Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark's ability to capture traffic for a given protocol largely applies only to link-layer protocols; for example, there is no notion of an "ability to capture TCP traffic", because TCP traffic is carried over IP traffic, which is ultimately captured over some link-layer protocol, so if Wireshark can capture on a given link layer that can carry IP traffic, it can capture TCP traffic on that link layer.

So if Wireshark can directly capture AX.25 traffic, it can capture any of the protocols that run on AX.25, including TEXNET.

Packet capture in Wireshark is done by libpcap on UN*Xes and by the libpcap-based WinPcap/Npcap on Windows, so whether, on any given OS, Wireshark can capture traffic on a given link layer depends on whether the OS, and libpcap/WinPcap/Npcap, supports it.

It appears that AX.25 interfaces are regular Linux network interfaces, so the standard Linux libpcap code should be able to capture on them, and sufficiently-recent versions of libpcap will handle its particular link-layer type, so it should be possible to capture AX.25 traffic with Wireshark on Linux.

Wireshark has a pane that shows raw hex data for packets. If a given protocol isn't dissected yet, it's usually just dissected as "Data", and if you click on the "Data" entry for that protocol's data, it should highlight, in the hex data pane, the data for that protocol. That's how TEXNET traffic would be handled - the AX.25 headers would be dissected, and the TEXNET traffic would just be shown as "Data".