ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Capturing CAN packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Joakim Wiberg <jow@xxxxxx>
Date: Mon, 23 Apr 2012 15:43:50 +0000

Hi,

 

My understanding is that the socketcan part only works on Linux. The attempt here was to create a Windows application captures the CAN frames and hands them over to Wireshark. The packets could be passed directly on to packet-socketcan.c (and then later to packet-canopen.c) if there were a way to tag the packets as socketcan packets.

 

Who should the packets be “tagged” in order to be picked up the following from the packet-socketcan.c=

 

                dissector_add_uint("wtap_encap", WTAP_ENCAP_SOCKETCAN, can_handle);

                dissector_add_uint("sll.ltype", LINUX_SLL_P_CAN, can_handle);

 

Thanks,

Joakim

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: den 23 april 2012 17:21
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Capturing CAN packets

 

Hi,

How does this relate to the existing dissectors packet-socketcan.c and packet-canopen.c ?

Regards

Anders

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Joakim Wiberg
Sent: den 23 april 2012 17:13
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Capturing CAN packets

Hi,

 

We have some interns that have written a dissector for CAN and is also have the possibility do dissect protocols running on CAN. To capture the CAN packets special hardware is required, for now they have a simple app that reads the CAN packets and encapsulates them into an Ethernet frame and passes it on to a NIC.

 

Today the CAN data is encapsulated as a in the 802.3 frames using the SNAP header on an unregistered oui. This is a similar to how BACnet MS/TP frames are captured on RS-485 and passes them on to Wireshark.

 

Is this CAN dissector that you could consider adding to Wireshark? If yes what would be the preferable way to encapsulate the CAN frames to have them passed on to Wireshark?

 

Thanks,

Joakim

 


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube