Is there a command to write a wireshark dump for serial connections in unix machine ? & how to read that data ? asked 21 Sep '16, 23:08  SohanRawat |
One Answer:
There is no direct way at the moment. For serious analysis, you would need to track not only the value of each byte sent but also its timestamp, maybe also the state of the control lines like RTS, CTS, DSR, ... so the capture file format would require quite a lot of extra fields, leaving aside the dissection of the captured data in Wireshark. But if you can live with less accuracy regarding timing and control signals, I suggest you to insert a pair of back-to-back connected Serial-over-LAN adaptors into your serial connection and use Wireshark (or tcpdump) to capture the TCP session between those two. The adaptors usually buffer the incoming traffic to save overhead, so as long as the serial data are coming in continuously enough, the adaptor accumulates them into a packet and only sends the packet when it reaches the MSS size; if longer time than some tens of milliseconds elapses since the last byte has come in, the packet is sent (with a PSH flag set) even if there is still free space available in it. If you have enough serial ports on the machine where you capture, you may connect the first one (to which your communication application is bound) to the second one using a null modem cable, run the SoL application on the second and third serial adaptor and let them talk to each other over the loopback interface (127.0.0.1), and connect the original serial cable (previously connected to the first port) to the third one. The above is just an illustration of the principle; actually, you may connect your application to a virtual serial port which, instead of connecting to an external SoL adaptor, connects across the loopback to a local SoL application connected to the original port, so no additional hardware ports are required. answered 22 Sep '16, 00:53  sindy edited 22 Sep '16, 00:57 @Sindy , Is there any planning from wireshark regarding the direct capturing for the serial communication dump for the next releases ? (22 Sep '16, 01:45) SohanRawat Not that I know of, note that wireshark doesn't actually make the capture itself, that's performed by an OS specific capture library, e.g. libpcap, WinPcap or npcap and all of those are network capture libraries. Wireshark capturing capabilities can be extended using extcap utilities that are separate executables than are launched by Wireshark to perform specific capture tasks and the pass the captured traffic back to Wireshark in pcap format, so that might be an avenue you wish to explore. (22 Sep '16, 02:51) grahamb ♦ To give you a better overview: such an extension of Wireshark and the capturing mechanism would have to include the following steps:
So this is far from simple, and far from how network capturing and analysis typically works. What is your use case? (22 Sep '16, 04:47) sindy |
Do you have in mind dumping/capturing of IP packets sent over SLIP & PPP (i.e. IP over serial channel) lines, or dumping of raw serial traffic on those interfaces?
@Sindy : dumping of raw serial traffic on those interfaces