Analyzing OPC UA Communications Using Wireshark

4 min read

Oct 24, 2016 2:00:00 PM

As more and more companies are making the switch from OPC-DA to OPC-UA, it is becoming increasingly important to be able to troubleshoot OPC-UA communications.     One of the easiest ways to analyze the communication between an OPC-UA client and server is to use Wireshark.

This blog will cover step-by-step how to use Wireshark to troubleshoot communications between your OPC-UA client and server applications.

Wireshark, a free network sniffing utility, has a built-in filter for OPC-UA, which will allow the capture of communications between OPC-UA clients and servers. As long as the communication is not encrypted (meaning that no security is used), it is fairly easy to capture and analyze the conversation. This allows troubleshooting of strange or unexpected behavior between the OPC-UA client and server.

The following steps will help you get started:

  1. Enabling the OPCUA filter

In order to make sure Wireshark actually captures the data, it has to be told which port to listen on. In Wireshark, go to “Edit -> Preferences” to open up the Preferences Window:

Editing Wireshark Preferences

Then, under the “Protocols” section, find the “OpcUa” protocol and make sure to enter the port that your OPC-UA server uses. The port can be found at the end of the OPC-UA server’s endpoint URL. For example, if the endpoint is “opc.tcp://192.168.111.75:49380”, the port will be 49380.

Defining OPC UA Ports in Wireshark

  1. Starting the capture

Choose the correct Interface in Wireshark, and hit the “Start” button.

Selecting the Network Interface in Wireshark

It’s important to note that Wireshark will record ALL traffic (not just OPC-UA) on the network interface that is selected. This is normal, and the OPC-UA communications can be filtered out later.

  1. Letting Wireshark run

Let Wireshark run and capture the network traffic while the OPC-UA client and server are communicating. If the goal is to troubleshoot some problem between the OPC-UA client and server, now would be the time to reproduce the issue you have been experiencing to make sure the behavior is included in the Wireshark capture. You should be seeing frames appear in Wireshark’s main window at this point (probably scrolling too fast to read – that’s expected – reading and analysis is the next step!).

  1. Analyze the capture

After a Wireshark trace has been collected during the desired problem behavior, it’s time to take a look at the communications to see what’s going on. In the “Filter” textbox, type “opcua”, and hit “Apply” to filter the trace to only show OPC-UA communications. This removes all of the irrelevant frames that we’re not interested in.

Applying OPC-UA Filter in Wireshark

Once the filter is applied, all that is left is the OPC-UA messages. An example output of OPC-UA communications could look something like this:

Example OPC-UA Diagnostics in Wireshark

From there, it’s possible to select a message/packet that is of interest (say a ReadRequest in frame 167 that is sent from the server to the client), and drill down to see exactly what is being requested.

Example OPC-UA Request in Wireshark

If we expand the frame, we can see that the client has requested to read AttributeId 13 (the value) from “Channel1.Device1.Tag1” in the OPC–UA Server. From here, we could move on to the ReadResponse in frame 168 to see what the server sends back to the client’s request.

(Insert Image – Stored in Hubspot – OPC_Dev_Blogs/WiresharkSampleResponsePacket) (Image Description – Screenshot – Example OPC-UA Response in Wireshark)

Example OPC-UA Response in Wireshark

We can see that the server’s ReadReponse tells us that the value of “Channel1.Device1.Tag1” is 7. We can also observe that the elapsed time between frames 167 and 168 is about 10ms – a very quick response time! If the elapsed time was a large amount of time, then it might raise an alarm that the server is taking too long to respond – which gives us a direction to go with further analysis to determine the reason for the delay.

Being able to collect this level of information is an invaluable tool for a control engineer working with OPC-UA communications. It allows them to diagnose strange or unexpected behaviors between OPC-UA Clients and servers and quickly pinpoint the problem.

To learn more about detailed analysis of OPC-UA communications using Wireshark, including a packet-by-packet analysis of the communication between a custom .NET client application (developed using our OPC Client development toolkit) and an OPC-UA server – I encourage you to have a look at our tutorial documents.

Free App Notes - OPC UA Analysis

Colson Dunlap
Written by Colson Dunlap

Software Toolbox Technical Blog

We're engineers like you, so this blog focuses on "How to" appnotes, videos, tech team tips, product update announcements, user case studies, and other technical updates.  Subscribe to updates below. Your feedback and questions on posts are always welcomed - just use the area at the bottom of any post.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all