Wireshark 2.0 brought some new features, including extcap. Extcap allows an external application to capture packets and move them into Wireshark via a pipe. It is the perfect feature for serial packets, such as BACnet MS/TP on RS-485, which don’t have a network interface.

How does it work? After installing version Wireshark 2.0 or later, find the Extcap folder on your computer. The folder is listed under Wireshark Help About Folders menu option.


Copy mstpcap.exe into the Extcap folder (create the folder if it doesn’t exist).


Run Wireshark, and notice the new BACnet MS/TP Interfaces associated with each serial port.


Adjust the MS/TP Baud Rate for the particular interface.


Start or Stop captures using the Capture Start or Capture Stop options after selecting the Interface.