CAN Bus Interface: Streaming OBD2 Data With Wireshark

Being able to stream live CAN bus data is a core functionality in a versatile CAN bus analyzer.

But we thought:

"Why stop there?"

What if we integrate a simple-to-use CAN analyzer with the world's most popular network analyzer, Wireshark?

The result is a truly powerful platform for real-time CAN bus analysis!

We therefore upgraded the CANLoggerX000 data logger to act as a CAN bus interface, including integration with Wireshark.
Further, we enhanced Wireshark with a new Plugin - adding DBC support, CAN sniffing support, OBD2 conversion and more!

In this article, we focus on the new OBD2 dissector as we use a CANLogger2000 to stream live OBD2 data from an Audi A4. 

Specifically, we cover how to stream with a CANLoggerX000, the OBD2 dissector and 6 tips for using Wireshark with CAN bus.

To see this in action, check out our 2 minute video above!

WHY USE WIRESHARK FOR CAN BUS INTERFACING?

As evident from the video, the CANLoggerX000 is an extremely simple-to-use CAN interface - live streaming in just a few clicks. 

By leveraging Wireshark, we offer functionality to match or exceed many of the best CAN interface software out there. For free! 

Further, Wireshark's CAN bus functionality is very easy to extend. To prove this, we had an easy OBD2 filter made to convert raw OBD2 messages into human-readable output using the Wikipedia OBD-II PID documentation. This was done in 1-2 days and is working smoothly!

The versatility of Wireshark coupled with the simplicity of the CANLoggerX000 makes for an excellent combo tool for both hobbyists, CAN spys / hackers as well as the more advanced performance optimizers and diagnostics testers. 

Below are a few key advantages of the CANLoggerX000 over other CAN bus interfaces:

  • You can easily add new plugins to Wireshark - e.g. dissectors, special views, new features and more
  • The CANLoggerX000/Wireshark solution offers functionality on par with the most popular CAN and OBD2 interfaces ...
  • … while the CANLoggerX000 also doubles as a stand-alone CAN bus data logger to log data to an SD card (no PC required)
  • In fact, CANvas makes it extremely simple to log & convert OBD2 data with a new simplified setup
  • In particular, you can access the logger as an interface with Wireshark while logging - and disconnect with no disruption
  • Our plugin comes with built-in OBD2 support, DBC support (incl. J1939), 'trace view' (for reverse engineering) and much more!

HOW TO GET STARTED?

To replicate this article, you’ll need the following,

Note that our Wireshark plugin is open source and can be further developed - let us know if you decide to add something!

Below are the three steps to get started.

1 | Configure your logger & install Wireshark: To stream OBD2 data you need to specify what messages you wish to “request” from the OBD2 system (cf. our OBD-II transmit use case). For a quick start, download this article’s CONFIG.ini file and paste it to your logger. Next, install Wireshark and paste our plugin into the Wireshark/Plugin folder.

2 | Connect to the vehicle and PC: Connect the CAN logger to your car’s OBD2 connector using the DB9-to-OBD2 adaptor cable - click here if you can’t find the connector. Put the key in the ignition. Once the logger is connected to the car, connect it to your PC via the USB cable.

3 | Start Wireshark via CANvas: Finally, open CANvas, choose “Stream Data”, click Connect and then Start. You are now streaming data in Wireshark and using the CANLogger2000 as an OBD2 interface!

Note: CANvas allows you to work with both the regular Wireshark interface (used below) and the ‘Legacy Wireshark’ interface.

Note also that that cars differ in how many standard OBD2 parameter IDs (PIDs) they support. In particular, older cars may provide less data. If you wish to see what data is supported in your car, you can query PIDs 00, 20, 40, 60 and/or 80. For more details on this, cf. our intro to OBD2 or Wikipedia’s article on OBD2 PIDs.

6 TIPS FOR USING WIRESHARK WITH CAN BUS AND OBD2

Below we list a few tips for working with Wireshark to more easily analyse your data - let us know if you have further suggestions for this list!

Convert the OBD2 data: If you wish to decode the data, right click on an OBD2 response message (ID 7e8), choose “Decode As …” and select OBD-II from the list. You should now see message descriptions and converted data. Notice how CANopen and SAE J1939 dissectors are already built into Wireshark.

Configure your columns, just right: We prefer to use a view as seen in the below screen. To match this, you can remove columns (right click them) and add new ones by right-clicking the respective fields in the middle view box (choosing “Add as Column”).

Plot your data: If you wish to show converted OBD2 data in a graphical plot (who doesn’t), you can do so by choosing Statistics/IO Graph. Here you can add up to 5 graphs. In the “Y Field”, simply write “obd-ii.mode01” and you’ll get a drop-down of PID options. In the “Y Axis” drop down choose “AVG(Y Field)” and finally click the checkmark to the far left to plot the data.

Add filters: A cool aspect of Wireshark is adding filters. You can do so swiftly by writing in the “Filter:” text field in the top left corner of the main window. Say you’re streaming both the “request” (ID 7DF) and “response” (ID 7E8) and want to look only at the latter? Simply write “can.id == 0x000007e8” in the filter. It’ll turn green to show that it’s valid and you can click enter - voila! Using the “Expression…” button, you can build far more advanced filters using various relational operators, though we will not cover that in detail here.

Use colorization: Filtering can also be used for conditional formatting. Looking to quickly spot the occurrence of a particular CAN message in your stream, e.g. when sniffing out CAN messages? By right clicking a field in the middle part of the window you can e.g. specify that you want to color all occurrences red where a specific CAN message contains a specific range of data bytes. In the OBD2 context you can e.g. color Vehicle Speed yellow when the ‘Converted value’ goes above 50 km/h and red when above 50 km/h (cf. the figure).

Save data in a common format: A cool thing about Wireshark is that you can save your logged data as e.g. the common *.pcap format for easy sharing and modification.

TRY IT OUT YOURSELF!

If you want to try out the functionality of Wireshark including the plugin, you can download the *.pcap data file used in this article.

If you have a CANLoggerX000, we suggest checking out our new OBD2 Data Logger article on how to easily set it up to log OBD2 data!

 

CLOSING REMARKS

We are excited to bring this feature to the CANLoggerX000 and we hope that you will enjoy it as well. 

If you have any experiences, ideas or feedback, let us know or fill in our 2 min feature survey - we'd love to hear from you!

Also, if you're interested in similar articles, check out our GUIDES page!


This site uses cookies to enhance your experience

Got it!