[Ovmsdev] ODB CAN message decoder?

Tom Parker tom at carrott.org
Wed Feb 8 16:35:04 HKT 2017


On 08/02/17 19:05, HONDA S-2000 wrote:
> I might be on the wrong wavelength, but I don't understand how you expect Wireshark or tcpdump to know the endianness of the data in the packets.

Maybe I misdiagnosed the problem. The problem is that Wireshark decodes 
the CAN bus header using one endianness and tcpdump records it using the 
other. I'm not sure which is more correct.

The Linux SocketCAN system exposes the CAN bus to user space as a 
datagram socket. This way you can use tcpdump and Wireshark. The CAN bus 
frames are not passed over TCP.

Here is a frame with identifier 0x1d4 captured from my leaf with tcpdump 
and displayed in wireshark. The first line is as captured, the second is 
after byte swapping the header.

0000   d4 01 00 00 08 ff ff ff a0 6d 00 00 42 06 40 60 .........m..B.@`

0000   00 00 01 d4 08 ff ff ff a0 6d 00 00 42 06 40 60 .........m..B.@`

Wireshark thinks the un-swapped frame has the extended and remote 
transmission flags set because the first two bits are set. It thinks the 
id is 0x14010000 because it interprets the first 3 bits as flags, and 
the the rest as the identifier. The 0x08 is the length, followed by 
three padding bytes and then the actual payload data.

I use 
https://carrott.org/git/leaf-can-dissector.git/blob/HEAD:/pcap-canid-endian-swap.py 
to fix these. I haven't tried to work out why I have this problem or how 
to fix it properly.

The SocketCAN candump utility has always given me correct results. Greg, 
does candump agree with wireshark on your system?




More information about the OvmsDev mailing list