Tim wrote:
>> It is part of the ethereal gui.
>>
>> Run ethereal locally on your desktop, when starting a capture type in
>> rpcap://10.1.2.3/eth0
>> or something similar where you select which interface to capture from.
>> the capture will then be performed on the remote host 10.1.2.3 on that
hosts
>> interface eth0 and the pacekts will be transferred across the entwork to
>> your ethereal session as if you were capturing locally.
>
>Neat! It's even available for Linux - http://rpcap.sourceforge.net/
>
>From Ronnie's first mail I thought it might only be available for
>Windows.
>
Well, yes and no.
The agent/daemon itself runs on windows, linux and bsd and should be
semitrivially portable to other unix-like platforms as well.
Ethereal itself, only the win32 version (or rather the winpcapified version)
of ethereal can connect to those daemons.
This is a feature of winpcap and not ethereal. Ethereal just eats the
packets coming in from the underlying libpcap/winpcap
library.
To get also linux and unix versions of ethereal be capable to talk to such
rpcap daemons someone would need to port or
add similar code to libpcap as the winpcap people have added to winpcap.
It would be very useful.
This should not be really that difficult to do and might be a suitable
project for someone wanting to get into network programming (and
caring enough to do the semi-small work required (i never capture packets at
all myself anyway so myself i am less than interested in the
capability))
This however is functionality that should reside in libpcap so anyone
interested in adding this feature to libpcap so linux/unix versions of
ethereal
can do remote capture should go to tcpdump-workers over at www.tcpdump.org
and talk to Guy and friends on that list.
I am sure they will tell anyone interested what needs to be done and review
any donated code.
This should not be integrated into ethereal since this functionality belongs
in the libpcap layer so all users of libpcap, not only ethereal, will
benefit from it.
So, anyone wants eternal fame and glory? head over to www.tcpdump.org and
offer your dedication to port this rpcap thing into libpcap.