Skip to main content

Wireshark and Edgeshark

By using Edgeshark all messages can be visualized with Wireshark. Some/ip and CAN messages will be detected out of the box and partially decoded. Below are short getting-started instructions. Detailed instructions on how to start and use Edgeshark can be found on https://edgeshark.siemens.io/.

Note: If you're using Podman, Edgeshark doesn't work without additional configuration. Please read the section below for how to get it running.

  1. On the host, where all the other containers are running do:
wget -q --no-cache -O - \
https://github.com/siemens/edgeshark/raw/main/deployments/wget/docker-compose-localhost.yaml \
| DOCKER_DEFAULT_PLATFORM= docker compose -f - up
  1. Wireshark, to visualize install plugin (where you run wireshark (this is slightly tricker)) https://github.com/siemens/cshargextcap
  2. Go to http://localhost:5001/ click the diagram

Edgeshark on Podman

Due to some incompatibilities between Podman and Docker, the docker-compose files for Edgeshark don't work with Podman as they are. You can find a in the examples/edgeshark_for_podman folder in examples. To use it:

  1. Open a prompt and navigate to the examples/edgeshark_for_podman folder.
  2. Run podman compose -f docker-compose-localhost.yaml up.
  3. Open http://localhost:5001 in your browser.

To enable the interaction with wireshark, you also need to install the cshargextcap plugin for wireshark from https://github.com/siemens/cshargextcap.

Edgeshark screenshots

The pictures below shows the connections between the running containers. By clicking the blue shark fin(s)(eg wireshark symbol) wireshark opens and allow inspection in that specific connection. [Image] Edgeshark [Image] Edgeshark [Image] Edgeshark

Wireshark screenshots

Image below shows a notification on the some/ip bus. Decoder can be selected by right clicking the a line in the trace window. [Image] Wireshark SOME/IP Image below shows traffic on a slected CAN bus. In this case it's 00 [Image] Wireshark CAN