CheckOCPP is a Wireshark dissector for the Open Charge Point Protocol (OCPP). It provides an efficient and scalable solution for passive compliance audits by automatically detecting OCPP versions, validating message structures, and flagging non-compliant packets.
- Automatic OCPP version detection: Identifies whether captured traffic corresponds to OCPP 1.6, 2.0, or 2.0.1.
- Protocol compliance validation: Checks message structure and schema conformity.
- Non-compliant packet highlighting: Flags invalid packets to aid debugging and compliance verification.
- IPv4/IPv6 traffic distinction: Provides a visual indicator for OCPP packets transmitted over IPv4.
- Two dissector implementations:
- Single dissector: Processes OCPP packets without distinguishing between versions.
- Separate dissectors: Assigns a distinct dissector to each OCPP version for more precise analysis.
- Ensure you have Wireshark installed on your system.
- Modify the path to the schemas in the
.luafiles when theload_schemasfunction is called. - Use 'make install-single' or 'make install-multiple' to install the dissector.
- Restart Wireshark to load the dissector.
- Open Wireshark and start capturing network traffic.
- Apply the filter
ocppto isolate OCPP traffic if single dissector is installed. If not, search byocpp1.6,ocpp2.0, orocpp2.0.1. - Add the coloring rules.
- Expand the OCPP protocol details to inspect message type, message ID, and payload validation results.
- Look for highlighted packets to identify non-compliant or misconfigured OCPP messages.
- CheckOCPP only works with unencrypted traffic. If TLS is enabled, decryption keys are required.
- It only validates OCPP JSON version, not SOAP version.