Display Filter
Display filters are rules to extract the exact traffic you want to see.
Available Display Filter Commands:
- knxnetip
filters all KNXnetIP package
- knxnetip.header
filters all KNXnetIP packages with a header, since there are no packages without a KNXnetIP header it filters all KNXnetIP packages
- knxnetip.hlen
filters all KNXnetIP packages with a header length field, since there are no packages without a header length field it filters all KNXnetIP packages.
- knxnetip.version
filters all KNXnetIP packages with a protocol version field, since there are no packages without a KNXnetIP protocol version field it filters all KNXnetIP packages.
- knxnetip.type
filters all KNXnetIP packages with a Service Type Identifier field, since there are no packages without a KNXnetIP Service Type Identifier field it filters all KNXnetIP packages.
Moreover it is possible to search for a specific Service Type Identifier, e.g. knxnetip.type==0x0201 (or knxnetip.type eq 0x0201 )-> filters all TUNNELLING_REQUEST packages. For all possible service types look at the table below.
- knxnetip.tlen
filters all KNXnetIP packages with an existing total length field, since there are no packages without a total length field it filters all KNXnetIP packages.
Moreover it is possible to search for a specifc total length of a KNXnetIP package, e.g. knxnetip.tlen==21 (or knxnetip.tlen eq 21 )-> filters all packages with a total length of 21 (total length = header length + length of the payload).
- knxnetip.body
filters all KNXnetIP packages with a payload.
- knxnetip.hpai
filters all KNXnetIP packages with a Host Protocol Address Information (HPAI) block.
- knxnetip.hpai_length
filters all KNXnetIP packages with a HPAI length field.
- knxnetip.hpai_host_protocol_code
filters all KNXnetIP packages with a host protocol code field.
Moreover it is possible to search for a specific value in the host protocol code field, e.g. knxnetip.hpai_host_protocol_code == 1 (or knxnetip.hpai_host_protocol_code eq 1 )-> filters all packages where the host protocol is "IPV4_UDP". So far there are just two codes available
- 0x01 -> IPV4_UDP
- 0x02 -> IPV4_TCP
- knxnetip.hpai_ip_address
filters all KNXnetIP packages with a HPAI address field
Moreover it is possible to search for a specific HPAI IP address, e.g. knxnetip.hpai_ip_address == 172.19.0.7
(so far only ipv4 addresses will be interpreted correct)
- knxnetip.hpai_port_number
filters all KNXnetIP packages with a HPAI port number field.
Moreover it is possible to search for a specific port number, e.g. knxnetip.hpai_port_number == 3671
- knxnetip.com_ch_id
filters all packages that contain a communication channel ID (unique identifier for current connection with a KNXnet/IP server)
Moreover it is possible to search for a specific communication channel id, e.g. knxnetip.com_ch_id == 70
- knxnetip.connect_response_status
filters all KNXnetIP packages with an existing connect response status field.
Moreover it is possible to search for a specific connect response status, e.g. knxnetip.connect_response_status == 0 -> filters all packages where the connect response status field is 0. So far there are just four codes available:
- 0x00 -> E_NO_ERROR - The connection was established succesfully
- 0x22 -> E_CONNECTION_TYPE - The requested connection type is not supported by the KNXnet/IP server device
- 0x23 -> E_CONNECTION_TYPE - The requested connection type is not supported by the KNXnet/IP server device
- 0x24 -> E_NO_MORE_CONNECTIONS - The KNXnet/IP server could not accept the new data connection (Maximum reached)
- knxnetip.connectionstate_response_status
filters all KNXnetIP packages with an existing connectionstate response status field.
Moreover it is possible to search for a specific connectionstate response status, e.g. knxnetip.connectionstate_response_status == 0 -> filters all packages where the connectionstate response status field is 0. So far there are just four codes available:
- 0x00 -> E_NO_ERROR - The connection state is normal
- 0x21 -> E_CONNECTION_ID - The KNXnet/IP server device could not find an active data connection with the given ID
- 0x26 -> E_DATA_CONNECTION - The KNXnet/IP server device detected an erro concerning the Dat connection with the given ID
- 0x27 -> E_KNX_CONNECTION - The KNXnet/IP server device detected an error concerning the KNX Bus with the given ID
- knxnetip.structure_length
- knxnetip.connection_type
filters all KNXnetIP packages with an existing connection type field.Moreover it is possible to search for a specific connection type, e.g. knxnetip.connection_type == 4 -> filters all packages where the connection is a device tunneling connection. So far there are five codes available:
- 0x03 -> DEVICE_MANAGEMENT_CONNECTION
- 0x04 -> TUNNELING_CONNECTION
- 0x06 -> REMOTE_LOGGING_CONNECTION
- 0x07 -> REMOTE_CONFIGURATION_CONNECTION
- 0x08 -> OBJECT_SERVER_CONNECTION
- knxnetip.sequence_counter
filters all KNXnetIP packages with an existing sequence counter field. Available in follwoing four KNXnetIP packages:
- DEVICE_CONFIGURATION_REQUEST
- DEVICE_CONFIGURATION_ACK
- TUNNELLING_REQUEST
- TUNNELLING_ACK
- knxnetip.reserved
filters all KNXnetIP packages with an existing reserved field.
