On Wednesday 19 May 2004 8:33 am, Crowe, Graham GP wrote:
> Hi,
> I was wondering if it was possible to get ethereal to capture
> directly from a serial port. I don't want to intercept data between a
> PPP process and the port, I would like to bind ethereal (and only
> ethereal) to the serial port and capture everything that comes in.
> Some of the data will be PPP and I would like to decode it with
> ethereal's built in decoders, other data I need to look at as raw
> hex.
>
> I was intending to use an RS232 tap feeding into two serial ports
> (actually USB - RS232 converters) on a laptop, and would like to
> display the capture from both directions in the one window (but still
> be able to identify which direction the data went).
>
> I have been unable to get ethereal to bind to a serial port (I only
> get the netcards and the firewire port to select from). Is this
> possible, or should I look elsewhere for this functionality. I know
> there have been a few other messages similar to this in this forum,
> but they all seemed to involve intercepting the data between a
> process and the port, I was hoping that simply capturing data from a
> port would be much simpler.
>
> I have managed to capture serial data to a file under both Linux and
> windows, but this data is not timestamped and it is impossible to
> merge the capture files from both directions (similar to what
> mergecap does).
This would be useful for me too. I have considered it now and again but
there are problems in implementing it. There is no library like
winpcap/libpcap to make the interface common between *nix and Windows.
Most of the existing dissectors are useless, and a whole new set need
to be written. There are several different schemes for packetizing the
data, and there needs to be some way to pick the right one.
So we would need a new library on both - or several - platforms, and a
handful of new dissectors. That's a good bit of code, and we'd need
people that know the APIs. Then we have to convince the Ethereal crowd
that it's a good idea, and patch Ethereal to use the new library where
it's available and support a fair number of preference settings.
I have a program on Windows that displays and logs data from two COM
ports at once. It's rather buggy, and the log output isn't directly
machine-readable, but it does the job. Drop me a mail at rurwin at
srhsystems dot com if it would be useful. It's based on the MS sample
code, so I'll have to check the licence, but I don't see a problem with
distributing at least executables.
--
Richard Urwin