# Remove the address and ascii convertion of hexdump and spacesĪlas, though it works for a bit longer than the previous version, when the frames are a bit too big, wireshark pops a problem saying that the frame is too big, with a length that is indeed ridiculous (like -1562980309832), and again the recording stops. Length = ser.write(b"tcpdump -U -s256 -i eth0 -w - 2> /dev/null | hexdump -C\n") # We need hexdump -C because that's the only format that doesn't mess up with the endianess # Spawn tcpdump on the host and convert the raw output to stupid hex format With serial.Serial('/dev/ttyUSB0', 115200, timeout=5) as ser: So I know this is lame, but as I didn't have other ideas, this is what I came up with: import serial I think this is because the tty on the host still converts some special characters, probably the line feed or carriage return. Wireshark is happy for some time, but quite soon the input gets corrupt and the recording stops.
Leaving aside some problems with how the script should end properly, this didn't work as well as I imagined. # Pipe data from serial to wireshark's input Length = ser.write(b"tcpdump -U -s0 -i eth0 -w - 2> /dev/null\n") + 1 With serial.Serial('/dev/ttyUSB0', 115200, timeout=0) as ser: So I decided to create a python script to control how the piping would work: import serial Wireshark complains that the input is not valid libpcap format, certainly because the command gets echoed back and I didn't manage to get rid of that.
stty -F /dev/ttyUSB0 rawĮcho "tcpdump -U -s0 -i eth0 -w - 2>/dev/null" > /dev/ttyUSB0 I first tried to configure the tty and pass the data to wireshark through pipes. Fortunately, there is a getty opened on the serial interface, and tcpdump installed.
I try to capture packets that flow through an embedded device to which I don't have the ability to install anything. TL DR: How to pipe properly over UART the output of a remote tcpdump to a local wireshark ?
0 kommentar(er)
