Ethereal-dev: [Ethereal-dev] Packet capture architecture question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Chris Waters <chris@xxxxxxxxxxxx>
Date: Sat, 17 Aug 2002 12:22:00 -0700
Hi,

I want to add an alternative packet capture mechanism to Ethereal. i.e.
instead of getting the packets from pcap, I want to receive them over a
socket from another machine. I have spent half an hour reading the sources,
but it doesn't appear like the packet capture interface is abstracted. It
seems like everything is very tightly tied to pcap.

It looks like capture-wpcap.c encapsulates the winpcap DLL. How is this done
under Unix? I couldn't find an equivalent libpcap file. Does it use
capture-wpcap.c as well?

I guess I could make a library which has the same API as pcap, but this
doesn't make it easy for a user to switch between a local capture and a
remote capture. Ideally I would like the new capture source to appear in the
drop-down list as an adapter.

Anyway, I am looking for ideas about the best way to abstract the capture
interface to make it possible to add a new capture mechanism.

Thanks,

Chris.