Re: Capture / decode 'CAN' messages ?

[Felix Obenhuber <felix () obenhuber de>]

Hi,

On Wed, 2009-11-25 at 08:29 +0100, Speck Michael EHWG AVL/GAE wrote:
> capturing and decoding CAN messages using Wireshark would be a great
> help. I thought about this when I first heard about the new CAN socket
> implementations, unfortunately, I didn't find the time to dig deeper
> into this by myself. What's about you?

I faced the support of SocketCAN in Wireshark. The current state is,
that a patch for libpcap is submitted to the sf bug tracker, that
enables pcap to capture frames from such interfaces:

http://sourceforge.net/tracker/?func=detail&aid=2872132&group_id=53067&atid=469579

The patch can be verified with tcpdump:
http://sourceforge.net/tracker/?func=detail&aid=2876645&group_id=53066&atid=469575

With this enhancement it's quite easy to extended WS to detect CAN
frames cause of the DLT (on Unix boxes of course)

My prototype Wireshark dissector for SocketCAN is working quite well,
but I did not yet find the time to clean up and submit here. Hope to do
so this weekend. Furthermore there are some considerations to do e.g: is
the ID the source or destination ;-)

> Dissecting CAN messages could be a bit tricky because there are several
> higher level protocols (for example: CANopen, NMT, LSS, etc...) How to
> distinguish them? Could this be done automatically (by a smart
> dissector) or should users configure (maybe by preference options) which
> protocol to use?

Yes. Tricky. I thought about dissecting the ID for specific pattern to
detect J1939. Maybe some usefull combination of ID "content" and the
databytes can be figured out.

Cheers,

Felix



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe