C++ Based OPC UA Client/Server/PubSub SDK

Using Wireshark to Analyze OPC UA Binary Protocol

This section describes how to use Wireshark for OPC UA protocol analyzing.

First you need to install Wireshark. The source code as well as binary installers for Windows and Mac OS X are available at http://www.wireshark.org/download.html.

How to Use Wireshark

To use Wireshark, follow these steps:

  • install Wireshark and follow the on-screen instructions
  • start Wireshark
  • configure the Protocol Preferences (add Ports you want to capture)
  • select your network card
  • configure the Capture Filter
  • start capturing

If you now start your OPC UA Server and connect with your Client, you will capture all service calls on the network. After performing the actions you want to capture, stop the Wireshark capturing. You can now set “Display Filters” to reduce the view and all the captured information.


First set the OPC UA ports you want to capture by setting the Wireshark Preferences. Choose “Edit” → “Preferences” from the menu. Select “Protocols” from the tree and scroll down to OpcUa. Enter all the ports you need separated by a comma (see screenshot) and confirm with “Apply”.

Set Port Numbers

Click on “Capture Options” in the main window.

Capture Options

If necessary, select the network interface for capturing.

To reduce the amount of data collected, set a capture filter to “tcp” or a specific port, e.g. “tcp port 4841” (see screenshot), and start capturing by clicking on “Start”. Then perform the actions you want to capture.

Set Capture Filter

The result is displayed in the main window having three horizontal sections. The first upper section shows the individual telegram including timestamp and direction (source to destination). To show only OPC UA related packages, enter “opcua” at “Filter”. On selecting a certain message its content is expanded in the window below. In the example you can see a response sent from the server to the client that was returned on a call of the Browse Service. The content of all objects can be decoded. In addition, the lowest window pane shows the hexadecimal view for the selected item.

Decoded Browse Response

Wireshark Issue: Lots of Checksum Errors due to TCP Checksum Offloading

When using a newer network interface card, you may notice a lot of checksum errors while capturing (see the following screenshot) caused by TCP checksum offloading (see the Wireshark wiki for more information).

TCP Offloading Error

To suppress these errors, you have to disable TCP checksum validation. Choose “Edit” → “Preferences” from the menu, select “Protocols” → “TCP” from the tree and uncheck the box at “Validate the TCP checksum if possible” (see screenshot).

Disable TCP Checksum Validation

Using the Trace Functionality

The SDK comes with a built-in tracing mechanism.

Server Trace

The Server Trace can be enabled/configured using the INI or XML configuration file described in Server Configuration. The related configuration options can be found here (XML configuration file) and here (INI configuration file).

Client Trace

The client trace can be activated using the following code snippet:

/* Activate client trace*/
LibT::initTrace( UaTrace::Data, 10000, 5, "uaclient.log", "sample client");
/* Set Trace Settings for stack*/
UaPlatformLayer::changeTraceSettings(OpcUa_True, OPCUA_TRACE_OUTPUT_LEVEL_ALL);
static void changeTraceSettings(OpcUa_Boolean bTraceEnabled, OpcUa_UInt32 uTraceLevel)
Change default trace settings.
Definition: uaplatformlayer.cpp:119
static long initTrace(TraceLevel traceLevel, unsigned int maxTraceEntries, unsigned int NumBackupFiles, const UaString &traceFile, const UaString &appName)
Initialize the trace.
Definition: uatrace.cpp:84
@ Data
Definition: uatrace.h:57

More information can be found in the class documentation: