I’ve implemented similar using either udp or serial, using extcap in both cases. You can take a look at udpdump but in my case I wrote it myself using a python extcap on the receiving end.
The idea is, that you put all information (including the timing of your original protocol) into a frame, send this to extcap, which recreates a frame to be displayed using pcap as a format.
See the documentation of extcap in the developer documents
Regards
Roland
> Am 26.01.2020 um 09:46 schrieb Erwin Rol <mailinglists@xxxxxxxxxxxx>:
>
> Hey all,
>
> I was wondering if there is a remote capture "protocol" that works on
> Mac, Windows, and Linux?
>
> The idea I have is to use a small (and cheap) microcontroller like a
> STM32F407 that can capture a fieldbus (RS485 based, etc.) and relay
> that in realtime (realtime as in not storing it locally) to a PC
> running Wireshark.
>
> I could simply pack it in some UDP protocol and write a dissector for
> that, but than I would loose my timing information, because it will be
> the timing of wenn the UDP packet has been received and not the time of
> when the fieldbus packet was received.
>
> Is there already anything out there that supports transporting capture
> data (including timing) over Ethernet that works on all 3 major
> platforms (rcap seems windows only, ssh seems linux only, and both are
> to heavy to implement on a microcontroller).
>
> Any info and ideas are welcome.
>
> TIA,
>
> Erwin
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe