per Mark Atwood:
> I'm starting to see a need for what I'm doing to use ethereal to "live
> capture" packets from a box that can't run ethereal. (No GTK, no space
> for it, and no time to do a GTK port).
>
> My mind ran away last night outlining a design for a "remote packet
> capture protocol", where a little agent runs on a tapping box,
> captures packets off a local interface, filters them, timestamps them,
> encapsulates them, and then transmits them to a box running ethereal,
> where the a packet capture modules receives them, and feeds them up
> into the application. It would be just another packet capture "back
> end", no different from being able to read different kinds of capture
> files.
>
> Before I go down this road, has anyone else walked it. Has such a
> remote catpure protocol been written already (I know that RMON does it,
> but thats slow, painful, and baroque), and if so, has anyone written
> a "caputre module" for it?
I have played with a web base variation. It was a hack job on the
tethereal code. I would have to dust it off to see if will still
build, but you are welcome to it. It was based upon starting a
daemon that listens on a local socket and some cgi scripts that
communicate with it over the socket. I know that it could do what
you are thinking about and had considered it. I didn't get the details
worked out on how to communicate between the agent and the display unit.
I don't want to transfer the full data packets because that wouldn't
well work over a slow connection.
Jeff Foster
jfoste@xxxxxxxxxxxx