Display Filter

Display filters are rules to extract the exact traffic you want to see.

Active Image

Available Display Filter Commands:

filters all KNXnetIP package
filters all KNXnetIP packages with a header, since there are no packages without a KNXnetIP header it filters all KNXnetIP packages
filters all KNXnetIP packages with a header length field, since there are no packages without a header length field it filters all KNXnetIP packages.
filters all KNXnetIP packages with a protocol version field, since there are no packages without a KNXnetIP protocol version field it filters all KNXnetIP packages.
filters all KNXnetIP packages with a Service Type Identifier field, since there are no packages without a KNXnetIP Service Type Identifier field it filters all KNXnetIP packages.
Moreover it is possible to search for a specific Service Type Identifier, e.g. knxnetip.type==0x0201 (or knxnetip.type eq 0x0201 )-> filters all TUNNELLING_REQUEST packages. For all possible service types look at the table below.
filters all KNXnetIP packages with an existing total length field, since there are no packages without a total length field it filters all KNXnetIP packages.
Moreover it is possible to search for a specifc total length of a KNXnetIP package, e.g. knxnetip.tlen==21 (or knxnetip.tlen eq 21 )-> filters all packages with a total length of 21 (total length = header length + length of the payload).
filters all KNXnetIP packages with a payload.
filters all KNXnetIP packages with a Host Protocol Address Information (HPAI) block.
filters all KNXnetIP packages with a HPAI length field.
filters all KNXnetIP packages with a host protocol code field.
Moreover it is possible to search for a specific value in the host protocol code field, e.g. knxnetip.hpai_host_protocol_code == 1 (or knxnetip.hpai_host_protocol_code eq 1 )-> filters all packages where the host protocol is "IPV4_UDP". So far there are just two codes available
  1. 0x01 -> IPV4_UDP
  2. 0x02 -> IPV4_TCP
filters all KNXnetIP packages with a HPAI address field
Moreover it is possible to search for a specific HPAI IP address, e.g. knxnetip.hpai_ip_address == 172.19.0.7
(so far only ipv4 addresses will be interpreted correct)
filters all KNXnetIP packages with a HPAI port number field.
 Moreover it is possible to search for a specific port number, e.g. knxnetip.hpai_port_number == 3671
filters all packages that contain a communication channel ID (unique identifier for current connection with a KNXnet/IP server)
Moreover it is possible to search for a specific communication channel id, e.g. knxnetip.com_ch_id == 70
filters all KNXnetIP packages with an existing connect response status field.
Moreover it is possible to search for a specific connect response status, e.g. knxnetip.connect_response_status == 0 -> filters all packages where the connect response status field is 0. So far there are just four codes available:
  1. 0x00 -> E_NO_ERROR - The connection was established succesfully
  2. 0x22 -> E_CONNECTION_TYPE - The requested connection type is not supported by the KNXnet/IP server device
  3. 0x23 -> E_CONNECTION_TYPE - The requested connection type is not supported by the KNXnet/IP server device
  4. 0x24 -> E_NO_MORE_CONNECTIONS - The KNXnet/IP server could not accept the new data connection (Maximum reached)
 
filters all KNXnetIP packages with an existing connectionstate response status field.

Moreover it is possible to search for a specific connectionstate response status, e.g. knxnetip.connectionstate_response_status == 0 -> filters all packages where the connectionstate response status field is 0. So far there are just four codes available:
  1. 0x00 -> E_NO_ERROR - The connection state is normal
  2. 0x21 -> E_CONNECTION_ID - The KNXnet/IP server device could not find an active data connection with the given ID
  3. 0x26 -> E_DATA_CONNECTION - The KNXnet/IP server device detected an erro concerning the Dat connection with the given ID
  4. 0x27 -> E_KNX_CONNECTION - The KNXnet/IP server device detected an error concerning the KNX Bus with the given ID

