interface GigabitEthernet 1/0/10
For more information on the Optigo Capture Tool, please see OptigoVN Capture Tool (Windows)
Note that most managed switches will support multiple "source" port, which means you can "copy" the traffic from multiple devices connected to the same switch at once. Visual BACnet and OptigoVN support analyzing traffic from multiple concurrent devices at once.
Note that some vendor support "mirror port" across multiple switches. In Cisco, this is called Remote-SPAN. Please ask your IT/Networking contact for more information on Remote-SPAN.
Comments
0 comments
Please sign in to leave a comment.