Hello, For the image attached which shows a set up of network, I have the following questions. 1.In the scenario A, is there any device required after the ethernet converter for wireshark to capture the packets? 2. Does it sniffs and capture the packets in this scenario? Thank you.
asked 30 Aug '16, 09:05  stadkama edited 30 Aug '16, 09:07 |
2 Answers:
If you are sniffing on two cables you would need (2) capture NICs on the PC, or (2) separate capture PCs, or you would need a TAP that aggregates the two cables into one capture port that you then use the PC to capture off of. For the first two options, you would use mergecap to get both conversations into one PCAP file. I am not familiar with what the converter is accomplishing, so if that aggregates somehow then that may also be a solution. But from the diagram I am assuming that there are two cables leaving the converter. answered 30 Aug '16, 09:25  BruteForce |
Your description is unclear and even confusing: "two-wire" usually means "single-pair", which would mean that both directions of the connection (μC A <-> μC B) use the same pair, while the description in the bubble says "2 cable ethernet" which could mean a separate cable (possibly with several pairs) per direction. But as a 2-wire "Ethernet" is a common solution where both directions use the same pair of wires, I'll deal with that part: no, the way you have drawn it it will not work. Depending on the way how the 2-wire "Ethernet" solution is implemented, the 2-wire connection may carry:
In any of the first two cases, you have to use the following architecture (==== means a pair of wires) for sniffing: I.e. you have to create a section of standard 4-wire Ethernet between the two μcontrollers using two 2W/4W converters connected back-to-back, and use a tap on it to feed two ports on the sniffing PC, each sniffing its own direction. Instead, you can also use a switch capable of monitoring, connect it between the two converters, and monitor Tx direction of each of the ports separately (i.e. copy it to another sniffing port of your PC). If you don't care much about timing and the aggregate traffic between the two μcontrollers is lower than the bandwidth on the sniffing port (or if you can use a 1 Gbit/s port to connect the PC while the 2wire Ethernet is just 100 Mbit/s in each direction), you can monitor Tx and Rx of just one of the ports on a single sniffing port of the PC, and you'll be fine as well. answered 31 Aug '16, 01:07  sindy edited 31 Aug '16, 01:11 The representation in the figure is described below: 2 wire ethernet represents simultaneous transmit and receive (i.e., full-duplex) operations on a single-pair cable. 100 base Tx cable after the converter towards PC represents cat5e cable where one pair for transmit and one for receive to achieve the same data rate. Converter is just for physical layer conversion. (31 Aug '16, 01:58) stadkama In that case, all what I wrote above is true. The Tx and Rx on the 2-wire are arranged in one of the first two ways and so you need to insert two back to back connected converters into the 2-wire line to be able to sniff both directions properly. If frequency separation is used, a single converter connected in parallel can only read one direction; if hybrids are used, a mix of both directions is present on the wire so if both μcontrollers transmit at the same time, the converter connected in parallel cannot translate the superposition of the two signals into two packets which do not overlap in time. (31 Aug '16, 02:13) sindy |
2 wire ethernet represents simultaneous transmit and receive (i.e., full-duplex) operations on a single-pair cable.
100 base Tx cable after the converter towards PC represents cat5e cable where one pair for transmit and one for receive to achieve the same data rate. Converter is just for physical layer conversion. Please let me know is there any TAP required after the converter.