This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi

I'm using a pipe to send CAN data to Wireshark and would like to use the socketCAN dissector to interpret the data. The question is how I should send the data for socketCAN to interpret it correctly?

I am using the C# example from https://wiki.wireshark.org/CaptureSetup/Pipes to pipe the data. I have set the data link type in the global header to 125 which should be the socketCAN number ( https://github.com/wireshark/wireshark/blob/master/wiretap/wtap.h ). When I send some dummy data to Wireshark the protocol is listed as UNKNOWN and not CAN. I guess this is because the structure or length of the data is not correct. Do You know if that's true?

I have looked at the socketCAN dissector file ( https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-socketcan.c ) but still have not been able to format the data correctly.

Hope that someone is able to provide some guidance.

asked 12 Feb, 12:35

Degnemose's gravatar image

Degnemose
11115
accept rate: 0%

edited 16 Feb, 06:30


You're writing PCAP headers, so you'll need to use PCAP defined link layer types. For socketCAN this is 227, which is translated into the Wiretap library's corresponding value of .... 125.

permanent link

answered 16 Feb, 06:58

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

You might also want to look into extcap, this "formalises" the pipe style interface such that the extcap plugins show up in the interface list and can be passed configuration parameters.

(16 Feb, 07:05) grahamb ♦

Thanks Jaap, that seems to do it for me. Now the protocol shows as CAN and the data structure is clear from the frame interpretation. The first 4 bytes are 3 flag bits and 29 id bits. Then 4 bytes where the first byte is the data length (the remaining 3 bytes seems to be ignored). Finally the data bytes follows.

Also thank you for the tip grahamb, I will look into that.

(16 Feb, 10:31) Degnemose
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×37
×2

question asked: 12 Feb, 12:35

question was seen: 418 times

last updated: 16 Feb, 10:46

p​o​w​e​r​e​d by O​S​Q​A