KNX is a popular building automation protocol specifically designed to interconnect sensors, actuators, and other components. KNX-Bus-Dump is a powerful tool for monitoring and analyzing KNX bus data, utilizing the Calimero Java library to log and monitor all data transmitted via the KNX bus.
KNX-Bus-Dump can access the KNX bus via a TPUART connection, though it can also be adjusted to use other media connections. Data is dumped into a Wireshark-compatible hexadecimal dump file. Data comes with timestamps and is standardized to UTC time with nanosecond precision for data analysis and to provide a timeline of communication data. The generated hexadecimal dump file can be imported into Wireshark, which can configure its cEMI parser to parse KNX data.
KNX-Bus-Dump can be used for protocol analysis of KNX sensors, actuators, and other KNX devices. Moreover, the tool can be utilized for security analysis of KNX devices.
Tcpdump and Wireshark cannot be used to dump data sent through the KNX bus because we are dealing with native KNX data, not TCP/IP packets. Tcpdump and Wireshark can dump KNXnet/IP packets, which are TCP/IP packets used to send commands and data to the KNX bus via a TCP/IP network.
This tool requires the use of the Calimero Java library, is compatible with Raspberry Pi 3 and 4, and also requires a Raspberry Pi HAT for TPUART connection.
Researchers can clone the project source code locally using the following commands:
1. Copy the âKNXBusDump.javaâ file into the âintroduction/src/main/java/â path in the Calimero project.
2. In the terminal, switch to the âintroductionâ directory.
3. Use the following commands to directly run KNX-Bus-Dump:
4. Now, we can wait for the bus to transmit data; the dumped data will be stored in the âKNXBusDump-Telegrams.txtâ file.
5. Use the Ctrl+C shortcut to cancel the toolâs operation, then import the generated file into Wireshark for further analysis.
In Wireshark, we can import the hexadecimal dump packets and designate a parser to analyze the packets.
1. In Wireshark, wait for the import to complete, then click âFile -> Import From Hex Dumpâ:
2. To correctly parse data and output results, we need to provide a regular expression:
3. Select the hexadecimal dump file as the input source.
4. In the new dialog window, switch to the âRegular Expressionâ tab and paste the aforementioned regular expression.
5. Ensure the data encoding is âPlain hex 200*16â.
6. In the âTimestamp formatâ section, we need to specify the toolâs generation mode:
7. In the âEncapsulationâ section, change the âEncapsulation Typeâ to âWireshark Upper PDU Exportâ.
8. Now we can import the file for packet analysis:
Note: The highlighted time is âNORMALIZED UTC TIMEâ; no matter which timezone is marked, the final display is UTC time.
Test Scenario
https://github.com/ChrisM09/KNX-Bus-Dump
https://github.com/ChrisM09/KNX-Bus-Dump/blob/main/KNX-Raspberry-Pi-Hat-Usage/README.md
https://github.com/ChrisM09/KNX-Bus-Dump/blob/main/Raspberry-Pi-Calimero-Setup/README.md