OPC UA & Wireshark

UPDATED: 2021-05-10 to reflect the current Wireshark version. Also added details of filtering.

Wireshark is a great tool for sniffing network traffic. It contains several predefined filters for various protocols – and yes, also for OPC UA!

It can be a valuable tool, if you need to investigate what traffic is going between an UA client and server by revealing the contents of every packet – unless of course, you have enabled encryption on the connection!

There is one important setting that you need to take care of. Once you have started it for the first time, go to Edit-Preferences-Protocols-OpcUa. You must define the port numbers that may contain UA traffic in order to make the opcua protocol filter to work.

Wireshark - Preferences window

You can then just start capturing packets. If you filter with “opcua”, you will only get OPC UA packets.

Wireshark - ReadResponse

As you can see, it can parse the UA packets down to every parameter for display in the log!

You can further filter by the port number, etc. Use the Expression editor to build your own filter. This is useful, since the log gets easily filled with Read messages, due to the clients typically monitoring the connection and ServerStatus with frequent calls.

Wireshark - Display Filter Expression

If you wish to filter WriteRequests, you can find that from the available service list.

Wireshark - Display Filter Expression window

We found out that the ServiceNodeId is 673 for the WriteRequest. Once I have created that, I added 676 to the ‘in’ filter, after which we can also see the WriteResponses:

Wireshark - FilterByOPCUAServiceId

Also, check out the details about the filter syntax and the reference of the OPC UA filter.

More Information

If you have any questions or comments; please don’t hesitate to contact us by email at sales@prosysopc.com or through our website contact form.

Author Info

Headshot of Jouni Aro

Jouni Aro

Chief Technology Officer

Email: jouni.aro@prosysopc.com

Related Posts

Develop OPC UA Applications on Android with Prosys SDK

Develop OPC UA applications on Android with the Prosys OPC UA SDK for Java. This updated guide shows how to get started with Android SDK API 35, including a simple client example. Please note that testing on Android is limited, so full interoperability with all OPC UA systems cannot be guaranteed.

Read More »

Valio – Connecting Dairy Plant Automation with IT Using Prosys OPC UA Forge

At Valio, product quality and traceability requirements are at a very high level, highlighting the importance of smooth and reliable communication between different production systems. To meet these requirements, Prosys OPC developed the OPC UA standard based software Valio uses for integrating all their automation and manufacturing execution systems.

Read More »

Master’s Thesis Recap: OPC UA Role-Based Access Control in Industrial Automation

This master’s thesis recap examines how OPC UA Role-Based Access Control (RBAC) can be implemented in industrial automation. It compares directory integration with local role mappings, outlines their benefits and challenges, and presents findings from a simulated case study. The results highlight practical considerations for strengthening OT network security with OPC UA.

Read More »

Interested in this topic?

Get updated about new posts through our newsletter!