On Oct 8, 2003, at 10:05 AM, stefmit wrote:
I am sorry for "hijacking" the thread, as I have no answer for your
specific
query, but your description raised my interest for another reason: you
are
saying you've been using Ethereal as distributed sniffer ... right?
How (if
you don't mind)?
As he noted, he's doing remote sniffing by running the application on
the remote machine and, through the Miracle Of The X Window System
("it's a window system named X, not a system named X Windows" :-)),
displaying it on, presumably, his desktop machine. For people in
Windowsland, think "Windows Terminal Server" (which current versions of
Ethereal should finally be able to handle, as it includes a version of
GTK+ that can handle 8-bit color).
I.e., what goes over the wire are messages to update the window (from
Ethereal to the X server on the desktop) and messages containing UI
events (keyboard, mouse, etc., from the desktop to Ethereal), not
packet capture information, as would happen with rpcap.
What I [partially!] understand by distributed sniffer is the
capability of
having visibility for multiple (preferably remote) locations, so what
I had
to do was to use winpcap 3.01 alpha installed on remote machines
(across WAN
links), and enable rpcap on those, then capture "on demand" using
windump on
the central monitoring station, with the syntax for adapter ("-i"):
rpcap://<remote_IP>/\<adapter_name>. I have not been successful in
using
Ethereal for this mechanism (rpcap) ... have you?
What failures do you get?