I do agree, it's not purely Ethereal specific but it would be so cool to
have a "plug and play" Ethereal distribution for Windows able to capture
traffic stemming from LAN AND dialup networks (the NM driver is
automatically distributed with Windows on 2000 & XP). If the NM<->pcap
adaptor is part of libpcap we can forget the "plug & play" feature...
Ethereal could maybe support a very light adaptor (without filtering
implementation for ex.). As you stated (and it's what I did on my
modified Ethereal releases), Ethereal could try to load the standard
pcap driver first, then the internal one and at last the null one.
FYI pcap_findalldevs() as almost all the PCAP API can be implemented
very easily (I was sure Ethereal used pcap_findalldevs...)
For information regarding the NM API, you can browse:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmon/
netmon/network_monitor.asp
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Friday, June 20, 2003 9:43 AM
To: RABRET Laurent FTRD/DAC/ISS
Cc: hongbin.fei; ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] about ethereal
On Friday, June 20, 2003, at 12:23AM, RABRET Laurent FTRD/DAC/ISS wrote:
> Or, as I suggested it about one month ago (with a very first example),
> we can use the Microsoft Network Monitor driver instead. I proposed to
> include the pcap<->NM adapter to the Ethereal distribution for
> Windows.
That's not Ethereal-specific - it should probably be part of libpcap
itself, or in a forked copy of libpcap. (libpcap's pcap-win32.c could,
for example, try to load packet.dll; if that succeeds, it'd use the
WinPcap code, otherwise it'd try the NM code. If the NM code requires
a Network Monitor DLL, it should try to load that and, if that fails,
act like the code in pcap-null.c)
Note that this would, of course, require that all the APIs be
implemented, including "pcap_findalldevs()"; Ethereal doesn't currently
use it, but it will eventually do so on platforms where it's available,
and WinPcap currently provides it.)
