Ethereal-dev: [Ethereal-dev] formalize ethereal <-> dumpcap protocol.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Mon, 13 Feb 2006 13:40:18 +0100
Hi List!

I've been thinking that now that the capture child "lives on its own"
if we formalize the interface between dumpcap and ethereal it would be
"easy" to create dumpcap replacements.

For example, I have a perl script that connects via telnet to a
machine, and every few seconds fetches the lates loglines, converts
protocol info into binary data and writes to a pipe for "ethereal -i
-". There are some things that cannot be done this way (mainly
restarting the capture).

If we add a mechanism to tell ethereal which "dumpcap" to use ( -X
captue_agent:capture_prog ?) It would be feasable to use scripts like
mine as a capture agent.

I can think in various "toys" that could come out from this the most
prominent are
  - a mux to merge the input of several interfaces
  - a remote capture agent


Luis.

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan