On 06/02/17 12:16, Greg D. wrote:
I currently have a Raspberry Pi with a PiCAN-2 board on top, lashed to either an OBDwiz module or a T-Mobile "SyncUp Drive" Wi-Fi hotspot. Wireshark running on the Pi captures the initial messages that the modules transmit (500kbps assumed). I need to find a table of what these messages translate to, so I can create a small program to provide suitable answers.
I'm using an slcan device with socket can on linux and I've found that wireshark and tcpdump record the CAN frame id with the wrong endianess. Does the output of candump agree with what you are seeing in wireshark? I wrote some simple tools for manipulating pcaps. https://carrott.org/git/leaf-can-dissector.git/blob/HEAD:/pcap-canid-endian-... fixes the endian bug I'm seeing (only tested on 11 bit identifiers). https://carrott.org/git/leaf-can-dissector.git/blob/HEAD:/pcap-histogram.py promises a histogram but disappoints by giving a table. Also it filters by a hard coded nissan leaf frame id. https://carrott.org/git/leaf-can-dissector.git/blob/HEAD:/pcap-state.py prints the last frame seen for each frame id, this is good for looking at two captures and finding which frames are new https://carrott.org/git/leaf-can-dissector.git/blob/HEAD:/pcap-to-canplayer-... converts a pcap into the semi-binary format that canplayer uses. Useful to play back a pcap file. Most of these tools operate on stdin and stdout. None of them are documented, sorry. You might capture without your obd module plugged in, and then capture again with it plugged in and look at what new messages are present by diffing the output of pcap-state.py on each capture. I'm also working on a MitM for exploring how the Nissan Leaf car authenticates it's battery. I'm using can4python and I really like the kayak file format to describe the frames (much easier to understand than the wireshark dissector I made), see https://carrott.org/git/leaf-can-utils.git Unfortunately Can4python doesn't support remote request frames, but maybe your RTR frames are actually regular frames misinterpreted due to the endianess bug?