First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Link layer header type for serial/UART communication

I'm planning to use Wireshark for logging serial/UART communication. This communication may be multiple kinds of proprietary protocols, none of which are related to TCP/IP. They're all raw data. The main benefit of using Wireshark is the ability to write our own dissector to quickly anlyze the protocols in use.

I create the .pcap files manually. It's not a matter of logging serial ports - I fully control them and generate the log file. The problem I've stumbled upon is choosing the the link layer header type for serial communication. I went through the list at http://www.tcpdump.org/linktypes.html and none of these seem to fit my case. There's few related to serial communication, but they're either related to some specific product/vendor (like DLT_RTAC_SERIAL) or related to PPP.

Is there really no link layer type that could be used for logging simple serial/COM port/UART communication? Or maybe there's one that's close enough that'd require little work (i.e. writing some dummy headers) to adapt to such use case?

Jacek Ślimok's avatar
1
Jacek Ślimok
asked 2018-06-15 11:17:28 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2018-06-15 19:27:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What kind of data frames (= sequence of bytes as a unit) are we talking about here? Or are these individual octets?

Jaap's avatar Jaap (2018-06-15 15:15:21 +0000) edit
more
  • delete

Individual octets would be easier for me to log, but I assume it'd involve huge overhead - each single byte log entry having a separate header in the file. As I've said, I fully control all the communication aspects (it's an embedded system) and I can attempt to dissect the data into actual frames based on various factors, e.g. change of direction in which the data is currently sent (data transmission is always half-duplex) or when one end stops transmitting data and X time elapses (meaning no more data will be sent/received).

Jacek Ślimok's avatar Jacek Ślimok (2018-06-15 16:22:48 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Is there really no link layer type that could be used for logging simple serial/COM port/UART communication?

No, because pcap/pcapng files are for use with traffic that can be divided into frames/packets at the lowest protocol level, but if all you're logging is bytes sent over a serial port, the only way to divide that into frames/packets would be to put each character sent over the serial port into a separate packet.

For half-duplex communication, it could, instead, accumulate all consecutive characters sent in a given direction into a single packet, or into multiple chunks with a maximum size (so you don't end up with a too-large packet, but no such link-layer type has been defined.

If a particular protocol sent over a serial port has framing, e.g. SLIP or PPP, then a link layer type could be defined for that particular protocol.

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-06-15 19:33:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer