[Gilbert Ramirez <gram@xxxxxxxxxx>]

On Mon, Feb 07, 2000 at 11:21:17PM -0700, Ben Greear wrote:
> Guy Harris wrote:
> > 
> > > A daemon process runs on the remote machine, snooping a port that
> > > isn't the one passing data back to the GUI
> > 
> > The software can't guarantee that; the user would be obliged to
> > guarantee it (the user could well say "show me all the traffic...").
> 
> Well, worst case the CPU/bandwidth will 'throttle' the connection.  Just
> cause the user can screw things up doesn't make it bad, eh?  Think
> how useful ping is, and how deadly ping -f is :)
> 
> Ben

As per my entry in the Ethereal TODO file,

*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
sort port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:

        ssh remotehost tcpdump -s 2000 -w - filter

"filter" could be created from $SSH_CLIENT on the remote end with
a simple little script. SSH_CLIENT is set to "client-IP client-port server-port"

Ethereal could have a multiple capture options from the GUI:

1. Use the regular libpcap (and in some far-off future, wiretap)
	capture facility.

2. Run ssh to a remote host and run tcpdump/snoop/tethereal to
	capture data. (Probably not tethereal, since it doesn't
	dump binary data to stdout)

3. Run a telnet session to a Lucent/Ascend or Toshiba ISDN router
	and capture the hex dump to a file.

--gilbert