Hello there. I come from China. Your company often uses Wireshark at work. Currently there is a problem. I can't parse the opcua using Wireshark. I can only parse to the tcp layer. I confirm that the messages I grabbed are fine. How to solve this?
The OPC UA traffic is running on port 51234. Use either Analyze -> Decode As... to add a TCP Port entry for port 51234 with the decoding set to "OpcUa" or set the OpcUa port preferences to include 51234 (the file can support multiple ports, comma separated).
Unfortunately there is also MongoDB traffic using 51234 as a source port for the client which may be confusing things. The OPC UA traffic appears to be between hosts 10.0.20.114 and .115 so you can use a display filter of "ip.addr == 10.0.20.114" to see all the relevant traffic or "OpcUa" once you have set the "Decode As ..."
Ok. Thank you. The problem has been solved. I wish you a happy life.
By the way. Is it true that you have herd immunity in the UK?
Comments
What port is your OPC UA traffic running on? You might have to set the OpcUa dissector preferences for the port(s) in use.
Thank you for your answer. I tried it as you said. But it has no effect. Thanks again.
Can you share the capture file, using a public share such as Google Drive, DropBox etc? Post a link to the file back here.
Hello. I packaged the captured files into zip format. There are three pcap files in the compressed package. link:https://1drv.ms/u/s!AvrRhClm17ZIgmz8WcSKxln4fp-G?e=XfbLGw