This is a static archive of our old Q&A Site. Please post any new questions and answers at

Logging CAN bus data to WS in Windows


I'd like to add CAN bus support to Wireshark under Windows (unfortunately), and I'm hoping someone can give me an idea where to start.

WS currently has a dissector for CAN (Controller Area Network) data - but I'm assuming that the source of the data is from the socketcan library (is that correct?) which is a patch to the Linux sockets stack.

I've got a USB CAN interface with a Windows driver, so I can get the live data very easily, but I'm trying to work out the best way to get that data into WS.
1. Should I be attempting to write my own driver, to pass the data to WS?
2. Is it a better idea to try to modify WinPCAP to collect the CAN data?
3. Am I trying to do something really dumb? As a newbie to WS (although not to programming), should I give up?

Any pointers gratefully accepted.

Thanks, Jon.

asked 21 Jun '12, 02:17

jonmills's gravatar image

accept rate: 0%

edited 21 Jun '12, 02:18

One Answer:


I'm assuming that the source of the data is from the socketcan library (is that correct?)

Yes, there is a dissector that uses SocketCAN. It's defined in the file: epan/packet-socketcan.c.

If you have to ability to write a driver, I would go that way on Windows, as there is no direct USB sniffer support right now (on windows).

One idea, would be to allow wireshark to read from a pipe. Your driver would access the CAN bus via USB and provide the data through a pipe. If you provide the data in a from the SocketCAN dissector understands (not sure if that's easy or even possible), you might be able to re-use that dissector.

Take a look at Wsbridge (Article about WSbridge) for an example of a disscetor with pipe support. You could do something similar.


answered 21 Jun '12, 23:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 22 Jun '12, 01:01

Thanks Kurt, I'll take a look at the named pipe idea.

(22 Jun '12, 01:01) jonmills