On Feb 16, 2009, at 11:47 PM, Németh Márton wrote:
does Wireshark currently support the Controller Area Network (CAN)
[1] ?
There is a pcap DLT_ value assigned to CAN 2.0:
/*
* Controller Area Network (CAN) v. 2.0B packets.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx>.
* Used to dump CAN packets coming from a CAN Vector board.
* More documentation on the CAN v2.0B frames can be found at
* http://www.can-cia.org/downloads/?269
*/
#define DLT_CAN20B 190
and the Wiretap library in Wireshark maps that to WTAP_ENCAP_CAN20B.
However, there aren't any dissectors in the Wireshark source for CAN.
Gianluca, are there any Wireshark dissectors for CAN? And what is the
form of a packet with that link-layer type? That URL is a broken link.
In order for Wireshark to *capture* CAN traffic, there would have to
be support for it in libpcap.
In Linux kernel the PF_CAN protocol is already supported [2], so I
guess this
would be technically possible.
Is there a way in which you can "sniff" CAN traffic on Linux - "sniff"
meaning "passively watch CAN traffic to and from the Linux box",
rather than opening a socket to actively send and receive traffic?
That's what would be required for libpcap support.