The Diagnostic Switch only has five ports so if more ports are needed, Diagnostic Switches can be cascaded.Īctive Test Access Point Here is a suggestion for your next project. This allows protocol tools such as Wireshark to capture any network traffic that goes through the switch regardless of the port location of the traffic. Because it does not update its database of source MAC addresses and switch port pairings, the Diagnostic Switch continues to flood all ports with messages as if they were broadcast messages. As we mentioned in the last newsletter, the Diagnostic switch retains ALL the features of an unmanaged switch such as auto-negotiation and auto-MDIX except for one significant feature – it does not learn. We suggest that there is a fourth option and that is Contemporary Controls' EISK5-100T/H Diagnostic Switch. Frank suggests that a switch with port-mirroring capability be installed in each equipment room that has devices attached to the IT backbone. The computer running Wireshark attaches to the mirrored-port and the operator changes the designated port based upon what port on the switch he wants to monitor. With port-mirroring, a port on the switch can be configured to see all the traffic on a designated port. Port-mirroring is a feature that is found in managed switches and Contemporary Controls' managed switches have this feature. The third approach, which he recommends, is to use a switch with port-mirroring. The second approach is adding a passive Test Access Point (TAP). We would also add that finding an Ethernet hub is difficult anyway. The resulting system is no longer reflective of the system without the hub. The first method is to use an Ethernet hub but as he says installing a 10 Mbps hub on a system that was operating at 100 Mbps forces a lower throughput. In the article Frank suggests three ways to connect a computer running Wireshark to the network being monitored while avoiding the switched-Ethernet problem. This means that a protocol analyzer attached to a port on the same Ethernet switch that is passing the message will not see the message. Ethernet switches will pass directed messages only between devices party to the message. In order to monitor network traffic, your tool needs to be able to see the network traffic which is tricky with a switched-Ethernet network.
This free open-source software is very popular when analyzing protocols over Ethernet and as the article points out, it can be used to analyze BACnet MS/TP traffic as well. March 2011 - Frank Schubert of MBS GmbH had an interesting article in the February 2011 issue of BACnet International Journal entitled BACnet Protocol Analysis Using Wireshark. NEW Skorpion Diagnostic Switch teams up with Wireshark
0 kommentar(er)
