tshark CAN协议分析初试
/*********************************************************************************
* tshark CAN协议分析初试
* 说明:
* 使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN
* 数据分析data部分都无法显示,目前不知道原因。
*
* 2018-2-5 深圳 宝安西乡 曾剑锋
********************************************************************************/ 一、tshark help:
[buildroot@root ~]# tshark -h
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2. (wireshark-2.2.)
Dump and analyze network traffic.
See https://www.wireshark.org for more information. Usage: tshark [options] ... Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: )
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (- to read from stdin) Processing:
- perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==,http
-H <hosts file> read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
--disable-protocol <proto_name>
disable dissection of proto_name
--enable-heuristic <short_name>
enable dissection of heuristic protocol
--disable-heuristic <short_name>
disable dissection of heuristic protocol
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C <config profile> start with specified configuration profile
-F <output file type> set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O <protocols> Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S <separator> the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|json|ek|text|fields
format of text output (def: text)
-j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,
(e.g. "http tcp ip",
-e <field> field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
bom=y|n print a UTF- BOM
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-U tap_name PDUs export mode, see the man page for details
-z <statistics> various statistics, see the man page for details
--capture-comment <comment>
add a capture comment to the newly created
output file (only for pcapng) Miscellaneous:
-h display this help and exit
-v display version info and exit
-o <name>:<value> ... override preference setting
-K <keytab> keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help WARNING: dumpcap will enable kernel BPF JIT compiler if available.
You might want to reset it
By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" [buildroot@root ~]# 二、tshark支持协议查看:
tshark -G protocols 三、vcan设置:
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
candump vcan0
canopend vcan0 -i -s od4_storage -a od4_storage_auto 四、tshark抓包设备显示:
[buildroot@root ~]# sudo tshark -D
Running as user "root" and group "root". This could be dangerous.
. eth0
. vcan0
. any
. lo (Loopback)
. usbmon1
. usbmon2
. usbmon3
. randpkt (Random packet generator)
[buildroot@root ~]# 五、tshark vcan抓包:
[buildroot@root ~]# tshark -i vcan0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
0.000000000 ? CAN STD: 0x00000704 7f
0.000023000 ? CAN STD: 0x00000704 7f
1.001414667 ? CAN STD: 0x00000704 7f
1.001437667 ? CAN STD: 0x00000704 7f
2.001844334 ? CAN STD: 0x00000704 7f
2.001867334 ? CAN STD: 0x00000704 7f
3.002829334 ? CAN STD: 0x00000704 7f
3.002850334 ? CAN STD: 0x00000704 7f 六、tshark vcan can协议解析:
[buildroot@root ~]# tshark -i vcan0 -O can
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte) Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte)
tshark CAN协议分析初试的更多相关文章
- Memcache的使用和协议分析详解
Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...
- [转]Memcache的使用和协议分析详解
Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...
- Google的Protobuf协议分析
protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...
- 蓝牙协议分析(7)_BLE连接有关的技术分析
转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...
- 协议分析TMP
最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0, 所用到的TCP ...
- 协议分析 - DHCP协议解码详解
协议分析 - DHCP协议解码详解 [DHCP协议简介] DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- Thrift的TCompactProtocol紧凑型二进制协议分析
Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...
- BT协议分析(1)—1.0协议
简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer. 缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...
随机推荐
- ASP.NET MVC命名空间时引起错误的解决方法
使用VS2012新建了一个Asp.net mvc5的项目,并把项目的命名空间名称更改了(Src更改为UXXXXX),然后就导致了以下错误 刚开始以后是项目的属性中的命名空间没有更改过来的问题,但我在重 ...
- Chargen UDP服务远程拒绝服务攻击漏洞修复教程
一.前置说明 chargen服务最初设计用于测试网络状态,监听19端口(包括TCP和UDP),其中UDP协议存在“Chargen UDP服务远程拒绝服务攻击漏洞”. chargen一般不会使用,所以直 ...
- 开发Web应用(2)(二十一)
在完成配置之后,举一个简单的例子,在快速入门工程的基础上,举一个简单的示例来通过Thymeleaf渲染一个页面. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 1 ...
- pycharm 配置使用
1. 如何添加Package File-> Settings -> Project :XXXX -> Project Interpreter 点右边的"+"号,输 ...
- JS--script标签注意细节
1)在使用<script>标签嵌入js代码时,记住不要在代码中的任何地方出现</script>字符串.例如: <script type="text/javasc ...
- Best Paper Awards in Computer Science 链接
http://jeffhuang.com/best_paper_awards.html#icml
- 读入excle
可以输出到csv(逗号间隔,具体搜索csv格式). csv可以在excel中直接导入. 也可以用system函数调用ssconvert从csv转xlsx:system("ssconvert ...
- 【转】caffe数据层及参数
原文: 要运行caffe,需要先创建一个模型(model),如比较常用的Lenet,Alex等, 而一个模型由多个层(layer)构成,每一层又由许多参数组成.所有的参数都定义在caffe.proto ...
- 多态概念,C++
body, table{font-family: 微软雅黑; font-size: 10pt} table{border-collapse: collapse; border: solid gray; ...
- python常用内建模块 collections,bs64,struct,hashlib,itertools,contextlib,xml
# 2 collections 是Python内建的一个集合模块,提供了许多有用的集合类. # 2.1 namedtuple #tuple可以表示不变集合,例如,一个点的二维坐标就可以表示成: p ...