tshark CAN协议分析初试
/*********************************************************************************
* tshark CAN协议分析初试
* 说明:
* 使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN
* 数据分析data部分都无法显示,目前不知道原因。
*
* 2018-2-5 深圳 宝安西乡 曾剑锋
********************************************************************************/ 一、tshark help:
[buildroot@root ~]# tshark -h
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2. (wireshark-2.2.)
Dump and analyze network traffic.
See https://www.wireshark.org for more information. Usage: tshark [options] ... Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: )
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (- to read from stdin) Processing:
- perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==,http
-H <hosts file> read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
--disable-protocol <proto_name>
disable dissection of proto_name
--enable-heuristic <short_name>
enable dissection of heuristic protocol
--disable-heuristic <short_name>
disable dissection of heuristic protocol
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C <config profile> start with specified configuration profile
-F <output file type> set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O <protocols> Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S <separator> the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|json|ek|text|fields
format of text output (def: text)
-j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,
(e.g. "http tcp ip",
-e <field> field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
bom=y|n print a UTF- BOM
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-U tap_name PDUs export mode, see the man page for details
-z <statistics> various statistics, see the man page for details
--capture-comment <comment>
add a capture comment to the newly created
output file (only for pcapng) Miscellaneous:
-h display this help and exit
-v display version info and exit
-o <name>:<value> ... override preference setting
-K <keytab> keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help WARNING: dumpcap will enable kernel BPF JIT compiler if available.
You might want to reset it
By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" [buildroot@root ~]# 二、tshark支持协议查看:
tshark -G protocols 三、vcan设置:
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
candump vcan0
canopend vcan0 -i -s od4_storage -a od4_storage_auto 四、tshark抓包设备显示:
[buildroot@root ~]# sudo tshark -D
Running as user "root" and group "root". This could be dangerous.
. eth0
. vcan0
. any
. lo (Loopback)
. usbmon1
. usbmon2
. usbmon3
. randpkt (Random packet generator)
[buildroot@root ~]# 五、tshark vcan抓包:
[buildroot@root ~]# tshark -i vcan0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
0.000000000 ? CAN STD: 0x00000704 7f
0.000023000 ? CAN STD: 0x00000704 7f
1.001414667 ? CAN STD: 0x00000704 7f
1.001437667 ? CAN STD: 0x00000704 7f
2.001844334 ? CAN STD: 0x00000704 7f
2.001867334 ? CAN STD: 0x00000704 7f
3.002829334 ? CAN STD: 0x00000704 7f
3.002850334 ? CAN STD: 0x00000704 7f 六、tshark vcan can协议解析:
[buildroot@root ~]# tshark -i vcan0 -O can
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte) Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte)
tshark CAN协议分析初试的更多相关文章
- Memcache的使用和协议分析详解
Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...
- [转]Memcache的使用和协议分析详解
Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...
- Google的Protobuf协议分析
protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...
- 蓝牙协议分析(7)_BLE连接有关的技术分析
转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...
- 协议分析TMP
最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0, 所用到的TCP ...
- 协议分析 - DHCP协议解码详解
协议分析 - DHCP协议解码详解 [DHCP协议简介] DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- Thrift的TCompactProtocol紧凑型二进制协议分析
Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...
- BT协议分析(1)—1.0协议
简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer. 缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...
随机推荐
- [luogu P3628] [APIO2010]特别行动队
[luogu P3628] [APIO2010]特别行动队 题目描述 你有一支由 n 名预备役士兵组成的部队,士兵从 1 到 n 编号,要将他们拆分 成若干特别行动队调入战场.出于默契的考虑,同一支特 ...
- Qt Widgets——抽象旋转框及其继承类
默认外观分别如下(win7,与上述顺序对应): 可看出,都是由一个可编辑的文本框及右端小箭头组成 QAbstractSpinBox 属性简单解释如下: Properties accelerated : ...
- Chargen UDP服务远程拒绝服务攻击漏洞修复教程
一.前置说明 chargen服务最初设计用于测试网络状态,监听19端口(包括TCP和UDP),其中UDP协议存在“Chargen UDP服务远程拒绝服务攻击漏洞”. chargen一般不会使用,所以直 ...
- oracle配置访问白名单教程
出于提高数据安全性等目地,我们可能想要对oracle的访问进行限制,允许一些IP连接数据库或拒绝一些IP访问数据库. 当然使用iptables也能达到限制的目地,但是从监听端口变更限制仍可生效.只针对 ...
- openssh允许root用户登录
openssh默认是不允许root用户登录的,未改配置直接以正确的root账号密码登录会提示用户名密码错误之类. 好消息是openssh配置十分清晰,基本所有的服务端配置都在/etc/ssh/sshd ...
- api资源
转:https://blog.csdn.net/qq_37187976/article/details/79160050
- Tomcat压缩传输设置
1.配置位于server.xml文件中的Connector节点下,具体参数如下: 参数 默认值 参数说明 compression off 是否开启压缩传输 compressableMimeType t ...
- Vue--项目开发之实现tabbar功能来学习单文件组件1
创建好一个Vue项目后,我们进入项目里,点开src文件下的components文件里的helloworld.vue 文件.清空初始数据.然后开始编写. 一个.vue文件初始格式为以下三部分(组件三部曲 ...
- WPF客户端实现.net升级
客户端.net版本由3.5升级到4.5,首先把.net4.5的离线安装包添加到资源,程序运行的时候,从资源中生成离线安装包,并通过传递参数的方式执行静默安装命令,具体代码如下: private sta ...
- java的八大排序
public class Sort2 { public static void main(String[] args) { Sort2 sort = new Sort2(); System.out.p ...