Ask Your Question

Wireshark can sniff ethernet frame over serial port?

asked 2019-05-16 02:23:40 +0000

If ethernet frame is transferred over serial port(COM port), wireshark can decode that frame?

If yes, please let us know how to do it.

Thx in advance.

edit retag flag offensive close merge delete


Using Ethernet over a serial link seems mutually exclusive. Can you provide more information? Ethernet frames run on Ethernet links and Serial links use their own framing. Are you tunnelling?

Spooky gravatar imageSpooky ( 2019-05-17 02:56:12 +0000 )edit

Yes, it is mutually exclusive. We are trying to send Ethernet frame( which is normally working on Ethernet link) via Serial port instead of Ethernet link. It's a kind of tunneling. If you have any further question, feel free to ask.

dspchung gravatar imagedspchung ( 2019-05-17 04:11:11 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2019-05-21 21:54:42 +0000

Guy Harris gravatar image

If ethernet frame is transferred over serial port(COM port), wireshark can decode that frame?

If you take the contents of the Ethernet frames and arrange that they be put into a pcap file with a link-layer header type of LINKTYPE_ETHERNET (1), or a pcapng file with an interface description block with a type of LINKTYPE_ETHERNET, then Wireshark should be able to read those files and decode the Ethernet frames.

Note that they will have to be Ethernet frames - i.e., they'll need to start with a 6-octet destination MAC address, followed by a 6-octet source MAC address, followed by a 2-octet type/length field, followed by the payload. If, for example, you're sending IP packets - e.g., if you have a device that receives IP-over-Ethernet frames and sends the IP packets on the serial line, and receives IP packets over the serial lines and sends them on the Ethernet - then you'd need a different LINKTYPE_ value, such as LINKTYPE_RAW for raw IP.

edit flag offensive delete link more

answered 2019-05-21 21:09:54 +0000

Spooky gravatar image

Assuming you can capture the serial traffic with Wireshark then it should be able to decode serial link frames but I'm not sure the Ethernet frames will show up in the payload. You'll likely only see "data". You can work with "Decode As" feature to have the data from the serial frames show up as Ethernet frames but I'm not sure what field you'll be able to use to decode without having seen the capture.

Good luck.


edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-05-16 02:23:40 +0000

Seen: 50 times

Last updated: yesterday