tshark CAN协议分析初试
/*********************************************************************************
* tshark CAN协议分析初试
* 说明:
* 使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN
* 数据分析data部分都无法显示,目前不知道原因。
*
* 2018-2-5 深圳 宝安西乡 曾剑锋
********************************************************************************/ 一、tshark help:
[buildroot@root ~]# tshark -h
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2. (wireshark-2.2.)
Dump and analyze network traffic.
See https://www.wireshark.org for more information. Usage: tshark [options] ... Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: )
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (- to read from stdin) Processing:
- perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==,http
-H <hosts file> read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
--disable-protocol <proto_name>
disable dissection of proto_name
--enable-heuristic <short_name>
enable dissection of heuristic protocol
--disable-heuristic <short_name>
disable dissection of heuristic protocol
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C <config profile> start with specified configuration profile
-F <output file type> set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O <protocols> Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S <separator> the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|json|ek|text|fields
format of text output (def: text)
-j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,
(e.g. "http tcp ip",
-e <field> field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
bom=y|n print a UTF- BOM
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-U tap_name PDUs export mode, see the man page for details
-z <statistics> various statistics, see the man page for details
--capture-comment <comment>
add a capture comment to the newly created
output file (only for pcapng) Miscellaneous:
-h display this help and exit
-v display version info and exit
-o <name>:<value> ... override preference setting
-K <keytab> keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help WARNING: dumpcap will enable kernel BPF JIT compiler if available.
You might want to reset it
By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" [buildroot@root ~]# 二、tshark支持协议查看:
tshark -G protocols 三、vcan设置:
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
candump vcan0
canopend vcan0 -i -s od4_storage -a od4_storage_auto 四、tshark抓包设备显示:
[buildroot@root ~]# sudo tshark -D
Running as user "root" and group "root". This could be dangerous.
. eth0
. vcan0
. any
. lo (Loopback)
. usbmon1
. usbmon2
. usbmon3
. randpkt (Random packet generator)
[buildroot@root ~]# 五、tshark vcan抓包:
[buildroot@root ~]# tshark -i vcan0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
0.000000000 ? CAN STD: 0x00000704 7f
0.000023000 ? CAN STD: 0x00000704 7f
1.001414667 ? CAN STD: 0x00000704 7f
1.001437667 ? CAN STD: 0x00000704 7f
2.001844334 ? CAN STD: 0x00000704 7f
2.001867334 ? CAN STD: 0x00000704 7f
3.002829334 ? CAN STD: 0x00000704 7f
3.002850334 ? CAN STD: 0x00000704 7f 六、tshark vcan can协议解析:
[buildroot@root ~]# tshark -i vcan0 -O can
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte) Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte)
tshark CAN协议分析初试的更多相关文章
- Memcache的使用和协议分析详解
Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...
- [转]Memcache的使用和协议分析详解
Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...
- Google的Protobuf协议分析
protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...
- 蓝牙协议分析(7)_BLE连接有关的技术分析
转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...
- 协议分析TMP
最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0, 所用到的TCP ...
- 协议分析 - DHCP协议解码详解
协议分析 - DHCP协议解码详解 [DHCP协议简介] DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- Thrift的TCompactProtocol紧凑型二进制协议分析
Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...
- BT协议分析(1)—1.0协议
简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer. 缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...
随机推荐
- iOS架构设计系列之解耦的尝试之变异的MVVM
最近一段时间,在思考如何合理的架构一个可扩展性良好的界面编程方式.这一部分的成果做成了一个叫ElementKit的库.目前功能在不断的完善中. 关于iOS的架构,看多了MVVM,VIPER,MVC,M ...
- PAT-GPLT训练集 L1-043 阅览室
PAT-GPLT训练集 L1-043 阅览室 注意:连续的S和E才算一次借还 代码: #include<iostream> #include<cstdio> using nam ...
- laravel中db获取某个数据的具体字段值:
$helpfriend = DB::connection('luckyrecord')->table($luckyrecord)->where('id', $luckyrecordid)- ...
- Animation和Animator 的区别
此文章转载于极视学堂!!!! ①Animation和Animator 虽然都是控制动画的播放,但是它们的用法和相关语法都是大有不同的. Animation 控制一个动画的播放,而Animator是多个 ...
- flask上传下载文件(一)下载
简介: 作为一个可以和用户交互的web应用,必然要有数据导出功能,导出到excel是比较常用的方式. flask有一个扩展叫flask-excel,可能不适合中国人用,因为没有看到修改列名的功能.也许 ...
- 删除所有已经停止的容器 docker rm $(docker ps -a -q)
杀死所有正在运行的容器docker kill $(docker ps -a -q) 删除所有已经停止的容器docker rm $(docker ps -a -q) 删除所有未打 dangling 标签 ...
- 进程中的Manager(),实现多进程的数据共享与传递
__author__ = "Alex Li" from multiprocessing import Process, Managerimport osdef f(d, l): d ...
- CKEditor编辑器的使用
<div class="form-group" id="infolink-edier-div"> <label for="" ...
- 什么是XP
极限编程(XP)是敏捷过程中最富盛名的一个.下述这些特点使得敏捷过程能够较好地适应商业竞争环境下对小型项目提出的有效资源和有限开发时间的约束. 极限编程的有效实践 极限编程的整体开发过程 极限编程的迭 ...
- ssh 免密登陆
A 要免密码登录要B 那么需要在A电脑上使用命令 ssh-keygen -t rsa 在~/.ssh/ 目录下生成id_rsa.pub 这个文件,然后将这个文件的内容拷到B电脑de ~/.ssh/au ...