filters all KNXnetIP packages with an existing connection type field.
Moreover it is possible to search for a specific connection type, e.g. knxnetip.connection_type == 4 -> filters all packages where the connection is a device tunneling connection. So far there are five codes available:
  • 0x03 -> DEVICE_MANAGEMENT_CONNECTION
  • 0x04 -> TUNNELING_CONNECTION
  • 0x06 -> REMOTE_LOGGING_CONNECTION
  • 0x07 -> REMOTE_CONFIGURATION_CONNECTION
  • 0x08 -> OBJECT_SERVER_CONNECTION
filters all KNXnetIP packages with an existing sequence counter field. Available in follwoing four KNXnetIP packages:
  1.  DEVICE_CONFIGURATION_REQUEST
  2.  DEVICE_CONFIGURATION_ACK
  3.  TUNNELLING_REQUEST
  4.  TUNNELLING_ACK
filters all KNXnetIP packages with an existing reserved field.
filters all KNXnetIP packages with an existing description type field (only contained in a DIB (Description Information Block)).
Moreover it is possible to search for a specific description type, e.g. knxnetip.description_type == 1 -> filters all packages where the DIB is a Device information DIB. So far there are three codes available:
  • 0x00 -> E_NO_ERROR - The message was received succesfully
  • 0x29 -> E_TUNNELLING_LAYER - The requested tunnelling layer is not supported by the KNXnet/IP Server device
filters all KNXnetIP packages with an existing disconnect response status field.
filters all KNXnetIP packages with an existing description type field (only contained in a DIB (Description Information Block)).
Moreover it is possible to search for a specific description type, e.g. knxnetip.description_type == 1 -> filters all packages where the DIB is a Device information DIB. So far there are three codes available:
  1. 0x01 -> DEVICE_INFO
  2. 0x02 -> SUPP_SVC_FAMILIES - Service families supported by the device
  3. 0xFE -> knxnetip.description_type == 1
filters all KNXnetIP packages with an existing knx medium code field (only contained in a Device Information DIB (Description Information Block)).
Moreover it is possible to search for a specific  knx medium code, e.g. knxnetip.knx_medium_code == 2 -> filters all packages where the medium is TP1. So far there are just five codes available:
  1. 0x01 -> TP0
  2. 0x02 -> TP1
  3. 0x04 -> PL110
  4. 0x08 -> PL132
  5. 0x10 -> RF
filters all KNXnetIP packages with an existing device status field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing physical address field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing project installation identifier field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing device serial number field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing device routing multicast address field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing MAC address field (only contained in a Device Information DIB (Description Information Block)).
filters all KNXnetIP packages with an existing device friendly name.
filters all KNXnetIP packages with an existing service family identifier field. (only contained Supported Service Families DIB (Description Information Block))
filters all KNXnetIP packages with an existing manufacturer identifier field. (only contained Manufacturer Data DIB (Description Information Block))
filters all packages that contain a cEMI payload.

Available Service Types:

 0x0201 SEARCH_REQUEST
 0x0202 SEARCH_RESPONSE
 0x0203 DESCRIPTION_REQUEST
 0x0204 DESCRIPTION_RESPONSE
 0x0205 CONNECT_REQUEST
 0x0206 CONNECT_RESPONSE
 0x0207 CONNECTIONSTATE_REQUEST
 0x0208 CONNECTIONSTATE_RESPONSE
 0x0209 DISCONNECT_REQUEST
 0x020A DISCONNECT_RESPONSE
 0x0310 DEVICE_CONFIGURATION_REQUEST
 0x0311 DEVICE_CONFIGURATION_ACK
 0x0420 TUNNELLING_REQUEST
 0x0421 TUNNELLING_ACK
 0x0530 ROUTING_INDICATION
 0x0531 ROUTING_LOST_MESSAGE
   

Build howto

The build howtos for Linux and MS Windows can be found in the doc directory of the source repository. Follow this link to get the latest files.