Wireshark is a well-known network packet sniffer. Since 2009 it is also capable of capturing CAN frames via SocketCAN interface in Linux. Just configure and activate your CAN interface and it will show up as one of the available sniffing interfaces. The image below shows CAN frames captured via USB-CAN adapter (slcan driver).
Following information will be extracted from CAN frame:
- Extended Flag
- Remote Transmission Request Flag
- Error Flag
As of Wireshark version 1.7.1 CANopen dissector was introduced. See image below.
As CAN has no ports or other remarkable protocol options you’ll have to manually choose, how CAN frames should be interpreted.
And the last note. Though CAN frames can be captured only in Linux, they still can be analyzed on every system Wireshark is running on.