FAQ: How can I create long term Wireshark sniffs?
In this example it will be used OPC UA protocol as example to show how to use and configure a long term Wireshark captures. This is the best option when troubleshooting a connectivity/network issue occurring sporadically and it is not possible to establish the time of a specific event(s) under investigation.
The configuration presented below also prevents host Operating System and Computer from running out of resources (e.g., CPU and memory) as in this mode the list of packets are not shown and updated in real-time during the capture in Wireshark user interface but written to a collection of files (ring-buffer). Also the packets collected are explicitly set in the Capture filter preventing the capture from growing very quickly and widening its time frame - also other communications are not captured keeping those private during analysis.
- Start Wireshark and open Options dialog.
- In Input tab, select the network adapter used to communicate with the target OPC UA Client.
- In Input tab, add the capture filter: 'tcp port 4810'. ( = Listening TCP port of the OPC UA Server running in the local machine).
- In Output tab enter the following configuration (or similar):
- In Options tab, make sure "Update list of packets in real-time" is disabled. Note: This is very important to prevent memory and CPU continuous increase when collecting the protocol sniff.
- Press Start button to start the capture and leave Wireshark running.
- Stop the capture when you finish the long-term sniff. Collect the files generated during the time the capture was running.
If you have any question, doubt or suggestion about this FAQ please contact your local COPA-DATA Representative.
Related Articles
Compatibility of zenon with Windows versions from LTSB/LTSC to Enterprise IoT.
zenon is a software platform that enables industrial automation and digital transformation. It supports various Windows versions. The standard General Availability Channel (GAC), the long-term servicing channel (LTSC) and the enterprise Internet of ...FAQ: How can I create a Performance Monitor Log file?
Windows Performance Monitor can be used and configured to record in the background Windows processes' performance counters and Operating System resources usage on the long run. Windows Performance Monitor logs are useful when troubleshooting system ...FAQ: How can I browse an OPC UA Server using the zenon OPC UA Client Driver?
Go to Drivers > New Driver Create a Driver of Type "OPC UA Client Driver" Open the Driver Configuration Go to "Connections" Create a new Connection Enter your Discovery URL Enter your Server URL manually or click the 3 dots to browse the Discovery ...FAQ: Historian configuration general recommendations
1. Recommendation on hardware: Storage Memory CPU - SSD (Solid-State Drive). - Disk space capacity as detailed in the attached Excel sheet outputs. - RAM required to load the archive data is about 4 times greater the size of the respective ARX files. ...Starting the runtime the part "Create alternate archives" takes long time.
Summary Starting the runtime the part "Create alternate archives" takes long time. The messagebox "checking archive " is displayed many times for each archive. DescriptionStarting the runtime the part "Create alternate archives" takes long time. The ...