Canis Labs has developed an open source logic analyzer decoder for CAN called can2. It has special features to warn about unusual events that could indicate a CAN protocol attack, works with low-cost hardware, runs on Linux, Windows and macOS and can also export decoded frames to a pcapng packet capture file for display in Wireshark.
Canis Labs created the open source CANHack toolkit to demonstrate the viability of low-level attacks on the CAN protocol itself. A MicroPython version of CANHack is available for the CHV DEF CON 30 badge and the CANPico board.
The Canis Labs CAN SDK provides a uniform C API for CAN that is portable to different CAN controller hardware, and also to different microcontroller targets.
The first CAN controllers supported with this API is the Microchip MCP2517FD (and Microchip MCP2518FD). This is the CAN controller on the Canis Labs CANPico board (the CAN SDK includes a binding for the Raspberry Pi Pico SDK).