How can I reassemble OPC data PDUs in wireshark? am
I am trying to analyze flows between an OPC server and a Pi Interface server to see where a specific tag may be getting dropped on the network (or to prove that it isn't), but the OPC data is riding over TCP packets and split between several packets. I have turned on TCP reassembly, but there is no option under OPC to reassemble the PDUs.
There are two pcaps attached to this issue - #8068 Chunking support for OPCUA
They are using ports 4842 and 4845 for OpcUa.
Can you look at one or both to see if the results are different than what you see in your capture?
Wireshark version? And I assume this is indeed OPC UA and not OPC Classic?
This is the first time I have had to work with OPC data so I was not familiar with the different versions. When I saw the OPC UA protocol options, I just assumed that was it. However, after doing a bit more research, this system is actually using OPC Classic and it appears the data is using the DCERPC protocol. Any ideas how to read this data in wireshark? There are also a lot of frames with the error stating malformed packet: length of contained item exceeds the length of containing item.