I want to supervise (24x7) the traffic running through some remote
network remote sites, from
a supervision center.
On the each of the remote sites, I have a PC running tethereal with a
filter. I use
tethereal purely as a filter, either for newtwork event (TCP RST...) or
applicative events
(dedicated protocols using a dedicated plugin).
Less than 0,1 % of the packets get through the filter.
The filtered packets are sent through ssh and pipes to a console running
Ethereal
in the supervision center. (I am working on a program derived from mergecap
to merge capture from files, I will make it public when I am done.)
Waht's wrong with tcpdump : it doesn't do applicative filtering and
sends back too much traffic, which is not
what I want, and is not realistic on a networking point of view.
On my view, an option saying : drop all packets that are more than 5
minutes old and
"garbage collect" the resources used by those packets would be very useful.
On the central supervision site I would like to run Ethereal forever as
well, but it's less critical, since
I can restart it every day, an the filtered traffic is low compared to
the real traffic.
Pierre JUHEN
