-
Notifications
You must be signed in to change notification settings - Fork 14
mod_stat
This module is designed for CAN traffic sniffing and analyses. Module receives CAN frame from PIPE and saves it in the memory
uds_shift - optional. default value is 8.
This parameter tells module which offset should be used for UDS response ID. By default response ID on UDS request is +8 to ID of UDS request.
meta_file - optional. no values by default.
Path to a META file that will be used for this traffic. META file describes already known things in the traffic. File format (and possible features):
1800:id_descr:Description text
1900:id_index:0-2-1
first row is ID, second type of meta-data and third is data. Currently module support two types of metadata:
id_descr - Comments. The text field that will be added to user-output for all packets with chosen ID. This will help to identify already known CAN frames and sort and keep knowledge.
id_index - Custom defragmentation rule. If you know, that all frames with that ID fragmented, and some bytes are index/counter byte, then you can tell mod_stat to rebuilt all chain. In this example (0-2-1) we are telling mod_stat that index bytes are from 0 to 2nd position and counter starts at value 1:
00 01 61 61
00 02 62 62
This two packets will be reassembled into 61616262 on traffic analysis stage.
None.
Print current table - p
Print all sniffed frames in short table. Example of output:
BUS ID LENGTH MESSAGE ASCII DESCR COUNT
Default 318 3 080009 6545
Default 318 3 080018 7069
Default 1359 8 0146443435313823 .FD4518# VIN value 141
Default 1359 8 033034313535000c .04155.. VIN value 124
Default 1359 8 0000000004000013 VIN value 198
Default 1359 8 02323232424e323a .222BN2: VIN value 184
Default 749 1 12 59
Default 749 1 33 60
Default 749 1 25 70
DESCR field will be set only if META data exists for that ID.
Analyses of captured traffic - a,
Analyzing of captured traffic. If no parameters then all analyzing methods will be executed:
FRAG - mod_stat will try to find control/index byte to fragment all chain. By default it could detect situations when same chain of data sending in the loop and first byte is index. Like in the example in print table section. The output will be:
De-Fragmented frames (using loop-based detection):
ID 1036 and length 28
Data: 0000000400001346443435313823323232424e323a3034313535000c
ASCII: .......FD4518#222BN2:222BN2..
De-Fragmented frames (using user's META data):
Also if user has provided META data for custom indexes, this action will try to reassemble chosen IDs based on META rules. In our example we do not have this META information.
ISO - mod_stat will try to find messages that have been sent in ISO-TP (ISO 15765-2) format and print those UDS - mod_stat will try to find UDS services(ISO 14229-1:2013) based on sniffed requests and responses (over ISO-TP)
Clean table - c
Free memory and clean all saved frames.
Meta-data: add description for ID - i, ,
Add comment for chosen CAN frame ID as META data
Meta-data: add index-byte for ID - x, , --<start_value>
Add custom index byte for ID, then on analysis stage mod_stat will use this info for defragmentation.
Load meta-data - l,
Load META data from the file
Save meta-data - z,
Save current META data to file
Dump ALL in replay format - r,
Save ALL sniffed CAN frames in replay format. Later you can share this file with colleagues or replay by yourself without car (via mod_replay module)
**Dump STAT in CSV format ** - d,
Save statistics table (like you see whe you do 'print table') into CSV file.