[John McDermott <jjm@xxxxxxxxxx>]

Mark Atwood wrote:
> 
> I'm starting to see a need for what I'm doing to use ethereal to "live
> capture" packets from a box that can't run ethereal. (No GTK, no space
> for it, and no time to do a GTK port).

> 
> Before I go down this road, has anyone else walked it. Has such a
> remote catpure protocol been written already (I know that RMON does it,
> but thats slow, painful, and baroque), and if so, has anyone written
> a "caputre module" for it?

Actually I'd love to see a RMON/RMON2 feature in Ethereal. We've talked
about it before.  The (old) btng has an rmon1 agent and IIRC there is
some RMON support in scotty/tkined.

While RMON/SMON can be clunky, some of the reason for that is the poor
GUIs available.  In reality it can be quite powerful.

Now for another approach: the way Ethereal does live capture and display
is that one process does the capture and another the display.  That
means that Ethereal has the ability to read in (currently from a pipe)
the captured data.  The capturing process should not need GTK and that
could therefore be stripped out.  The pipe could be converted to a
network socket and you'd have something close to what you describe: it
would be a distributed Ethereal.

You could even be fancy and support multiple Ethereal capturers...

--john


-- 
John McDermott, Writer and Consultant
J-K International, Ltd.
V +1 505/377-6293  F +1 505/377-6313
jjm@xxxxxxxxxx