[Guy Harris <guy@xxxxxxxxxxxx>]

On Friday, June 20, 2003, at 2:02AM, RABRET Laurent FTRD/DAC/ISS wrote:

> I do agree, it's not purely Ethereal specific but it would be so cool 
> to
> have a "plug and play" Ethereal distribution for Windows able to 
> capture
> traffic stemming from LAN AND dialup networks (the NM driver is
> automatically distributed with Windows on 2000 & XP).

Does the libpcap-for-NM-driver implementation do packet filtering in 
user mode or in a kernel driver?  If it's in user mode, the LAN capture 
might be best done with WinPcap, as its driver does packet filtering 
(so packets that would have been discarded in user mode don't even get 
copied up to userland).

>  If the NM<->pcap
> adaptor is part of libpcap we can forget the "plug & play" feature...

Not if we arrange to install that version of libpcap as well.

If the NM<->pcap adaptor *isn't* part of libpcap, you would have to 
build *other* tools that use libpcap (e.g., Snort) specially (which 
would require a "developer's pack" for the NM<->pcap adaptor, rather 
than having the header files be part of Ethereal).