Ethereal-dev: Re: [Ethereal-dev] Remote online packet capture?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Olivier Abad <abad@xxxxxxxxxxxxx>
Date: Fri, 20 Oct 2000 20:03:29 +0200
Mark Atwood wrote:
> I'm starting to see a need for what I'm doing to use ethereal to "live
> capture" packets from a box that can't run ethereal. (No GTK, no space
> for it, and no time to do a GTK port).
> 
> My mind ran away last night outlining a design for a "remote packet
> capture protocol", where a little agent runs on a tapping box,
> captures packets off a local interface, filters them, timestamps them,
> encapsulates them, and then transmits them to a box running ethereal,
> where the a packet capture modules receives them, and feeds them up
> into the application. It would be just another packet capture "back
> end", no different from being able to read different kinds of capture
> files.

Ethereal can read libpcap data from a pipe (including stdin). You can
use something like :
ssh root@cap_box "tcpdump -s 1600 -w -" | ethereal -i - -kS

I may add a remote capture menu in the GUI some day...

Olivier
-- 
What I want is all of the power and none of the responsibility.