use wireshark with socketcan

Issue #54 resolved
Olivier Bertrand created an issue


I know my issue isn't from python-can, and sorry for that. It's just I saw on the python-can documentation it's possible to use wireshark:

I tried this example and it works correctly. But as soon as I put a j1939 filter + extended ID, it disappears. Any idea of the usage with wireshark?

There is nothing else on the network, I'm just creating a vcan0 interface and throwing some frames with nothing in front of it... Not sure the j1939 protocol accepts that.

Thank you in advance, cheers.

Comments (6)

  1. Olivier Bertrand reporter


    OK I found the solution , if this could help somebody:

    through the menu : right click on the frame -> decode as -> then you have to save with the current field. Then "J1939" appears in the column protocol.


  2. mfcss

    Hi Olivier, would you by any chance be able to share a pcap file with some J1939 data from your work? I'm looking for a sample to test out the J1939 dissector, but unfortunately I do not have an available option for logging the data myself. I know it's a long shot, but in case you'd be up for it, it would be highly appreciated!


  3. Olivier Bertrand reporter

    Hi @mfcss ,

    never used pcap before, does that process is correct to give you what you need ? :

    I've adapted a bit the J1939 protocol for my own application, so I'm not sure this will be what you are expecting...

    If you give me more information about what you are planning to do, maybe I can help you

    Let me know and give more details on what you mean by "logging the datas by yourself" Cheers.

  4. mfcss

    Hi again Olivier, thanks for your reply.

    I'm working with a CAN bus data logger, which will integrate with Wireshark and act as an interface. This means that it will be possible to connect it to e.g. a truck or bus and parse the live data into Wireshark under the J1939 protocol. In preparation of the release of this feature, I'm looking to get a better understanding of e.g. the "decode as" J1939 part of Wireshark.

    However, since it's a new feature, I actually lack J1939 data for playing around in Wireshark - and hence I wanted to ask if you by any chance would have J1939 data that could be loaded into Wireshark and decoded as J1939. This would provide me an opportunity to play with the features.

    But in case your data is not raw J1939 data, then potentially I misunderstood your other posts - in that case, no worries. Thanks for your time.


  5. Olivier Bertrand reporter

    Hey Martin,

    Sorry for my late reply, trust you are still working on your data logger..

    What you have to know is my application does not concern vehicules, I'm using it for intelligent solar panels communicating their datas (current, state of charge, etc..)

    I don't know what you are calling "raw" J1939 but what I'm sure is I respect the protocol in that points:

    1) the 29b ID is still divided with 3b prio, 1b res, 1b data page to 0, 8b PDU Form., 8b PDU Spec., 8b Src add

    2) my datas are optionals and goes from 0 to 8 bits

    3) I'm using the ID for address claiming, with my own procedure, but the null and global addresses are still the 254 and 255

    4) I don't use addresses related to the SAE J1939 standard list in the predefined (preferred) addresses (industry group 1 to 5), that means I'm not using addresses between 128 and 247

    5) my datas contains informations about my intelligent solar panel system

    As soon I work again on my application, I can document you some frames or show you by remoite session how I do. This is still experimental (it's still a prototype). So I'm working with a virtual bus for now..


  6. Log in to comment