Ethereal-dev: Re: [Ethereal-dev] Remote Sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 10 Sep 2004 06:32:16 +1000
The solution you need is

Take the RPCAP tool which is part of WinDump (from the WinPcap people)
and add the required security extensions  such as adding something like
CHAP so that it can be used in a reasonably safe manner,
then just implement such a safe "remote" rpcap service in the box.

Then just capture from your machine using the RPCAP://ip-address/... interface


To do this you will have to head over to the tcpdump/libpcap people
and discuss with them what extensions and requirements for sequrity
and desing
are required to make it acceptable for inclusion in libpcap.

When you get buy in and acceptance from the libpcap people :
implement it in mainline libpcap.


There is some development work involved to make sure that the solution
is acceptable but it would benefit a lot of people.



On Wed, 08 Sep 2004 09:43:53 +0000, Gilad Benjamini
<yaelgilad@xxxxxxxxxxxxx> wrote:
> Hi,
> I have Linux running on an embedded device,
> on which I would like to sniff traffic. Rather than
> compiling a full-blown Ethereal, I would rather
> capture that data and send it to another PC (probably
> though some UDP socket). The other PC would listen
> to this socket and would interpet the packets as
> if they were being directly sniffed.
> 
> Doesn't look like to much work on the PC side.
> Question is: any chance someone did anything like
> this in the past ?
> 
> TIA
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>