I'm writing a Wireshark dissector for our CAN bus protocol and I've noticed that tcpdump captures CAN frames twice and its output differs from candump program.
For example, when I execute following commands
$ cansend vcan0 123#R
$ cansend vcan0 123#22
tcpdump shows following output
$ tcpdump -i vcan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vcan0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
00:19:18.372611
0x0000: 2301 0040 0000 0000 0000 0000 0000 0000 #..@............
00:19:18.374097
0x0000: 2301 0040 0000 0000 0000 0000 0000 0000 #..@............
00:19:33.605064
0x0000: 2301 0000 0100 0000 2200 0000 0000 0000 #.......".......
00:19:33.610799
0x0000: 2301 0000 0100 0000 2200 0000 0000 0000 #.......".......
but candump shows it correctly.
$ candump vcan0
vcan0 123 [0] remote request
vcan0 123 [1] 22
tcpdump version
$ tcpdump --version
tcpdump version 4.9.2
libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
I have two questions
- Is there any solution to this problem or is it solved in a newer version?
- If no or newer version is required, can I use candump in Wireshark remote capture? I know I can preview candump logs, but I would prefer live inspection using remote capture.
tcpdumpchange if you add the-Q inoption?-Q insolved my problem. Thank You very much!