![]() ![]() The computer running Wireshark attaches to the mirrored-port and the operator changes the designated port based upon what port on the switch he wants to monitor. With port-mirroring, a port on the switch can be configured to see all the traffic on a designated port. Port-mirroring is a feature that is found in managed switches and Contemporary Controls' managed switches have this feature. The third approach, which he recommends, is to use a switch with port-mirroring. The second approach is adding a passive Test Access Point (TAP). We would also add that finding an Ethernet hub is difficult anyway. The resulting system is no longer reflective of the system without the hub. The first method is to use an Ethernet hub but as he says installing a 10 Mbps hub on a system that was operating at 100 Mbps forces a lower throughput. In the article Frank suggests three ways to connect a computer running Wireshark to the network being monitored while avoiding the switched-Ethernet problem. ![]() This means that a protocol analyzer attached to a port on the same Ethernet switch that is passing the message will not see the message. Ethernet switches will pass directed messages only between devices party to the message. ![]() In order to monitor network traffic, your tool needs to be able to see the network traffic which is tricky with a switched-Ethernet network. This free open-source software is very popular when analyzing protocols over Ethernet and as the article points out, it can be used to analyze BACnet MS/TP traffic as well. March 2011 - Frank Schubert of MBS GmbH had an interesting article in the February 2011 issue of BACnet International Journal entitled BACnet Protocol Analysis Using Wireshark. NEW Skorpion Diagnostic Switch teams up with Wireshark ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |