On Sep 25, 2003, at 8:15 AM, Enrico Bendinelli wrote:
I would like to add to Ethereal the capability to decode in real-time
the packets that are collected by the LSU, which is a different host
connected via LAN and TCP/IP.
So Ethereal would capture the packets through a TCP connection in place
of interfacing to the local device.
The LSU captures data from multiple devices (HDLC or ATM) and it will
forward the packets to Ethereal through the TCP link over the LAN. An
header in front of each packet identifies the source device in the LSU
and the timestamp. I am supposing to use map these information to the
internal conventions of Ethereal.
What is the best approach for adding this feature ?
The best approach for adding that feature might be to:
1) add a new link-layer type to libpcap containing the source device
information (if different source devices can have different network
types, e.g. one being HDLC and the other being ATM, that information
should include the network type);
2) add to the LSU support for the "remote capture" protocol invented
by the WinPcap developers:
http://winpcap.polito.it/
3) add to Ethereal support for that new link-layer type;
4) try capturing on "rpcap://{LSU host name or IP address}/{adapter
name}", where "{adapter name}" could either be the name of a particular
source device (if you want to support capturing on a particular source
device) or just some arbitrary name (if you only support capturing on
all devices).
That *currently* requires that you run Ethereal on Windows and that use
WinPcap 3.01. If you have problems capturing on it, let me know. I
plan to look at adding the remote capture support to libpcap; once I've
done that, it should also work on UNIX-compatible systems if you build
the current CVS version of libpcap and link Ethereal with that.