Using Wireshark with CAN and CANopen

5 Sep

Wireshark is outstanding piece of software. I had few chances to make use of it, early in my IT days, then in one of bigger projects I worked on, and finally now – when I began working on industrial integration protocols.
This blog post will describe a journey I had with Wireshark over last couple of weeks and tell you why clicking couple of times everywhere you CAN is sometimes better.

Most of us knows Wireshark as network traffic analysis tool. Over years it really evolved and permits to scan USB and even Bluetooth traffic. This makes it great candidate for other “serial” protocols, especially ones used in hardware and automation. I used this tool couple of months ago to implement Apache PLC4X and MSpec describing Link-Layer-Discovery-Protocol (LLDP) as well as for Profinet Discovery and Configuration Protocol (Profinet-DCP).
Recently I’ve started working on CANopen implementation in Java and faced sad reality of automation market. Almost each and every tool is paid. Existing open-source toolkits offer quite poor functionality or function as a library with limited functionality.

Naturally I did search for Wireshark + CAN multiple times over Google, DuckDuckGo. Each time I was getting the same answer: Enable CANopen protocol in Wireshark. It is simple, it must be simple, am I right?
I looked at CAN preferences, but options mentioned in this answer were gone. Other suggestions on using next dissector lead me to window which did not give a CANopen anywhere.

Now, the real answer you probably look for – you need to know which column to click. I kept clicking first column and getting everything but not CANopen. Below you can see Wireshark popup window you probably don’t use most of the time:

Finally, after being caught in this trap for two weeks, if not longer, I found answer. Exhausted by lack of success I finally went to Windows and started clicking over all columns. It turned out that LAST column is editable and that’s the place where you can actually pick higher layer protocol for CAN.
You just need to click into it, if it doesn’t work (as it didn’t for me) then click twice. Pay attention cause Wireshark GUI sometimes gets tricky with “clicks”, at least that was case for my linux distro. Just now I been trying to see if I was that dumb that I did not click this bloody column or my X manager played fool with me. Probably both, cause now by trying I managed to “freeze” row and block the dropdown.
When you click last column in a right spot it will show a drop down list.

Wireshark dissector setup.
Changing Wireshark dissector.

Hope that it will help others who ran into same trouble. I must admit that I did not expect myself being stuck on such basic issue for so long. Especially with program I knew for more than decade. It seems that the older I get, the easier I get stuck with such basic things. Remember, if something doesn’t work just keep clicking, eventually it will.

4 Responses to Using Wireshark with CAN and CANopen



March 24, 2023 at 1:26 pm

Dzięki, thank you.
I was searching – knowing it must be there – for around 2 hours until i found this, you document.



March 24, 2023 at 9:02 pm

You’re welcome. I was in same spot for several days and decided to record procedure to avoid other people loosing time on same thing.
Its pity you had to sacrifice two hours of your time. Hopefully searching engines will eventually index this page and guide people here earlier. 😉



June 15, 2023 at 10:08 am

No worries.
What’s more interesting, make the CANopen and the CAN data readable. For CANopen there are .eds (or .dcf files) better explaining the nodes and data thats seen in Wireshark.
The same for CAN data which is explained in .dbc files (where there was is a plugin for the very old Wireshark Version 2.4 from CSS Elektronics in DK).
Right now I will investigate with Python and Jupyter Notebooks (code from Github etc) as I am for sure not the first one having this demand.



June 15, 2023 at 11:42 pm

I was not aware that there was a plugin to do that. I am stuck with linux for couple of years already and selection of desktop class CAN tools is fairly limited. I once even wrote my own “CANopen” web logger which was saving all messages in memory buffer so I could browse them. Since it was done for non-certified devices which rely on protocol, but not EDS, it was sufficient to tinkering.
Anyhow, the CANopenNodeEDS editor is doing fine job in parsing EDS files which I’ve tried to replicate (a bit), yet I haven’t made any decent progress yet. Maybe later, when I will work on better support for CANopen in openHAB I will finally implement that part to cover automatic discovery of channels. 😉
Out of curiosity, how do you feed Jupyter with CAN data?

Comment Form