> Well, dissecting, yes.
Ok. :-)
> What really needs to happen is the creation of a packet capturing
> daemon. We've talked about it on ethereal-dev for remote capturing
> purposes. It would be a daemon that understoodd RMON I & II, and perhaps
> our own special syntax for capture filters (based on Ethereal's display
> filters).
>
Well, statnet (on package netdiag in Debian) already produced a daemon, and
it
was one of the options I considered when I started etherape. It turned out
that usign pcap was very easy and I didn�t think about it anymore. It's the
dissection I'm most interested about, though, because it would make my
life easy for the color coded display.
> > guint8 *l2_addr; /* normally ethernet addresses */
> > guint8 *l3_addr; /* normally ip addresses */
> > guint8 *l4_addr; /* normally tcp or udp ports */
> > ...
> >
> > And then any combination of this addresses would be the key
> > to define a node.
>
> Why a combination? If you're communicating with IP addresses that
> are not on your local LAN segment, then the l2_addr will be
> your local router, while the l3_addr will be the remote IP address.
>
Actually I realized that's more than what I actually need. Starting two
versions
ago (yesterday night), I use a single node_id. But the node id may actually
be
the composition of two addresses, as is the case when in "tcpape" mode, in
which
a node is defined by it's ip address and port number.
Regards,
Juan.