Clarification regarding opcua protocol display filter

Hello,

I am writing to ask about the underlying query used to apply the display filter of opcua protocol in wireshark GUI. I wish to replicate the same functionality via Python using pyshark i.e I wish to use the display filter as it is in wireshark but pyshark doesn't support opcua protocol display filter out of the box. Thus, I want to know how wireshark applies this filter so that I can do the same programmatically.

works -> data = pyshark.FileCapture(pcap_file, display_filter="tcp")

does not work -> data = pyshark.FileCapture(pcap_file, display_filter="opcua")

pujarirangan's avatar
1
pujarirangan
asked 2023-09-13 00:18:22 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2023-09-20 15:50:08 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Please update the question with the output of tshark -v. (pyshark is a "Python wrapper for tshark")

If there is an error message from the "does not work" please include it also.

Is it possible the opcua traffic is not on the default port or that the opcua port preference has been changed in the profile you are using?
9744: OPCUA Filter Doesn't Work

Chuckc's avatar Chuckc (2023-09-13 01:02:55 +0000) edit
more
  • delete

OPC UA is a C plugin and is loaded in a default Wireshark install, is it possible that pyshark isn't loading that plugin? Probably a question for pyshark support.

grahamb's avatar grahamb (2023-09-13 08:33:43 +0000) edit
more
  • delete
add a comment see more comments