Clarification regarding opcua protocol display filter

asked 2023-09-13 00:18:22 +0000

updated 2023-09-20 15:50:08 +0000

cmaynard gravatar image

Hello,

I am writing to ask about the underlying query used to apply the display filter of opcua protocol in wireshark GUI. I wish to replicate the same functionality via Python using pyshark i.e I wish to use the display filter as it is in wireshark but pyshark doesn't support opcua protocol display filter out of the box. Thus, I want to know how wireshark applies this filter so that I can do the same programmatically.

works -> data = pyshark.FileCapture(pcap_file, display_filter="tcp")

does not work -> data = pyshark.FileCapture(pcap_file, display_filter="opcua")

edit retag flag offensive close merge delete

Comments

Please update the question with the output of tshark -v. (pyshark is a "Python wrapper for tshark")

If there is an error message from the "does not work" please include it also.

Is it possible the opcua traffic is not on the default port or that the opcua port preference has been changed in the profile you are using?
9744: OPCUA Filter Doesn't Work

Chuckc gravatar imageChuckc ( 2023-09-13 01:02:55 +0000 )edit

OPC UA is a C plugin and is loaded in a default Wireshark install, is it possible that pyshark isn't loading that plugin? Probably a question for pyshark support.

grahamb gravatar imagegrahamb ( 2023-09-13 08:33:43 +0000 )edit