/*********************************************************************************

 *                        tshark CAN协议分析初试

 * 说明:

 *     使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN

 * 数据分析data部分都无法显示,目前不知道原因。

 *

 *                                              2018-2-5 深圳 宝安西乡 曾剑锋

 ********************************************************************************/

一、tshark help:

    [buildroot@root ~]#  tshark -h

    Running as user "root" and group "root". This could be dangerous.

    TShark (Wireshark) 2.2. (wireshark-2.2.)

    Dump and analyze network traffic.

    See https://www.wireshark.org for more information.

    Usage: tshark [options] ...

    Capture interface:

      -i <interface>           name or idx of interface (def: first non-loopback)

      -f <capture filter>      packet filter in libpcap filter syntax

      -s <snaplen>             packet snapshot length (def: )

      -p                       don't capture in promiscuous mode

      -I                       capture in monitor mode, if available

      -B <buffer size>         size of kernel buffer (def: 2MB)

      -y <link type>           link layer type (def: first appropriate)

      -D                       print list of interfaces and exit

      -L                       print list of link-layer types of iface and exit

    Capture stop conditions:

      -c <packet count>        stop after n packets (def: infinite)

      -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                               filesize:NUM - stop this file after NUM KB

                                  files:NUM - stop after NUM files

    Capture output:

      -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                               filesize:NUM - switch to next file after NUM KB

                                  files:NUM - ringbuffer: replace after NUM files

    Input file:

      -r <infile>              set the filename to read from (- to read from stdin)

    Processing:

      -                       perform a two-pass analysis

      -R <read filter>         packet Read filter in Wireshark display filter syntax

      -Y <display filter>      packet displaY filter in Wireshark display filter

                               syntax

      -n                       disable all name resolutions (def: all enabled)

      -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

      -d <layer_type>==<selector>,<decode_as_protocol> ...

                               "Decode As", see the man page for details

                               Example: tcp.port==,http

      -H <hosts file>          read a list of entries from a hosts file, which will

                               then be written to a capture file. (Implies -W n)

      --disable-protocol <proto_name>

                               disable dissection of proto_name

      --enable-heuristic <short_name>

                               enable dissection of heuristic protocol

      --disable-heuristic <short_name>

                               disable dissection of heuristic protocol

    Output:

      -w <outfile|->           write packets to a pcap-format file named "outfile"

                               (or to the standard output for "-")

      -C <config profile>      start with specified configuration profile

      -F <output file type>    set the output file type, default is pcapng

                               an empty "-F" option will list the file types

      -V                       add output of packet tree        (Packet Details)

      -O <protocols>           Only show packet details of these protocols, comma

                               separated

      -P                       print packet summary even when writing to a file

      -S <separator>           the line separator to print between packets

      -x                       add output of hex and ASCII dump (Packet Bytes)

      -T pdml|ps|psml|json|ek|text|fields

                               format of text output (def: text)

      -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected,

                               (e.g. "http tcp ip",

      -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                               _ws.col.Info)

                               this option can be repeated to print multiple fields

      -E<fieldsoption>=<value> set options for output when -Tfields selected:

         bom=y|n               print a UTF- BOM

         header=y|n            switch headers on and off

         separator=/t|/s|<char> select tab, space, printable character as separator

         occurrence=f|l|a      print first, last or all occurrences of each field

         aggregator=,|/s|<char> select comma, space, printable character as

                               aggregator

         quote=d|s|n           select double, single, no quotes for values

      -t a|ad|d|dd|e|r|u|ud    output format of time stamps (def: r: rel. to first)

      -u s|hms                 output format of seconds (def: s: seconds)

      -l                       flush standard output after each packet

      -q                       be more quiet on stdout (e.g. when using statistics)

      -Q                       only log true errors to stderr (quieter than -q)

      -g                       enable group read access on the output file(s)

      -W n                     Save extra information in the file, if supported.

                               n = write network address resolution information

      -X <key>:<value>         eXtension options, see the man page for details

      -U tap_name              PDUs export mode, see the man page for details

      -z <statistics>          various statistics, see the man page for details

      --capture-comment <comment>

                               add a capture comment to the newly created

                               output file (only for pcapng)

    Miscellaneous:

      -h                       display this help and exit

      -v                       display version info and exit

      -o <name>:<value> ...    override preference setting

      -K <keytab>              keytab file to use for kerberos decryption

      -G [report]              dump one of several available reports and exit

                               default report="fields"

                               use "-G ?" for more help

    WARNING: dumpcap will enable kernel BPF JIT compiler if available.

