Ethereal-dev: Re: [Ethereal-dev] packet drop

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>
Date: Fri, 15 Apr 2005 19:28:03 -0700 (PDT)
On Fri, 15 Apr 2005, Ulf Lamping wrote:

> Gilbert Ramirez wrote:
>
> >You know what I'd like? I'd like a "pcap" binary that only did
> >capturing, including capture filters. I.e., drop the tcpdump packet
> >dissection, too.
> >
> >
> Funny.
>
> That's exactly what I was thinking about for the last half an hour.
>
> A capture only command line tool which doesn't show up any info (a
> simple packet count maybe) and gained towards highest possible
> performance, that can be achieved with WinPcap/libpcap.

Well, since I seem to have a need, perhaps I should look at doing this.

> Maybe with two modes of operation:
>
> 1) similar to todays implementation in Ethereal
> 2) use RAM instead of an output file, so you can capture some limited
> data to the RAM instead of writing to disk while capturing.

That seems reasonable.

You would want to be able to specify some simple filters, like the ones
that the packet filter stuff supports, but that should be easy ...

Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com