Greetings,
We’ve managed to modify, recompile and package (NSIS)
the current 0.10.11 version of Ethereal to work properly with WinPcap’s
rpcapd. The application is currently capturing and displaying remote
packet captures from several Gentoo linux boxes running rpcapd.
We put together a HOW-TO of sorts of the entire process, start
to finish – from installing MSVC++ 6.0, Cygwin, hacking the sourcecode to
use the pcap_next_ex() rather than the deprecated pcap_dispatch(), on through
to recompiling on the Windows platform and then included a section on compiling
WinPCap/Rpcapd on a remote linux host. Hopefully this will be useful to
others attempting to get the remote capture function working.
This HOW-TO can be found here:
http://www.corvus.com/documents/ethereal-remote
Our BIG question to the list: Does anyone know of any
immediate issues we might encounter as a result of this kludge? It’s
described in the HOW-TO, but essentially we took Ulflamping’s suggestion
on this Wiki page
http://wiki.ethereal.com/CaptureSetup_2fWinPcapRemote
and in the following files:
capture-wpcap.c
capture_loop.c
we did a find and
replace for each instance of pcap_dispatch (other than comments) with pcap_next_ex – it
was a total of 6 edits…
Now, the
application compiles fine, we were able to package it up nicely with NSIS, and
we are now using it successfully, but we’re concerned that there may be
some “gotchas” that we just aren’t aware of…
Does anyone have
any thoughts off the top of the head?
And also, if we
were able to do this – why hasn’t this been implemented in Ethereal
already? This – the absence from the official release – is what
gives us the most cause for concern.
Regards,
Ross Carlson
Corvus Technologies
320 East Clayton
Street, Suite 508
Athens, GA 30601
(706) 543-9426 Office
(706) 296-1987 Mobile
rcarlson@xxxxxxxxxx
www.corvus.com
