Hi, On Wed, 2009-11-25 at 08:29 +0100, Speck Michael EHWG AVL/GAE wrote: > capturing and decoding CAN messages using Wireshark would be a great > help. I thought about this when I first heard about the new CAN socket > implementations, unfortunately, I didn't find the time to dig deeper > into this by myself. What's about you?
I faced the support of SocketCAN in Wireshark. The current state is, that a patch for libpcap is submitted to the sf bug tracker, that enables pcap to capture frames from such interfaces: http://sourceforge.net/tracker/?func=detail&aid=2872132&group_id=53067&atid=469579 The patch can be verified with tcpdump: http://sourceforge.net/tracker/?func=detail&aid=2876645&group_id=53066&atid=469575 With this enhancement it's quite easy to extended WS to detect CAN frames cause of the DLT (on Unix boxes of course) My prototype Wireshark dissector for SocketCAN is working quite well, but I did not yet find the time to clean up and submit here. Hope to do so this weekend. Furthermore there are some considerations to do e.g: is the ID the source or destination ;-) > Dissecting CAN messages could be a bit tricky because there are several > higher level protocols (for example: CANopen, NMT, LSS, etc...) How to > distinguish them? Could this be done automatically (by a smart > dissector) or should users configure (maybe by preference options) which > protocol to use? Yes. Tricky. I thought about dissecting the ID for specific pattern to detect J1939. Maybe some usefull combination of ID "content" and the databytes can be figured out. Cheers, Felix ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
