Skip to content

Unsupported BACnet Services #50

New issue
New issue
Closed
Closed
Unsupported BACnet Services#50
@bjeffries

Description

@bjeffries
bjeffries
opened on Jul 22, 2025

🐛 Summary

We have identified 9 BACnet messages that are not supported / logged by the ICSNPP BACnet parser. They are:

  1. Confirmed Request 0x1e "Subscribe-COV-Property-Multiple"
  2. Confirmed Request 0x1f "Confirmed-COV-Notification-Multiple"
  3. Unconfirmed Request 0x0a "Write-Group"
  4. Unconfirmed Request 0x0b "Unconfirmed-COV-Notification-Multiple"
  5. Unconfirmed Request 0x0d "Who-Am-I"
  6. Unconfirmed Request 0x0e "You-Are"
  7. Error
  8. Reject
  9. Abort

Items 3 & 4 appear in the logs as "Unknown Service Choice". The remainder are not logged at all.

Request adding parsing for the noted service requests and for Error, Reject, and Abort messages.

To reproduce

  1. Ingest the attached composite BACnet pcap into the zeek parser.
  2. Review bacnet.log

Expected behavior

We expected log entries in bacnet.log for every BACnet service or error response.

What did you expect to happen that didn't?
See attached zip file containing test pcap and bacnet.log

bacnet.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions