/*********************************************************************************

 *                        tshark CAN协议分析初试

 * 说明:

 *     使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN

 * 数据分析data部分都无法显示,目前不知道原因。

 *

 *                                              2018-2-5 深圳 宝安西乡 曾剑锋

 ********************************************************************************/

一、tshark help:

    [buildroot@root ~]#  tshark -h

    Running as user "root" and group "root". This could be dangerous.

    TShark (Wireshark) 2.2. (wireshark-2.2.)

    Dump and analyze network traffic.

    See https://www.wireshark.org for more information.

    Usage: tshark [options] ...

    Capture interface:

      -i <interface>           name or idx of interface (def: first non-loopback)

      -f <capture filter>      packet filter in libpcap filter syntax

      -s <snaplen>             packet snapshot length (def: )

      -p                       don't capture in promiscuous mode

      -I                       capture in monitor mode, if available

      -B <buffer size>         size of kernel buffer (def: 2MB)

      -y <link type>           link layer type (def: first appropriate)

      -D                       print list of interfaces and exit

      -L                       print list of link-layer types of iface and exit

    Capture stop conditions:

      -c <packet count>        stop after n packets (def: infinite)

      -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                               filesize:NUM - stop this file after NUM KB

                                  files:NUM - stop after NUM files

    Capture output:

      -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                               filesize:NUM - switch to next file after NUM KB

                                  files:NUM - ringbuffer: replace after NUM files

    Input file:

      -r <infile>              set the filename to read from (- to read from stdin)

    Processing:

      -                       perform a two-pass analysis

      -R <read filter>         packet Read filter in Wireshark display filter syntax

      -Y <display filter>      packet displaY filter in Wireshark display filter

                               syntax

      -n                       disable all name resolutions (def: all enabled)

      -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

      -d <layer_type>==<selector>,<decode_as_protocol> ...

                               "Decode As", see the man page for details

                               Example: tcp.port==,http

      -H <hosts file>          read a list of entries from a hosts file, which will

                               then be written to a capture file. (Implies -W n)

      --disable-protocol <proto_name>

                               disable dissection of proto_name

      --enable-heuristic <short_name>

                               enable dissection of heuristic protocol

      --disable-heuristic <short_name>

                               disable dissection of heuristic protocol

    Output:

      -w <outfile|->           write packets to a pcap-format file named "outfile"

                               (or to the standard output for "-")

      -C <config profile>      start with specified configuration profile

      -F <output file type>    set the output file type, default is pcapng

                               an empty "-F" option will list the file types

      -V                       add output of packet tree        (Packet Details)

      -O <protocols>           Only show packet details of these protocols, comma

                               separated

      -P                       print packet summary even when writing to a file

      -S <separator>           the line separator to print between packets

      -x                       add output of hex and ASCII dump (Packet Bytes)

      -T pdml|ps|psml|json|ek|text|fields

                               format of text output (def: text)

      -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected,

                               (e.g. "http tcp ip",

      -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                               _ws.col.Info)

                               this option can be repeated to print multiple fields

      -E<fieldsoption>=<value> set options for output when -Tfields selected:

         bom=y|n               print a UTF- BOM

         header=y|n            switch headers on and off

         separator=/t|/s|<char> select tab, space, printable character as separator

         occurrence=f|l|a      print first, last or all occurrences of each field

         aggregator=,|/s|<char> select comma, space, printable character as

                               aggregator

         quote=d|s|n           select double, single, no quotes for values

      -t a|ad|d|dd|e|r|u|ud    output format of time stamps (def: r: rel. to first)

      -u s|hms                 output format of seconds (def: s: seconds)

      -l                       flush standard output after each packet

      -q                       be more quiet on stdout (e.g. when using statistics)

      -Q                       only log true errors to stderr (quieter than -q)

      -g                       enable group read access on the output file(s)

      -W n                     Save extra information in the file, if supported.

                               n = write network address resolution information

      -X <key>:<value>         eXtension options, see the man page for details

      -U tap_name              PDUs export mode, see the man page for details

      -z <statistics>          various statistics, see the man page for details

      --capture-comment <comment>

                               add a capture comment to the newly created

                               output file (only for pcapng)

    Miscellaneous:

      -h                       display this help and exit

      -v                       display version info and exit

      -o <name>:<value> ...    override preference setting

      -K <keytab>              keytab file to use for kerberos decryption

      -G [report]              dump one of several available reports and exit

                               default report="fields"

                               use "-G ?" for more help

    WARNING: dumpcap will enable kernel BPF JIT compiler if available.

