Encapsulated Remote Switch Packet ANalysis (ERSPAN) is an advanced method of sniffing/capturing network traffic from multiple locations in a wide network. The PCAP file created from ERSPAN is not natively supported by Visual BACnet.
In order to use files ERSPAN created PCAP files in Visual BACnet, a simple modification to the PCAP file is necessary.
Please use the editcap.exe application provided with Wireshark to remove the first 50 bytes of every packets, which are the layers added by ERSPAN. Make sure you are in the correct folder/directory where your input PCAP file can be found.
> 'C:\Program Files\Wireshark\editcap.exe' -C 50 input.pcap new_ERSPAN_removed.pcap
Then, load the edited new_ERSPAN_removed.pcap file into Visual BACnet.
Comments
0 comments
Please sign in to leave a comment.