Wireshark and Edgeshark

By using Edgeshark all messages can be visualized with Wireshark. Some/ip and CAN messages are detected out of the box and partially decoded. Below are short getting-started instructions. Detailed instructions on how to start and use Edgeshark can be found on https://edgeshark.siemens.io/.

Note: if you're using Podman, Edgeshark doesn't work without additional configuration. Please read the section below for how to get it running.

1. On the host, where all the other containers are running do:

wget -q --no-cache -O - \
  https://github.com/siemens/edgeshark/raw/main/deployments/wget/docker-compose-localhost.yaml \
  | DOCKER_DEFAULT_PLATFORM= docker compose -f - up

2. Wireshark, to visualize install plugin (where you run Wireshark (this is slightly tricker)) https://github.com/siemens/cshargextcap
3. Go to http://localhost:5001/ click the diagram

Edgeshark on Podman

Due to some incompatibilities between Podman and Docker, the docker-compose files for Edgeshark don't work with Podman out of the box. You can find a in the edgeshark_for_podman folder in the examples repository. To use it:

1. Download the docker-compose-localhost-podman.yaml file from the link above.
2. Run podman compose -f docker-compose-localhost-podman.yaml up.
3. Open http://localhost:5001 in your browser.

To enable the interaction with Wireshark, you also need to install the cshargextcap plugin for Wireshark from https://github.com/siemens/cshargextcap.

Edgeshark screenshots

The pictures below shows the connections between the running containers. By clicking the blue shark fins(e.g. Wireshark symbol) Wireshark opens and allow inspection in that specific connection.

Wireshark screenshots

Image below shows a notification on the some/ip bus. Decoder can be selected by right clicking the a line in the trace window. Image below shows traffic on a selected CAN bus. In this case it's 00