Which monitor or sniffer software would work with CBT

Sounds good. I've had some decent experience with Wireshark on windows by creating filters like ((((usb.data_len == 15) ))) && (usb.capdata contains 03:02:06:08) to sort live USBcap data. Problem is that Wireshark only dissects down to USB level with
<i>Leftover Capture Data: 030206087f4a0d25d2015f0008010d</i> .. If that message was in a standard CAN serial format without the CBT headers, I think Wirshark would recognize and dissect it under one the include CAN protocols.

Also the USB protocol coming from USBcap doesn't do a great job of reassembling the messages by length either. Some come in short, others super long. So sorting by length is cleaner, but also easy to miss packets your after. So it works OK with HEX, but with JSON string I've had zero luck in Wirshark.

Derek, don't be such a tease. Haha

How did you get that set up?


Just pushed the code up to github. It definitely needs some cleanup but it works well so far. If you guys could test on Windows that would be awesome!


Readme has setup instructions. This module will be included in the desktop app so people will be able to run it without installing Nodejs. But for now you'll need to do it the hard way by installing a system copy of Nodejs. If you're unfamiliar with Nodejs you should be able to just use an installer from here:

Finally, a productive weekend! I've got a ton done on the app and kicked this out in a couple hours after some research on the Pcap format. Hopefully I'll have the beta of the desktop app posted shortly as well! :D


Also I should mention RTR Eflg and Extended flag are not correct right now, as the current firmware does not report them.

I'm going to make a socketcan firmware when time permits so that would make this even easier.

Edit: I just published it to NPM as well, so you can rock a 'npm install cbt-wireshark' to pull it down if you're node-savvy.

What directory does Nodejs want to see your .js files installed? Haven't been able to make it happy yet.


Any folder. Checkout the code, CD to the folder and run npm install; node index.js /compath


Sorry I should have mentioned you need to do it from a command line/terminal. What platform are you on? Any luck getting it going?

When I get the app out this will be built in a dead simple to use. But it's good to get some testing in now before I merge them.

Finding the correct compath that CBT is connected to under XP is where I'm having issues. With USBPcapCMD.exe it lists this for you, but been unable to accomplish the same under node.js
From USBPcap is shows the CBT at \.\USBPcap4

5 \.\USBPcap4
[Port 1] USB Composite Device
Arduino Leonardo (COM16)
USB Human Interface Device
HID-compliant mouse
HID Keyboard Device

So I have use a simple batch file to start it on XP as below.

<i>CD C:\Program Files\USBPcap
USBPcapCMD.exe -d \.\USBPcap4 -o - | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -</i>

Determining the actual path Node.js needs is where I'm currently at.


Ok I need to jump on a windows box and figure this out. You should be able to just run the js file with node and it will setup the pipe for you. The nodejs installed should add Nide to your path in windows but I can't be sure of that right now. I'll report back

Derek, I tried Wireshark on Mac, I need to solve one last thing to get it working I thing, any ideas? My findings are described here:


I just had a chance to test the pipe script for windows and found one little bug. It works well on windows now as well as mac! :)

On windows once you install Nodejs just start the nodejs command prompt, cd /path/to/code from github and run 'node index COM3' or whatever your com port is. Then setup wireshark as shown in the readme.

OK I finally got it running. :D/

I had to do it slightly different on my Windows XP box from what's listed above. So for all us windows users who don't write java code, or use git very often, here is the EASY way I got it running...

<b>1.</b> Go download the latest CBT to Wireshark code in zip format at https://github.com/CANBus-Triple/CANBus-Triple-Wireshark
<b>2.</b> Unzip the files anywhere you like. Will create the folder <i>CANBus-Triple-Wireshark-master</i> which contains the .js files.
<b>3.</b> Create a easy to find directory/folder, I used C:\WSCBT
<b>4.</b> Copy or move all the files from <i>CANBus-Triple-Wireshark-master</i> to <i>WSCBT</i> folder.
<b>5.</b> Open the <u>Node.js Command Prompt </u> window.
<b>6.</b> Type <b>CD C:\WSCBT</b> and now you should be at <i>C:\WSCBT></i>
<b>7.</b> Now type <b>npm install</b> which should give you.

<i>C:\WSCBT>npm install
npm WARN package.json index@0.4.0 No repository field.
npm WARN package.json node.js@0.0.0 No repository field.
q@1.2.0 node_modules\q</i>

<b>8.</b> Now type <b>node index COM2</b> replacing COM2 with what ever COM port your CBT is currently connected. This should return

<i>C:\WSCBT>node index COM2
Socket bound: \?\pipe\cbtbus1
Logging enabled on all three busses</i>

<b>9.</b> Now open WireShark and setup as listed
Click Capture
Click Interfaces
Click Options
Click Manage Interfaces
Select the Pipes Tab
Click New
Enter<b> \?\pipe\cbtbus1</b> where it says Pipe
Click Save, then Close
Uncheck all the interface buttons at top, except for the one with \?\pipe\cbtbus1

If everything is working correct, Wireshark should now be GREEN and start logging all data. If not, it will give you an error message. Also back in the Node.js Command Prompt window, the last line should be <i>client connected</i>

You may not need to do the <b>npm install</b> command, but in my case, just typing <b>node index COM2</b> wasn't working, and this way finally did... After doing it that way once, I've been able skip that npm install part and it opens fine.. Who knows...

Hope that helps speed it up for everyone else.


Just found the updates in this thread!

Looks like you're striking gold, Derek.

And many thanks KidTurbo!! Glad its working for you, ill try tonight on a windows box rather than Linux

Thanks gents! I'm going to give it a try this weekend.


Got all this set up with no problem. Wireshark goes green and Node command prompt says client connected but im not seeing any data :(

Pippy, couple things I noticed testing last night that are possibly causing your problems.
If you were using the JSON format data output, need to change that back in CBT to default of HEX only.

You will still need to verify CBT setup correctly with coolterm. Verify the baud rate is correct, and tell it to start dumping packets. However now you can't run coolterm if the Node script is running. So make certain CBT is sending HEX data with coolterm, then close it and start Node and Wireshark.

Last, I experienced issues with wireshark disconnecting after only a few packets were captured. In post above I said <i>Uncheck all the interface buttons at top, except for the one with \?\pipe\cbtbus1</i> .... Well for some reason I had to enable the others again to resolve this issue.... To avoid seeing my WiFi network TCP/UDP packets, I just selected my only protocol to monitor as CAN. Works fine now. Not sure where the bug is on that one.


The cbt-wireshark module should automatically send the logging commands to the CBT when it starts, but you will need to assure the bit rate is correct before you start.

I should also add I've got this module running in the Desktop app that uses node behind the scenes, so when I get the alpha out this will just work without any command line madness. Much much easier for you guys to use. :)

Thanks for that info on the auto start for logging. Only downside I've seen to Node is, at least on windows, it locks the COMM port so no other software can share it while the pipe is active.

Derek, think I may have discovered a possible issue with the Nodejs script and Wireshark on Windows. Experiencing a lag issue with packets coming from nodejs. Was doing some wireshark filtering by ID and noticed that button changes I had previously tracked using USBPcap weren't showing up. Turned the key off, and saw new packets kept coming in for over a minute. Sure enough so didn't the hex code bits matching the button input I changes I'd made over a minute earlier...

Anyone else experience this? Looks like Nodejs is buffering the data, and not related to wireshark best I can tell.

  • 37
  • 38797

Looks like your connection to CANBus Triple was lost, please wait while we try to reconnect.