On Tue, May 25, 2004 at 12:38:20PM +0430, Behzadipour Ali wrote:
> It seems that with Ethereal we can only analyze the machine which the
> program has been installed on it. Is there any possibility to perform
> the task in corporate manner which other machines can be analyzed
> remotely from a single point?
Are you asking for the ability to run Ethereal on a machine plugged into
a LAN segment and capture traffic to and from all machines on that LAN
segment, or are you asking for the ability to run Ethereal on a machine
plugged into a LAN segment (or other network) and have it capture and
analyze traffic on some *other* LAN segments or other networks, by, for
example, having a machine on that network capture traffic and supply it
to Ethereal over the network?
If it's the former, the other replies explain the problem, as does this
FAQ entry:
http://www.ethereal.com/faq.html#q5.1
However, from the way you're describing your problem, I suspect you mean
the latter, i.e. some sort of distributed network analysis.
If so, WinPcap 3.0 has some support for remote traffic capture:
http://winpcap.polito.it/docs/man/html/group__remote__help.html
and recent versions of Ethereal should be able to let you capture on a
device whose name uses the "rpcap:" syntax described on that page (*if*
"pcap_open_live()" supports it, which it might not). Libpcap for UN*X
doesn't yet support that syntax, and WinPcap doesn't support any other
remote capture protocols.