- knxnetip.tunnelling_status
filters all KNXnetIP packages with an existing description type field (only contained in a DIB (Description Information Block)).
Moreover it is possible to search for a specific description type, e.g. knxnetip.description_type == 1 -> filters all packages where the DIB is a Device information DIB. So far there are three codes available:
- 0x00 -> E_NO_ERROR - The message was received succesfully
- 0x29 -> E_TUNNELLING_LAYER - The requested tunnelling layer is not supported by the KNXnet/IP Server device
- knxnetip.disconnect_response_status
filters all KNXnetIP packages with an existing disconnect response status field.
- knxnetip.description_type
filters all KNXnetIP packages with an existing description type field (only contained in a DIB (Description Information Block)).
Moreover it is possible to search for a specific description type, e.g. knxnetip.description_type == 1 -> filters all packages where the DIB is a Device information DIB. So far there are three codes available:
- 0x01 -> DEVICE_INFO
- 0x02 -> SUPP_SVC_FAMILIES - Service families supported by the device
- 0xFE -> knxnetip.description_type == 1
- knxnetip.knx_medium_code
filters all KNXnetIP packages with an existing knx medium code field (only contained in a Device Information DIB (Description Information Block)).
Moreover it is possible to search for a specific knx medium code, e.g. knxnetip.knx_medium_code == 2 -> filters all packages where the medium is TP1. So far there are just five codes available:
- 0x01 -> TP0
- 0x02 -> TP1
- 0x04 -> PL110
- 0x08 -> PL132
- 0x10 -> RF
- knxnetip.device_status
filters all KNXnetIP packages with an existing device status field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.physical_address
filters all KNXnetIP packages with an existing physical address field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.project_installation_ID
filters all KNXnetIP packages with an existing project installation identifier field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.knx_device_serial_number
filters all KNXnetIP packages with an existing device serial number field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.device_routing_multicast_address
filters all KNXnetIP packages with an existing device routing multicast address field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.mac_address
filters all KNXnetIP packages with an existing MAC address field (only contained in a Device Information DIB (Description Information Block)).
- knxnetip.device_friendly_name
filters all KNXnetIP packages with an existing device friendly name.
- knxnetip.service_family_id
filters all KNXnetIP packages with an existing service family identifier field. (only contained Supported Service Families DIB (Description Information Block))
- knxnetip.knx_manufacturer_ID
filters all KNXnetIP packages with an existing manufacturer identifier field. (only contained Manufacturer Data DIB (Description Information Block))
- knxnetip.cemi
filters all packages that contain a cEMI payload.
Available Service Types:
| 0x0201 |
SEARCH_REQUEST |
| 0x0202 | SEARCH_RESPONSE |
| 0x0203 | DESCRIPTION_REQUEST |
| 0x0204 | DESCRIPTION_RESPONSE |
| 0x0205 | CONNECT_REQUEST |
| 0x0206 | CONNECT_RESPONSE |
| 0x0207 | CONNECTIONSTATE_REQUEST |
| 0x0208 | CONNECTIONSTATE_RESPONSE |
| 0x0209 | DISCONNECT_REQUEST |
| 0x020A | DISCONNECT_RESPONSE |
| 0x0310 | DEVICE_CONFIGURATION_REQUEST |
| 0x0311 | DEVICE_CONFIGURATION_ACK |
| 0x0420 | TUNNELLING_REQUEST |
| 0x0421 | TUNNELLING_ACK |
| 0x0530 | ROUTING_INDICATION |
| 0x0531 | ROUTING_LOST_MESSAGE |
Build howto
The build howtos for Linux and MS Windows can be found in the doc directory of the source repository. Follow this link to get the latest files.