opklessons.blogg.se - Wireshark filter broadcast traffic

Wireshark is a free, open source, packet capture utility that can be used to analyze network traffic in general and includes functionality to capture and inspect BACnet packets right out of the box. Most technicians I work with are already familiar with this free utility but every once and a while I come across someone who isn’t familiar with it at all or has only heard about it in passing from other techs. Quit without Saving to discard the captured traffic.Often when handling support issues I ask customers to take a Wireshark capture in order to help diagnose and isolate the root cause of networking issues.

Close Wireshark to complete this activity.

Select additional frames and observe the Ethernet and IPv4 details for multicast traffic.

If it is SSDP or WS-Discovery traffic, it will be addressed to 239.255.255.250.

Expand Internet Protocol Version 4 to view IPv4 details.

Notice that it starts with 01:00:5e, the Ethernet multicast address for IPv4.

Expand Ethernet II to view the Ethernet details.

Notice that it is an Ethernet II / Internet Protocol Version 4 frame.

Observe the packet details in the middle Wireshark packet details pane.

Whatever you find, select the first frame. You may also see Web Services Dynamic Discovery (WS-Discovery) traffic or other multicast traffic.

The traffic you are most likely to see is Simple Service Discovery Protocol (SSDP) traffic.

To view only IPv4 multicast traffic, type ip.addr >= 224.0.0.0 (lower case) in the Filter box and press Enter.

Observe the traffic captured in the top Wireshark packet list pane.

Activity 2 - Analyze IPv4 Multicast Traffic Edit