This is our old Q&A Site. Please post any new questions and answers at

Hi all,

We have a logger that streams CAN bus messages from e.g. a CAR via a C program and a pipe into Wireshark. This works great, though we are experiencing some packet loss, in some cases significant.

Right now the C code handles one byte at a time, incl. testing what type of byte it is and then handling it accordingly. This is most likely the cause of losses as we miss packets that are close together.

Is there a best practice for how to handle this "packet feeding" into Wireshark? Would it e.g. be better to create a "buffer array" of incoming bytes, then handle these via another function to avoid the loss - or is there another generally applied best practice?

Thank you.

Best, Martin

asked 13 May '17, 08:23

mfcss's gravatar image

accept rate: 0%

The development version of Wireshark supports a mechanism known as Extcap that allows applications external to Wireshark to provide traffic to Wireshark.

See README.extcap, the Wiki Extcap development page (somewhat out of date) and the extcap man page that discusses the arguments supplied to extcap applications for more info.

permanent link

answered 15 May '17, 03:53

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 13 May '17, 08:23

question was seen: 860 times

last updated: 15 May '17, 03:53

p​o​w​e​r​e​d by O​S​Q​A