Ethereal-dev: Re: [ethereal-dev] Question on remote snooping.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 7 Feb 2000 22:19:27 -0800
> A daemon process runs on the remote machine, snooping a port that
> isn't the one passing data back to the GUI (otherwise, it would
> be rather recursive!!).  Then, have the GUI listening to that socket
> as if it were snooping locally.  The communication over the socket
> would mostly be the raw packets, as determined by the filter,
> with a few cmds to control things as needed.  The GUI would run
> locally...

Microsoft Network Monitor has such a mechanism, which I think supplies
capture data over the wire as it arrives.

The RMON stuff in SNMP also provides such a mechanism, although, as I
remember, the data doesn't come back as the capture proceeds - you do
SNMP GETs to fetch the captured data.  (It also has a pretty feeble
filtering mechanism; I'm curious whether anybody's ever proposed adding
support for BPF code to RMON.)