Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Capturing CAN packets

From: Felix Obenhuber <felix@xxxxxxxxxxxx>
Date: Mon, 23 Apr 2012 19:05:36 +0200
Hi,

On Mon, Apr 23, 2012 at 5:43 PM, Joakim Wiberg <jow@xxxxxx> wrote:
> My understanding is that the socketcan part only works on Linux. The attempt
> here was to create a Windows application captures the CAN frames and hands
> them over to Wireshark. The packets could be passed directly on to
> packet-socketcan.c (and then later to packet-canopen.c) if there were a way
> to tag the packets as socketcan packets.

Yes, SocketCAN runs on Linux only.

Maybe a dedicated CAN dissector ( e.g packet-can.c) with it's own
format (or why not take the very well designed SocktCAN format?) might
be a good idea for a clear design. This CAN dissector is served by the
SocketCAN dissector and your Windows CAN implementation.
The CanOpen (and other high level protocols like J1939) dissectors
hook up on the CAN dissector.

Please note that the the data format that is used within the SocketCAN
dissector is declared in the SocketCAN implementation (e.g struct
can_frame and the bits coded into the id field). Furthermore SocketCAN
defines a full set error codes that are indicated by the error flag in
the id and transmitted in the data bytes.

Here you can find the corresponding headers with some details about SocketCAN:

https://gitorious.org/linux-can/linux-can/blobs/master/include/linux/can.h
https://gitorious.org/linux-can/linux-can/trees/master/include/linux/can/

cheers,

Felix