Ask Your Question

Link layer header type for serial/UART communication

asked 2018-06-15 11:17:28 +0000

updated 2018-06-15 19:27:20 +0000

Guy Harris gravatar image

I'm planning to use Wireshark for logging serial/UART communication. This communication may be multiple kinds of proprietary protocols, none of which are related to TCP/IP. They're all raw data. The main benefit of using Wireshark is the ability to write our own dissector to quickly anlyze the protocols in use.

I create the .pcap files manually. It's not a matter of logging serial ports - I fully control them and generate the log file. The problem I've stumbled upon is choosing the the link layer header type for serial communication. I went through the list at and none of these seem to fit my case. There's few related to serial communication, but they're either related to some specific product/vendor (like DLT_RTAC_SERIAL) or related to PPP.

Is there really no link layer type that could be used for logging simple serial/COM port/UART communication? Or maybe there's one that's close enough that'd require little work (i.e. writing some dummy headers) to adapt to such use case?

edit retag flag offensive close merge delete


What kind of data frames (= sequence of bytes as a unit) are we talking about here? Or are these individual octets?

Jaap gravatar imageJaap ( 2018-06-15 15:15:21 +0000 )edit

Individual octets would be easier for me to log, but I assume it'd involve huge overhead - each single byte log entry having a separate header in the file. As I've said, I fully control all the communication aspects (it's an embedded system) and I can attempt to dissect the data into actual frames based on various factors, e.g. change of direction in which the data is currently sent (data transmission is always half-duplex) or when one end stops transmitting data and X time elapses (meaning no more data will be sent/received).

Jacek Ślimok gravatar imageJacek Ślimok ( 2018-06-15 16:22:48 +0000 )edit

1 Answer

Sort by » oldest newest most voted

answered 2018-06-15 19:33:29 +0000

Guy Harris gravatar image

Is there really no link layer type that could be used for logging simple serial/COM port/UART communication?

No, because pcap/pcapng files are for use with traffic that can be divided into frames/packets at the lowest protocol level, but if all you're logging is bytes sent over a serial port, the only way to divide that into frames/packets would be to put each character sent over the serial port into a separate packet.

For half-duplex communication, it could, instead, accumulate all consecutive characters sent in a given direction into a single packet, or into multiple chunks with a maximum size (so you don't end up with a too-large packet, but no such link-layer type has been defined.

If a particular protocol sent over a serial port has framing, e.g. SLIP or PPP, then a link layer type could be defined for that particular protocol.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-06-15 11:17:28 +0000

Seen: 61 times

Last updated: Jun 15