@vladimir Looks really good. I'm going to send this log over to our BACnet stack supplier to see if he has any extra feedback. To me this looks much better than running a 485 to USB connection into WireShark.

Thanks again for all the help. Any chance you could release this into your standard layer plugins?

BACnet_38400_heavery_traffic_error_v5.7z

@vladimir
Here is a log that is working very well until time stamp 9:55:07 +00:46.470 and then the decode stops.

Thanks again for all the help.

BACnet_38400_heavery_traffic_error_v4.7z

@vladimir Sorry for the delay. Upload symbol is there but I get an error that file is too big. The log is 1Mbyte in size. Is there a way to reduce the size once the log is loaded into IO Ninja?

Thanks.

[0_1709752179535_BACnet_38400_heavery_traffic_error_v4.njlog](Uploading 100%)

@vladimir That icon does not show on my Firefox. I'll try a different browser.

Most likely, you just commented out the padding code, but forgot to add a semicolon ;

Exactly correct as I had missed the '+' on the line above.

Traces look very good now as I will try to move to your latest code. Tried using the upload images(right most icon) to send a 7z zip file but I don't have privileges for it.

@vladimir Removing the padding gives this trying to load the Analyzer:

Inserting the changes to BacNetMsTpParser.jnc(without the modification to the padding) it runs very well with an occasional issues toward the end of a large packet:

While using this analyzer should we have been running Settings->Log Engine->Binary Data->Binary Data Merge with a 3msec threshold. Should we still be using this ?

Just want to also add how nice it is to be able to see the packets.

Thanks.

Re "stop" of the analyzer -- could you share the original .njlog with the large packet?

How do I send you the log that is out of sync. I'll try your fixes and report back. Also here are a couple frame types if you want to add them to the analyzer:

enum BacNetMsTcpFrameType: uint8_t {
	Token                       = 0,
	PollForMaster               = 1,
	PollForMasterReply          = 2,
	TestRequest                 = 3,
	TestResponse                = 4,
	BacNetDataExpectingReply    = 5,
	BacNetDataNotExpectingReply = 6,
	ReplyPostponed              = 7,
	ExtendedDataExpectingReply	= 32,
	ExtendedDataNotExpectingReply = 33,
	CustomFrame					= 254,
	NoFrame						= 255
}

Wow, this is great. Couple questions:

• The Pre-release does not have an install script(msi file.) Can I just drop the folders into the current C:\Program Files\Tibbo\IO Ninja directory?

Loaded your analyzer(on version 5.5.0) using Settings->Add-on Plugins->Layers->Add and selected BacNetMsTp.njplg(this was a guess).

• It ran very well except that after a large packet came through it seemed to stop(see timestamp 16:21:35 +00:06:437. Looked through the scripts(everything you sent) to see if there was a max number of bytes for a packet but did not find one.

Thanks again.

@vladimir After adding "Force Latin-1 encoding" to the Log Regex Markup settings I'm getting color highlights but no new timestamps when it see's the pattern.

Is there any way to get the log to show a timestamp at the beginning of each 55 FF pattern?

Thanks

@Vladimir I think at this point it would be nice to do a basic packet decode of sender/receiver and and packet type as it is only one byte long so 255 possibilities.

How do you get to the Transmit pane if it is greyed out(un-selectable) ?