/*********************************************************************************

 *                        tshark CAN协议分析初试

 * 说明:

 *     使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN

 * 数据分析data部分都无法显示,目前不知道原因。

 *

 *                                              2018-2-5 深圳 宝安西乡 曾剑锋

 ********************************************************************************/

一、tshark help:

    [buildroot@root ~]#  tshark -h

    Running as user "root" and group "root". This could be dangerous.

    TShark (Wireshark) 2.2. (wireshark-2.2.)

    Dump and analyze network traffic.

    See https://www.wireshark.org for more information.

    Usage: tshark [options] ...

    Capture interface:

      -i <interface>           name or idx of interface (def: first non-loopback)

      -f <capture filter>      packet filter in libpcap filter syntax

      -s <snaplen>             packet snapshot length (def: )

      -p                       don't capture in promiscuous mode

      -I                       capture in monitor mode, if available

      -B <buffer size>         size of kernel buffer (def: 2MB)

      -y <link type>           link layer type (def: first appropriate)

      -D                       print list of interfaces and exit

      -L                       print list of link-layer types of iface and exit

    Capture stop conditions:

      -c <packet count>        stop after n packets (def: infinite)

      -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                               filesize:NUM - stop this file after NUM KB

                                  files:NUM - stop after NUM files

    Capture output:

      -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                               filesize:NUM - switch to next file after NUM KB

                                  files:NUM - ringbuffer: replace after NUM files

    Input file:

      -r <infile>              set the filename to read from (- to read from stdin)

    Processing:

      -                       perform a two-pass analysis

      -R <read filter>         packet Read filter in Wireshark display filter syntax

      -Y <display filter>      packet displaY filter in Wireshark display filter

                               syntax

      -n                       disable all name resolutions (def: all enabled)

      -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

      -d <layer_type>==<selector>,<decode_as_protocol> ...

                               "Decode As", see the man page for details

                               Example: tcp.port==,http

      -H <hosts file>          read a list of entries from a hosts file, which will

                               then be written to a capture file. (Implies -W n)

      --disable-protocol <proto_name>

                               disable dissection of proto_name

      --enable-heuristic <short_name>

                               enable dissection of heuristic protocol

      --disable-heuristic <short_name>

                               disable dissection of heuristic protocol

    Output:

      -w <outfile|->           write packets to a pcap-format file named "outfile"

                               (or to the standard output for "-")

      -C <config profile>      start with specified configuration profile

      -F <output file type>    set the output file type, default is pcapng

                               an empty "-F" option will list the file types

      -V                       add output of packet tree        (Packet Details)

      -O <protocols>           Only show packet details of these protocols, comma

                               separated

      -P                       print packet summary even when writing to a file

      -S <separator>           the line separator to print between packets

      -x                       add output of hex and ASCII dump (Packet Bytes)

      -T pdml|ps|psml|json|ek|text|fields

                               format of text output (def: text)

      -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected,

                               (e.g. "http tcp ip",

      -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                               _ws.col.Info)

                               this option can be repeated to print multiple fields

      -E<fieldsoption>=<value> set options for output when -Tfields selected:

         bom=y|n               print a UTF- BOM

         header=y|n            switch headers on and off

         separator=/t|/s|<char> select tab, space, printable character as separator

         occurrence=f|l|a      print first, last or all occurrences of each field

         aggregator=,|/s|<char> select comma, space, printable character as

                               aggregator

         quote=d|s|n           select double, single, no quotes for values

      -t a|ad|d|dd|e|r|u|ud    output format of time stamps (def: r: rel. to first)

      -u s|hms                 output format of seconds (def: s: seconds)

      -l                       flush standard output after each packet

      -q                       be more quiet on stdout (e.g. when using statistics)

      -Q                       only log true errors to stderr (quieter than -q)

      -g                       enable group read access on the output file(s)

      -W n                     Save extra information in the file, if supported.

                               n = write network address resolution information

      -X <key>:<value>         eXtension options, see the man page for details

      -U tap_name              PDUs export mode, see the man page for details

      -z <statistics>          various statistics, see the man page for details

      --capture-comment <comment>

                               add a capture comment to the newly created

                               output file (only for pcapng)

    Miscellaneous:

      -h                       display this help and exit

      -v                       display version info and exit

      -o <name>:<value> ...    override preference setting

      -K <keytab>              keytab file to use for kerberos decryption

      -G [report]              dump one of several available reports and exit

                               default report="fields"

                               use "-G ?" for more help

    WARNING: dumpcap will enable kernel BPF JIT compiler if available.

