Wireshark · Ethereal-dev: [ethereal-dev] Re: ntop and libpcap on w32

Ethereal-dev: [ethereal-dev] Re: ntop and libpcap on w32

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Fri, 9 Jul 1999 11:34:43 -0500

On Fri, Jul 09, 1999 at 11:12:13AM -0500, Luca Deri wrote:
> 
> 
> Hi Gilbert,
> first of all let me say 'thank you' for your interest for ntop. I've
> been silently following your ethereal project for a while and I've also
> used your tool for debugging ntop problems. So it's a pleasure to talk
> to you.

thanks! I'm glad you're using ethereal.

> libpcap doesn't run on windows. All I've done is that I have wrapped a
> few pcap_XXX calls in order to make ntop Windows aware. All I can tell
> you is that a basic port of libpcap to Windows isn't difficult although
> full libpcap support might require some effort (I'm thinking about
> packet filtering for instance). I've noticed that you're playing with
> wirecap, so it would probably be nice to add Win support there too.

A compatriot of yours has created a libpcap "driver" for win32, at
http://netgroup-serv.polito.it/analyzer

However, he seems to have used some Microsoft example source code from
the DDK which he is not allowed to re-distribute; so he should not
be distributing his port of libpcap in source form. Until that issue is
resolved, neither of our projects can really use that libpcap.

> So far I had no time, but I would like to fully port libpcap to Windows
> so I can compile apps such as tcpdump.
> 
> If you want we can do a joint effort. I could take care of basic libpcap
> porting to Win32 (during the time we can add all teh features) and you
> might help me there. I don't need cygwin because I wrapped pcap_XXX
> directly into Win32 using NDIS 3.0 (I assume you know this technology).

This would be very interesting. I know of NDIS, but I know nothing about
its API. Others on ethereal-dev do, though, so I'm copying this e-mail
to that list.

> Back to wiretap. Could I use it for ntop? A few people asked me to sniff
> from multiple NICs and as I can understand wiretap is good in this.

Absolutely. Actually, the effort to make wiretap do packet capturing has
stalled a bit. Wiretap only provides an interface for reading capture
files, but it can read many different file types.  I wanted to build
filters into wiretap first, and then add capturing. But my BPF compiler
never got very far.

We do want to revisit the packet capture abilities of wiretap. Multiple-NIC
capturing is a common request. I go back and forth between wanting to
simply modify libpcap, or building this functionality into wiretap.

> Bottom line: let's join our efforts if you want.
> 
> Cheers, Luca.
>

Follow-Ups:
- [ethereal-dev] Re: ntop and libpcap on w32
  - From: Luca Deri

Prev by Date: [tbabin@xxxxxxxxxxxxxxxxxx: Re: [ethereal-dev] Ethereal showing extra data on the end of packets]
Next by Date: Re: [ethereal-dev] proto_tree discussion
Previous by thread: [tbabin@xxxxxxxxxxxxxxxxxx: Re: [ethereal-dev] Ethereal showing extra data on the end of packets]
Next by thread: [ethereal-dev] Re: ntop and libpcap on w32
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$