How I can monitor Ethernet's packets through a "null modem of ethernet interface" or connection direct (in a serial port RS232 or USB) with WireShark.

asked 08 Feb '12, 16:49

Walter's gravatar image

Walter
1111
accept rate: 0%

edited 28 Feb '12, 19:49

cmaynard's gravatar image

cmaynard ♦
5.8k725100


Well, to do it with an RS-232 device, the first step would be to get an RS-232 serial port that runs at the same speed as your Ethernet. That's not likely to happen - I know of no RS-232 ports that can run at 10 megabits/second, much less the speed of modern Ethernets - so, unless the Ethernet has next to no traffic on it, even if somebody were to make a device that transfers Ethernet packets over an RS-232 interface, it wouldn't be able to capture most of the traffic on the Ethernet.

To do it with a USB device, get a USB Ethernet interface, plug it into the Ethernet in question, and capture on that interface. This is no different from capturing on any other type of Ethernet interface; see the Wireshark Wiki page on Ethernet traffic capture for information, including information about capturing on switched networks (which is more difficult than capturing on non-switched networks).

link

answered 08 Feb '12, 20:29

Guy%20Harris's gravatar image

Guy Harris ♦♦
11.0k226140
accept rate: 17%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×52
×42
×28
×1

Asked: 08 Feb '12, 16:49

Seen: 2,912 times

Last updated: 28 Feb '12, 19:49

powered by OSQA