This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to best feed packets to Wireshark from e.g. CAN

0

Hi all,

We have a logger that streams CAN bus messages from e.g. a CAR via a C program and a pipe into Wireshark. This works great, though we are experiencing some packet loss, in some cases significant.

Right now the C code handles one byte at a time, incl. testing what type of byte it is and then handling it accordingly. This is most likely the cause of losses as we miss packets that are close together.

Is there a best practice for how to handle this "packet feeding" into Wireshark? Would it e.g. be better to create a "buffer array" of incoming bytes, then handle these via another function to avoid the loss - or is there another generally applied best practice?

Thank you.

Best, Martin

asked 13 May '17, 08:23

mfcss's gravatar image

mfcss
217710
accept rate: 0%


One Answer:

0

The development version of Wireshark supports a mechanism known as Extcap that allows applications external to Wireshark to provide traffic to Wireshark.

See README.extcap, the Wiki Extcap development page (somewhat out of date) and the extcap man page that discusses the arguments supplied to extcap applications for more info.

answered 15 May '17, 03:53

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%