    You might want to reset it

    By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable"

    [buildroot@root ~]#

二、tshark支持协议查看:

    tshark -G protocols

三、vcan设置:

    sudo ip link add dev vcan0 type vcan

    sudo ip link set up vcan0

    candump vcan0

    canopend vcan0 -i  -s od4_storage -a od4_storage_auto

四、tshark抓包设备显示:

    [buildroot@root ~]#  sudo tshark -D

    Running as user "root" and group "root". This could be dangerous.

    . eth0

    . vcan0

    . any

    . lo (Loopback)

    . usbmon1

    . usbmon2

    . usbmon3

    . randpkt (Random packet generator)

    [buildroot@root ~]#

五、tshark vcan抓包:

    [buildroot@root ~]#  tshark -i vcan0

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

         0.000000000              ?              CAN  STD: 0x00000704   7f

         0.000023000              ?              CAN  STD: 0x00000704   7f

         1.001414667              ?              CAN  STD: 0x00000704   7f

         1.001437667              ?              CAN  STD: 0x00000704   7f

         2.001844334              ?              CAN  STD: 0x00000704   7f

         2.001867334              ?              CAN  STD: 0x00000704   7f

         3.002829334              ?              CAN  STD: 0x00000704   7f

         3.002850334              ?              CAN  STD: 0x00000704   7f

六、tshark vcan can协议解析:

    [buildroot@root ~]#  tshark -i vcan0 -O can

    Running as user "root" and group "root". This could be dangerous.

    Capturing on 'vcan0'

    device vcan0 entered promiscuous mode

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

    Frame :  bytes on wire ( bits),  bytes captured ( bits) on interface

    Linux cooked capture

    Controller Area Network

        ...        = Identifier: 0x00000704

        ... .... .... .... .... .... .... .... = Extended Flag: False

        ... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False

        ... .... .... .... .... .... .... .... = Error Flag: False

        Frame-Length:

    Data ( byte)

tshark CAN协议分析初试的更多相关文章

  1. Memcache的使用和协议分析详解

    Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...

  2. [转]Memcache的使用和协议分析详解

    Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...

  3. Google的Protobuf协议分析

    protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...

  4. 蓝牙协议分析(7)_BLE连接有关的技术分析

    转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...

  5. 协议分析TMP

    最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0,      所用到的TCP ...

  6. 协议分析 - DHCP协议解码详解

    协议分析 - DHCP协议解码详解 [DHCP协议简介]         DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...

  7. PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析

    Python黑帽编程1.5  使用Wireshark练习网络协议分析 1.5.0.1  本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...

  8. Thrift的TCompactProtocol紧凑型二进制协议分析

    Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...

  9. BT协议分析(1)—1.0协议

    简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer.   缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...

随机推荐

  1. ZZW原创_imdpd导入时产生的错误

    1.ORA-39083: Object type OBJECT_GRANT failed to create with error Processing object type SCHEMA_EXPO ...

  2. Oracle 11g后台进程一览表

    Background Processes Table F-1 describes Oracle Database background processes. In this context, a ba ...

  3. weblogic安装教程(以weblogic 11g为例)

    1.下载jdk和weblogic安装介质 一般的搭配是jdk1.5+weblogic92.jdk1.6+weblogic11g(weblogic10.3.6) jdk历史版本下载链接:http://w ...

  4. nginx源码安装教程(CentOS)

    1.说明 官方源码安装说明:http://nginx.org/en/docs/configure.html 源码包下载地址:http://nginx.org/en/download.html 版本说明 ...

  5. springboot aop 自定义注解方式实现一套完善的日志记录(完整源码)

    https://www.cnblogs.com/wenjunwei/p/9639909.html https://blog.csdn.net/tyrant_800/article/details/78 ...

  6. 禁止网站被别人通过iframe引用

    https://blog.csdn.net/dugujiancheng/article/details/51669164 解决方案一:js方法这种方法不可靠,不推荐使用 <script type ...

  7. Java Web(十一) 文件上传与下载

    文件上传 上传的准备工作 表单method必须为post 提供file组件 设置form标签的enctype属性为multipart/form-data,如果没有设置enctype属性,浏览器是无法将 ...

  8. day5-python数据类型

    数据类型 计算机顾名思义就是可以做数学计算的机器,因此,计算机程序理所当然地可以处理各种数值.但是,计算机能处理的远不止数值,还可以处理文本.图形.音频.视频.网页等各种各样的数据,不同的数据,需要定 ...

  9. JQuery button控制div或者section

    一.项目你需求 点击左边导航栏的某个按钮,右边内容栏显示出,相应的内容 效果如图   二.html与css.jQuery 1.div模式 <!DOCTYPE html PUBLIC " ...

  10. C++面向对象实现封装线程池

    body, table{font-family: 微软雅黑; font-size: 13.5pt} table{border-collapse: collapse; border: solid gra ...