Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Serial Port Captures

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Urwin <richard@xxxxxxxxxxxxxxx>
Date: Wed, 19 May 2004 17:55:11 +0100
On Wednesday 19 May 2004 8:33 am, Crowe, Graham GP wrote:
> Hi,
> 	I was wondering if it was possible to get ethereal to capture
> directly from a serial port. I don't want to intercept data between a
> PPP process and the port, I would like to bind ethereal (and only
> ethereal) to the serial port and capture everything that comes in.
> Some of the data will be PPP and I would like to decode it with
> ethereal's built in decoders, other data I need to look at as raw
> hex.
>
> 	I was intending to use an RS232 tap feeding into two serial ports
> (actually USB - RS232 converters) on a laptop, and would like to
> display the capture from both directions in the one window (but still
> be able to identify which direction the data went).
>
> 	I have been unable to get ethereal to bind to a serial port (I only
> get the netcards and the firewire port to select from). Is this
> possible, or should I look elsewhere for this functionality. I know
> there have been a few other messages similar to this in this forum,
> but they all seemed to involve intercepting the data between a
> process and the port, I was hoping that simply capturing data from a
> port would be much simpler.
>
> I have managed to capture serial data to a file under both Linux and
> windows, but this data is not timestamped and it is impossible to
> merge the capture files from both directions (similar to what
> mergecap does).

This would be useful for me too. I have considered it now and again but 
there are problems in implementing it. There is no library like 
winpcap/libpcap to make the interface common between *nix and Windows. 
Most of the existing dissectors are useless, and a whole new set need 
to be written. There are several different schemes for packetizing the 
data, and there needs to be some way to pick the right one.

So we would need a new library on both - or several - platforms, and a 
handful of new dissectors. That's a good bit of code, and we'd need 
people that know the APIs. Then we have to convince the Ethereal crowd 
that it's a good idea, and patch Ethereal to use the new library where 
it's available and support a fair number of preference settings.

I have a program on Windows that displays and logs data from two COM 
ports at once. It's rather buggy, and the log output isn't directly 
machine-readable, but it does the job. Drop me a mail at rurwin at 
srhsystems dot com if it would be useful. It's based on the MS sample 
code, so I'll have to check the licence, but I don't see a problem with 
distributing at least executables.

-- 
Richard Urwin
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube