Ethereal-users: [Ethereal-users] R: [Ethereal-dev] Remote online packet capture?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Loris Degioanni" <loris@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Oct 2000 11:40:01 +0200
Here at the Politecnico di Torino, we are working to add remote caputure capabilities to our tools windump and analyzer.
Our approach is at lower level, in particular we are adding to libpcap a new pcap-xxx.c, that redirects the functions to a remote agent instead of capturing the packets from a local interface.
This allows to the applications written over winpcap/libpcap to transparently capture from a remote host if linked with this remote version: they need only to specify the name of the adapter with a proper syntax (for example "machinename:adaptername") in pcap_open_live, and the capture is routed to the remote agent.
The communication with the capture agent is obtained through a 'capture protocol' similar to FTP, with two separate connections for data and controls.
At the moment we have a very basic version for win32 that we have tested with windump and Analyzer. In the future we plan to add features like autentication, cryptography, data compression and remote statistical analysis and then release the code in the winpcap source distribution.
Has anyone comments or suggestion on this approach?

Loris.

-----Messaggio Originale----- 
Da: Mark Atwood <mra@xxxxxxxxx>
A: <ethereal-users@xxxxxxxxxxxx>; <ethereal-dev@xxxxxxxxxxxx>
Data invio: giovedì 19 ottobre 2000 19.07
Oggetto: [Ethereal-dev] Remote online packet capture?


> 
> I'm starting to see a need for what I'm doing to use ethereal to "live
> capture" packets from a box that can't run ethereal. (No GTK, no space
> for it, and no time to do a GTK port).
> 
> My mind ran away last night outlining a design for a "remote packet
> capture protocol", where a little agent runs on a tapping box,
> captures packets off a local interface, filters them, timestamps them,
> encapsulates them, and then transmits them to a box running ethereal,
> where the a packet capture modules receives them, and feeds them up
> into the application. It would be just another packet capture "back
> end", no different from being able to read different kinds of capture
> files.
> 
> Before I go down this road, has anyone else walked it. Has such a
> remote catpure protocol been written already (I know that RMON does it,
> but thats slow, painful, and baroque), and if so, has anyone written
> a "caputre module" for it?
> 
> -- 
> Mark Atwood   | Freedom from want, freedom from fear, freedom from choice.
> mra@xxxxxxxxx | Is that the freedom you want? 
> http://www.pobox.com/~mra
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev