Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Controller Area Network (CAN) + Wireshark?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Tue, 17 Feb 2009 09:04:56 -0800
----- Original Message ----- From: "Guy Harris" <guy@xxxxxxxxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tuesday, February 17, 2009 1:55 AM
Subject: Re: [Wireshark-dev] Controller Area Network (CAN) + Wireshark?



On Feb 16, 2009, at 11:47 PM, N�meth M�rton wrote:


does Wireshark currently support the Controller Area Network (CAN)
[1] ?


There is a pcap DLT_ value assigned to CAN 2.0:

/*
* Controller Area Network (CAN) v. 2.0B packets.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx>.
* Used to dump CAN packets coming from a CAN Vector board.
* More documentation on the CAN v2.0B frames can be found at
* http://www.can-cia.org/downloads/?269
*/
#define DLT_CAN20B              190

and the Wiretap library in Wireshark maps that to WTAP_ENCAP_CAN20B.

However, there aren't any dissectors in the Wireshark source for CAN.
Gianluca, are there any Wireshark dissectors for CAN?  And what is the
form of a packet with that link-layer type?  That URL is a broken link.

--GV--
Unless someone committed some dissector for CAN, noone here at CACE developed any dissector for CAN. 
An updated version of that document should be this one
http://www.can-cia.org/fileadmin/cia/specifications/CAN20B.pdf
(The person who was working on the CAN stuff here at CACE left, so I'm not 100% sure). 

Have a nice day
GV





In order for Wireshark to *capture* CAN traffic, there would have to
be support for it in libpcap.


In Linux kernel the PF_CAN protocol is already supported [2], so I
guess this
would be technically possible.


Is there a way in which you can "sniff" CAN traffic on Linux - "sniff"
meaning "passively watch CAN traffic to and from the Linux box",
rather than opening a socket to actively send and receive traffic?
That's what would be required for libpcap support.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube