tshark CAN协议分析初试
/*********************************************************************************
* tshark CAN协议分析初试
* 说明:
* 使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN
* 数据分析data部分都无法显示,目前不知道原因。
*
* 2018-2-5 深圳 宝安西乡 曾剑锋
********************************************************************************/ 一、tshark help:
[buildroot@root ~]# tshark -h
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2. (wireshark-2.2.)
Dump and analyze network traffic.
See https://www.wireshark.org for more information. Usage: tshark [options] ... Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: )
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (- to read from stdin) Processing:
- perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==,http
-H <hosts file> read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
--disable-protocol <proto_name>
disable dissection of proto_name
--enable-heuristic <short_name>
enable dissection of heuristic protocol
--disable-heuristic <short_name>
disable dissection of heuristic protocol
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C <config profile> start with specified configuration profile
-F <output file type> set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O <protocols> Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S <separator> the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|json|ek|text|fields
format of text output (def: text)
-j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,
(e.g. "http tcp ip",
-e <field> field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
bom=y|n print a UTF- BOM
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-U tap_name PDUs export mode, see the man page for details
-z <statistics> various statistics, see the man page for details
--capture-comment <comment>
add a capture comment to the newly created
output file (only for pcapng) Miscellaneous:
-h display this help and exit
-v display version info and exit
-o <name>:<value> ... override preference setting
-K <keytab> keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help WARNING: dumpcap will enable kernel BPF JIT compiler if available.
You might want to reset it
By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" [buildroot@root ~]# 二、tshark支持协议查看:
tshark -G protocols 三、vcan设置:
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
candump vcan0
canopend vcan0 -i -s od4_storage -a od4_storage_auto 四、tshark抓包设备显示:
[buildroot@root ~]# sudo tshark -D
Running as user "root" and group "root". This could be dangerous.
. eth0
. vcan0
. any
. lo (Loopback)
. usbmon1
. usbmon2
. usbmon3
. randpkt (Random packet generator)
[buildroot@root ~]# 五、tshark vcan抓包:
[buildroot@root ~]# tshark -i vcan0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
0.000000000 ? CAN STD: 0x00000704 7f
0.000023000 ? CAN STD: 0x00000704 7f
1.001414667 ? CAN STD: 0x00000704 7f
1.001437667 ? CAN STD: 0x00000704 7f
2.001844334 ? CAN STD: 0x00000704 7f
2.001867334 ? CAN STD: 0x00000704 7f
3.002829334 ? CAN STD: 0x00000704 7f
3.002850334 ? CAN STD: 0x00000704 7f 六、tshark vcan can协议解析:
[buildroot@root ~]# tshark -i vcan0 -O can
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte) Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte)
tshark CAN协议分析初试的更多相关文章
- Memcache的使用和协议分析详解
Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...
- [转]Memcache的使用和协议分析详解
Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...
- Google的Protobuf协议分析
protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...
- 蓝牙协议分析(7)_BLE连接有关的技术分析
转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...
- 协议分析TMP
最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0, 所用到的TCP ...
- 协议分析 - DHCP协议解码详解
协议分析 - DHCP协议解码详解 [DHCP协议简介] DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- Thrift的TCompactProtocol紧凑型二进制协议分析
Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...
- BT协议分析(1)—1.0协议
简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer. 缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...
随机推荐
- Windows Visual Studio中修改PostgreSQL代码后调试报错
解决方法: 在源目录中重新install. D:\postgresql-9.6.0\src\tools\msvc>install E:\pg_install
- Linux下Tomcat项目启动报错
Linux下Tomcat项目启动报错 org.springframework.beans.factory.CannotLoadBeanClassException: Error loading cla ...
- 学习建一个spring-Mvc项目
学习建一个spring-Mvc项目 首先要有jdk1.8以上,spring,mybatis,以及整合jar包,tomcat ,然后配置环境(前面有配置得方法). 1)右键new project,--& ...
- 【转】C# string数组转int数组
//字符串数组(源数组) string[] sNums = new[] {"1", "2"}; //整型数组(目标数组) int[] iNums; //转换方法 ...
- activity和fragment之前运行的生命周期
1.activity生命周期 2.fragment的生命周期 3.对比图 4.测试代码 package com.goso.testapp; import android.app.Activity; i ...
- absolute 导致点击事件无效
方案一: 添加层数 z-index 方案二: 背景的透明度为0 background-color:#000; filter:alpha(opacity=0); opacity:0;
- learning ddr pagesize calculate
example: if DDR is 512MB*16*8 COLBITS = 10, A0-A9 be used for cloumn address. ORG = 16 , each bank ...
- 如何破解Visual studio 2013
1.打开VS2013点击菜单栏中的帮助,选择注册产品. 2.如下图所示,你就可以看到你的VS是不是试用版了,很显然,现在我的还是试用版,还有20天的使用期限. 3.如下图所示,点击更改我的产品许可证. ...
- angular4-常用指令
ngIf 指令(它与 AngularJS 1.x 中的 ng-if 指令的功能是等价) <div *ngIf="condition">...</div> n ...
- angular4-自定义组件
在 Angular 中,我们可以使用 {{}} 插值语法实现数据绑定. 新建组件 $ ng generate component simple-form --inline-template --inl ...