Assuming you can capture the serial traffic with Wireshark then it should be able to decode serial link frames but I'm not sure the Ethernet frames will show up in the payload. You'll likely only see "data". You can work with "Decode As" feature to have the data from the serial frames show up as Ethernet frames but I'm not sure what field you'll be able to use to decode without having seen the capture.
Good luck.
Spooky
If ethernet frame is transferred over serial port(COM port), wireshark can decode that frame?
If you take the contents of the Ethernet frames and arrange that they be put into a pcap file with a link-layer header type of LINKTYPE_ETHERNET (1), or a pcapng file with an interface description block with a type of LINKTYPE_ETHERNET, then Wireshark should be able to read those files and decode the Ethernet frames.
Note that they will have to be Ethernet frames - i.e., they'll need to start with a 6-octet destination MAC address, followed by a 6-octet source MAC address, followed by a 2-octet type/length field, followed by the payload. If, for example, you're sending IP packets - e.g., if you have a device that receives IP-over-Ethernet frames and sends the IP packets on the serial line, and receives IP packets over the serial lines and sends them on the Ethernet - then you'd need a different LINKTYPE_ value, such as LINKTYPE_RAW for raw IP.
What is the format of the data going over the serial port?
Is it in the form of raw Ethernet packet data, with one 8-bit byte sent over the serial port for every 8-bit byte in the Ethernet packet, with some form of indication of when an Ethernet packet ends and the next one begins?
Or is it in some other form?
Asked: 2019-05-16 02:23:40 +0000
Seen: 1,348 times
Last updated: May 21 '19
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Using Ethernet over a serial link seems mutually exclusive. Can you provide more information? Ethernet frames run on Ethernet links and Serial links use their own framing. Are you tunnelling?
Yes, it is mutually exclusive. We are trying to send Ethernet frame( which is normally working on Ethernet link) via Serial port instead of Ethernet link. It's a kind of tunneling. If you have any further question, feel free to ask.