    You might want to reset it

    By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable"

    [buildroot@root ~]#

二、tshark支持协议查看:

    tshark -G protocols

三、vcan设置:

    sudo ip link add dev vcan0 type vcan

    sudo ip link set up vcan0

    candump vcan0

    canopend vcan0 -i  -s od4_storage -a od4_storage_auto

四、tshark抓包设备显示:

    [buildroot@root ~]#  sudo tshark -D

    Running as user "root" and group "root". This could be dangerous.

    . eth0

    . vcan0

    . any

    . lo (Loopback)

    . usbmon1

    . usbmon2

    . usbmon3

    . randpkt (Random packet generator)

    [buildroot@root ~]#

五、tshark vcan抓包:

    [buildroot@root ~]#  tshark -i vcan0

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

         0.000000000              ?              CAN  STD: 0x00000704   7f

         0.000023000              ?              CAN  STD: 0x00000704   7f

         1.001414667              ?              CAN  STD: 0x00000704   7f

         1.001437667              ?              CAN  STD: 0x00000704   7f

         2.001844334              ?              CAN  STD: 0x00000704   7f

         2.001867334              ?              CAN  STD: 0x00000704   7f

         3.002829334              ?              CAN  STD: 0x00000704   7f

         3.002850334              ?              CAN  STD: 0x00000704   7f

六、tshark vcan can协议解析:

    [buildroot@root ~]#  tshark -i vcan0 -O can

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

tshark CAN协议分析初试的更多相关文章

  1. Memcache的使用和协议分析详解

    Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...

  2. [转]Memcache的使用和协议分析详解

    Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...

  3. Google的Protobuf协议分析

    protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...

  4. 蓝牙协议分析(7)_BLE连接有关的技术分析

    转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...

  5. 协议分析TMP

    最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0,      所用到的TCP ...

  6. 协议分析 - DHCP协议解码详解

    协议分析 - DHCP协议解码详解 [DHCP协议简介]         DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...

  7. PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析

    Python黑帽编程1.5  使用Wireshark练习网络协议分析 1.5.0.1  本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...

  8. Thrift的TCompactProtocol紧凑型二进制协议分析

    Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...

  9. BT协议分析(1)—1.0协议

    简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer.   缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...

随机推荐

  1. Java中关键字this、super的含义及使用

    Java语言中this的含义及作用: 关键字this用来指向当前实例对象(内存里正在运行的哪个实例对象),它的另一作用是用来区分对象的成员变量与方法的形参. 关键字super指的是当前对象里边的父对象 ...

  2. 交互式shell编程

    FQ #!/usr/bin/env shxfce4-terminal -x sudo python ./local/proxy.py 连续执行 gnome-terminal -x bash -c &q ...

  3. QuickStart系列:docker部署之PostgreSQL

    mysql --> mariadb --> postgresql 官网简介 https://www.postgresql.org/ 使用的镜像名称 centos/postgresql-96 ...

  4. Saiku缓存处理(七)

    Saiku缓存处理方案 Saiku默认是从缓存中读取数据的(如果缓存中有数据的话),所以用户看到的数据不一定是最新的,如果需要看到最新的的数据需要手动刷新数据或者更改配置信息. Saiku获取实时数据 ...

  5. 【转】Java中static关键字用法总结

    1.     静态方法 通常,在一个类中定义一个方法为static,那就是说,无需本类的对象即可调用此方法 声明为static的方法有以下几条限制: · 它们仅能调用其他的static 方法. · 它 ...

  6. iPhoneX && iOS11 适配

    最近实在是蛮闲的,这都得益于苹果爸爸给力的审核,已经半个月了(委屈) 这个问题已经很久了,但是还是希望分享给各位,当然网上的教程的确很多: 1.automaticallyAdjustsScrollVi ...

  7. ADO.NET 连接池 Session 状态分析

    ADO.NET 中提供连接池避免 在业务操作中频繁打开,关闭连接. 当客户端释放连接后,连接池并未真正将数据库连接资源释放 , 而是根据连接字符串特征,将资源放到连接池中, 方便下次重用. 因此问题来 ...

  8. VSTO:使用C#开发Excel、Word【2】

    <Visual Studio Tools for Office: Using C# with Excel, Word, Outlook, and InfoPath >——By Eric C ...

  9. Linux如何从零开始搭建rsync服务器(centOS6)

    Step1:检查rsync是否已经安装 rmp -qa rsync 如果没有安装的话,通过yum install rsync -y   Step2:给rsync服务添加本地用户,用于管理本地目录. u ...

  10. Python基础学习(第4天)

    Python进阶 第1课:词典(dictionary) 1.词典可以存储多个元素,存储多个元素的对象称为容器(container) 第2课:文本文件的读取写入 1.打开一个文件,用对象来代表这个文件 ...