[Ulf Lamping <ulf.lamping@xxxxxx>]

Jayanna, Jay wrote:

> Thank you, Ulf Lamping for the reply & for sending the links to the 
> capture mechanism.
> I meant dissectors when I said plugins. My plugin / dissector on the 
> client side sends the packets that it receives, over TCP to the 
> server. The plugin / dissector collects the packets & puts it back 
> into the ethereal stack for it to sniff. I spawn off a server thread 
> in proto_register_server, which creates a socket, binds a port to it & 
> listens on it. It spawns off a thread for every connection it accepts. 
> Hence each data / packets from each client is received in a different 
> thread. And then I use call_dissector() in dissector_server to send 
> the packet to IP. I am able to view the packets if I write it to a 
> file (tethereal �w result) & then open it in ethereal. But if I hit 
> the capture button, ethereal quits.
> I think its because the child process that forks off during ethereal 
> kills my threads, but I am not too sure if this is the reason. Please 
> let me know what you think.
That's the most uncommon use of a dissector I heard for a while ... 
well, I've never heard something such as this before :-)
I'm not sure about it, but having multi threading at that place seems to 
be a *very bad idea* to me, as this isn't the intended use for 
call_dissector().

As far as I understand you, you're trying to do remote capturing. If 
your client runs on windows, have a look at: 
http://wiki.ethereal.com/CaptureSetup_2fWinPcapRemote
There's an ongoing interest in remote capturing. If you are running 
Linux/unix, please contact the libpcap folks and tell them you need 
remote capturing, as this might speed up development :-)
You might also use an ssh connection and piping to do something like 
this (mentioned by someone else on this list before), but I'm not 
familiar with this so you won't get big help from me on this topic ...
Regards, ULFL