28

How can I sniff packets communicated through a serial port on Linux?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
  • 1
    If some answers provided answer to your question, you should accept it (http://meta.serverfault.com/questions/1033/how-can-i-accept-answers-to-my-questions) – Olli Feb 08 '11 at 13:31

3 Answers3

30

There are a few options:

  • sersniff is a simple program to tunnel/sniff between 2 serial ports.

  • Serial to Network Proxy (ser2net) provides a way for a user to connect from a network connection to a serial port.

  • SerialSpy acts as a serial pass-through device. It listens for incoming data on two serial ports and forwards it so the devices act as if they are directly connected. It also logs the data as it moves through the ports.

  • sercd is an RFC 2217-compliant serial port redirector. It lets you share a serial port through a network. It is based on sredird. The RFC2217 protocol is an extension to telnet and allows changing communication port parameters.

  • SerLooK is a KDE application for inspecting data going over serial lines. It can work as a binary terminal that sends and receives data through a defined port (Point to Point mode) and displays them on separate views. Each view can be configured to display data in hexadecimal, decimal, octal, binary, and raw ASCII. It is also possible to perform I/O through terminal emulation views and define a secondary port and monitor the traffic between two external hosts using a "Y" cable (Snooper mode).

  • nullmodem creates a virtual network of pseudo-terminals. It can be used as an adapter to connect two programs that normally need serial interface cards.

  • ttywatch monitors, logs, and multiplexes terminal I/O. It has full log rotation built in, and can use telnet as well as local TTY ports.

  • Serial line sniffer (slsnif) is a serial port logging utility. It listens to the specified serial port and logs all data going through this port in both directions.

CharlesB
  • 515
  • 1
  • 4
  • 20
hlovdal
  • 1,075
  • 11
  • 18
  • 2
    You can achieve this with standard tools using `socat` and `tee`. 1) `socat -d -d pty,raw,echo=0 pty,raw,echo=0`. The output will give you two ports `...N PTY is /dev/pts/27... N PTY is /dev/pts/28`. 2) `sudo cat /dev/ttyS0 | tee /dev/pts/27` and in another terminal `sudo cat /deb/pts/27 | tee /dev/ttyS0`. Finally 3) Connect your program to `/dev/tty/28`. The two tee commands will dump both directions to the console and forward to/from the actual serial port. Note that the port settings like baudrate must be configured ahead of time. – jtpereyda Jul 18 '15 at 00:36
  • You can save the tee stuff to a file, too: `cat /dev/pts/27 | sudo tee /dev/ttyS0 serial-caps` and `xxd` will help if it's a binary protocol: `cat /dev/pts/27 | sudo tee /dev/ttyS0 serial-caps | xxd`. – jtpereyda Jul 18 '15 at 00:37
  • @jtpereyda it looks like your 3rd step should be connect program to /dev/ttyS0. e.g. when I connect PUTTY there to /dev/ttyS0 it correctly shows me that output in step 2 while also communicating with the actual embedded board. BTW you have a typo `/deb/pts/27` should be `/dev/pts/27`. Also `cat /deb/pts/27 | tee /dev/ttyS0` should be `cat /dev/pts/27 | sudo tee /dev/ttyS0` – enthusiasticgeek Sep 10 '16 at 20:39
  • This answer is very old, please consider interceptty for serial port sniffing – CharlesB Sep 17 '18 at 13:18
  • 1
    You could provide that as another answer. @CharlesB Explaining why it is better would be nice too. – chicks Sep 17 '18 at 18:40
17

I tried interceptty (copy at GitHub), and was successful in using it. First I ran it on the port of interest:

interceptty /dev/ttyACM0 

Then I connected the program-under-test to the pseudo-terminal /dev/pts/5 that interceptty created.


I tried to use slsnif, but I found that I got an error:

Failed to open a pty: No such file or directory

This mailing list item indicates that slsnif only supports the "legacy" pseudo-terminals (/dev/ttyp0 etc) which are probably not used on current Linux kernels.

Craig McQueen
  • 720
  • 6
  • 18
  • 1
    Thanks! Same error here on my embedded device. Then I use `interceptty` and did work! – gfleck Oct 26 '17 at 13:24
  • How do you know which pseudo-terminal it creates? – chwi Sep 25 '19 at 19:32
  • @chwi You can give it a second parameter, which is a name of a "front-device" which is a symlink to the pseudo-terminal it creates. – Craig McQueen Sep 26 '19 at 07:16
  • Thank you. I found that by default, it creates a /dev/intercepttydummy. I was able to watch traffic back and forth, but the incoming data from the device was only read by interceptty, not my software running pyserial. – chwi Sep 27 '19 at 10:24
3

Try using jpnevulator (debian packaged) or slsniff. Note that slsniff uses a deprecated terminal emulation model.

CharlesB
  • 515
  • 1
  • 4
  • 20
sntg
  • 1,424
  • 11
  • 15