Wireshark-dev: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?

From: Harald Welte <laforge@xxxxxxxxxxxx>
Date: Tue, 1 Feb 2022 18:16:32 +0100
Hi Erik,

not sure if it fits your use case, but https://git.osmocom.org/osmo-pcap/
might be another option to look at.  It's a combination of client and server
for aggregating packet captures from various probes (clients) around a network.

The protocol between client and server can be a custom, TCP based protocol
(fulfilling your concerns aginst UDP based solutions), or IPIP (which of course
suffers from the same MTU concerns you raised against UDP).

Those tools are not performance optimized and hence not intended for
high-bandwidth captures, but mostly used (and originally developed for)
to capture telecom signalling traffic.

Manual can be found at https://downloads.osmocom.org/docs/latest/osmopcap-usermanual.pdf

- Harald Welte <laforge@xxxxxxxxxxxx>           http://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)