    You might want to reset it

    By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable"

    [buildroot@root ~]#

二、tshark支持协议查看:

    tshark -G protocols

三、vcan设置:

    sudo ip link add dev vcan0 type vcan

    sudo ip link set up vcan0

    candump vcan0

    canopend vcan0 -i  -s od4_storage -a od4_storage_auto

四、tshark抓包设备显示:

    [buildroot@root ~]#  sudo tshark -D

    Running as user "root" and group "root". This could be dangerous.

    . eth0

    . vcan0

    . any

    . lo (Loopback)

    . usbmon1

    . usbmon2

    . usbmon3

    . randpkt (Random packet generator)

    [buildroot@root ~]#

五、tshark vcan抓包:

    [buildroot@root ~]#  tshark -i vcan0

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

         0.000000000              ?              CAN  STD: 0x00000704   7f

         0.000023000              ?              CAN  STD: 0x00000704   7f

         1.001414667              ?              CAN  STD: 0x00000704   7f

         1.001437667              ?              CAN  STD: 0x00000704   7f

         2.001844334              ?              CAN  STD: 0x00000704   7f

         2.001867334              ?              CAN  STD: 0x00000704   7f

         3.002829334              ?              CAN  STD: 0x00000704   7f

         3.002850334              ?              CAN  STD: 0x00000704   7f

六、tshark vcan can协议解析:

    [buildroot@root ~]#  tshark -i vcan0 -O can

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

tshark CAN协议分析初试的更多相关文章

  1. Memcache的使用和协议分析详解

    Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...

  2. [转]Memcache的使用和协议分析详解

    Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...

  3. Google的Protobuf协议分析

    protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...

  4. 蓝牙协议分析(7)_BLE连接有关的技术分析

    转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...

  5. 协议分析TMP

    最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0,      所用到的TCP ...

  6. 协议分析 - DHCP协议解码详解

    协议分析 - DHCP协议解码详解 [DHCP协议简介]         DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...

  7. PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析

    Python黑帽编程1.5  使用Wireshark练习网络协议分析 1.5.0.1  本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...

  8. Thrift的TCompactProtocol紧凑型二进制协议分析

    Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...

  9. BT协议分析(1)—1.0协议

    简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer.   缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...

随机推荐

  1. Python装饰器--decorator

    装饰器 装饰器实质是一个函数,其作用就是在不改动其它函数代码的情况下,增加一些功能.如果我们需要打印函数调用前后日志,可以这么做 def log(func): print('%s is running ...

  2. #pragma 处理警告 clang diagnostic 的使用

    首先#pragma在本质上是声明,常用的功能就是注释,尤其是给Code分段注释:而且它还有另一个强大的功能是处理编译器警告,但却没有上一个功能用的那么多. clang diagnostic 是#pra ...

  3. mfscli的使用方法(解决mfscgi响应慢的问题)

    在moosefs中,mfscgi是一个python写的server程序,其中的数据是调用同样的python工具mfscli实现的. 每当用浏览器打开mfscgi的时候,它要把所有的表数据请求一遍,非常 ...

  4. Web应用的统一异常处理(二十四)

    我们在做Web应用的时候,请求处理过程中发生错误是非常常见的情况.Spring Boot提供了一个默认的映射:/error,当处理中抛出异常之后,会转到该请求中处理,并且该请求有一个全局的错误页面用来 ...

  5. Java IO流01-总叙

     Java IO包体系结构图: 1.流式部分――IO的主体部分: 2.非流式部分——主要包含一些辅助流式部分的类,如:File类.RandomAccessFile类和FileDescriptor等类: ...

  6. laravel中的plicy授权方法:

    1.用命令新建policy: php artisan make:policy PostPolicy 2.在app/Policies/PostPolicy.php中添加处理文件的权限的方法: //修改: ...

  7. html <iframe>介绍

    iframe 元素会创建包含另外一个文档的内联框架 属性 值 描述 align left.right.top.middle.bottom 不赞成使用.请使用样式代替.规定如何根据周围的元素来对齐此框架 ...

  8. C# [IPA]IOS In App Purchase(内购)验证(asp.net 版本)

    之前没有做过IOS 内购服务器验证这块,所以找了不少参考资料,网上大多php和java版本,然后自己搞了一个C#版本,希望能给大家一些参考,下面步入正题 在客户端向苹果购买成功之后,我们需要进行二次验 ...

  9. bzoj1692

    题解: 二分最近的不相同 然后hash判断是否相同 然后贪心 代码: #include<bits/stdc++.h> using namespace std; #define ull un ...

  10. vue-5-列表渲染

    一个数组的v-for<ul id="example-1"> <li v-for="item in items"> {{ item.mes ...