Enumerating BACnet devices
BACnet devices are very common for interconnecting and controlling HVAC, power and ventilation systems, and many other components in building automation systems. It is possible to gather information from them, such as vendor, device name, serial number, description, location, and even the firmware version with some help from the Nmap Scripting Engine.
This recipe shows you how to detect and collect information from BACnet devices with Nmap.
How to do it...
Open your terminal and enter the following Nmap command:
$ nmap -Pn -sU -p47808 --script bacnet-info <target>
The bacnet-info
script will obtain device information, as shown next:
PORT STATE SERVICE 47808/udp open  bacnet | bacnet-info: |    Vendor ID: CarelS.p.A. (77) |    Vendor Name: CarelS.p.A. |    Object-identifier: 77000 |    Firmware: A1.4.9 - B1.2.4 |    Application...