Ethereal should be able to spawn a child process, and read libpcap
formated capture data from the stdout of that process. This would be
both flexible and powerful. By using "netcat server 1234" you could
read a live capture from a remote TCP port. Or you could do things
like "ssh host tethereal -w -" to do a secure remote capture on
another machine.
We had a previous discussion on a patch for reading from a TCP port,
but as far as I can tell it was never integrated. The reason is
probably that it is not immediatly useful for most users. This
proposal should be applicable to a much wider range of problems. I
admit that a lot of this could also be done with named pipe, but it is
a big disruption to the workflow. Using a child process should provide
a much better user experience.
Now if other people agree, I will try to implement this feature and
get it into the next release. I only have two questions:
1. Do we need a checkbox "spawn child process", or do we want a magic
character like '|' at the start of the file name to trigger this
feature? For security reasons I would propose the former, although it
is more work.
2. I imagine there would be problems with buffering. Any easy way to
solve them? ssh -t usually works for me, but from a technical
perspective that seems very inefficient.
Below is the patch sent by Javier. While some of the arguments apply
to both proposals, I hope that I have addressed the main issues that
where brought up in there.
Thomas
On 7/3/05, Javier Acuña <javier.acuna@xxxxxxxxxx> wrote:
>
>
>
> Hi
>
> I'm resending the patch to allow remote capturing. That is, to read data transmitted over TCP/IP. The sending side is the one responsible of capturing on some physical interface.
>
> Now the preferences thingie is working, so you can use the GUI to select an IP address and port number. You need to open 'Capture Options', on 'Interface :' select 'socket', and then provide the IP address and port number.
>
> Cheers
> Javier Acuña
>
> PS: Selectin 'socket' is not estrictly necessary, you just need to provide any name not related to a real interface.
>
>
>
>
> ________________________________________________________________
>
> Mensaje enviado desde el Servicio Webmail del Dominio sixbell.cl
>
>
>
>
>
>
>
> _____________________________
> La informacion contenida en esta transmision es confidencial, y no puede ser usada por otras personas que su(s) destinatario(s). El uso no autorizado de la informacion contenida en esta transmision puede ser sancionado. Si ha recibido esta transmision por error, por favor destruyala y notifique al remitente telefonicamente, con cobro revertido o via e-mail.
>
> The information contained in this transmission is privileged, and may not be used by any person other than its addressee(s). Unauthorized use of the information contained in this transmission may be punished by law. If received in error, please destroy and notify the sender by calling collect or by e-mail.
> _____________________________
>
>