Ethereal-dev: RE: [Ethereal-dev] Remote online packet capture?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jeff Foster <jfoste@xxxxxxxxxxxx>
Date: Thu, 19 Oct 2000 12:53:05 -0500
 
per Mark Atwood:

> I'm starting to see a need for what I'm doing to use ethereal to "live
> capture" packets from a box that can't run ethereal. (No GTK, no space
> for it, and no time to do a GTK port).
> 
> My mind ran away last night outlining a design for a "remote packet
> capture protocol", where a little agent runs on a tapping box,
> captures packets off a local interface, filters them, timestamps them,
> encapsulates them, and then transmits them to a box running ethereal,
> where the a packet capture modules receives them, and feeds them up
> into the application. It would be just another packet capture "back
> end", no different from being able to read different kinds of capture
> files.
> 
> Before I go down this road, has anyone else walked it. Has such a
> remote catpure protocol been written already (I know that RMON does it,
> but thats slow, painful, and baroque), and if so, has anyone written
> a "caputre module" for it?


I have played with a web base variation. It was a hack job on the
tethereal code.  I would have to dust it off to see if will still 
build, but you are welcome to it.  It was based upon starting a 
daemon that listens on a local socket and some cgi scripts that 
communicate with it over the socket.  I know that it could do what
you are thinking about and had considered it.  I didn't get the details
worked out on how to communicate between the agent and the display unit.
I don't want to transfer the full data packets because that wouldn't
well work over a slow connection.


Jeff Foster
jfoste@xxxxxxxxxxxx