Ethereal-users: Re: [Ethereal-users] Capture from STDIN or a pipe

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: eelsten@xxxxxxx
Date: Tue, 3 Sep 2002 10:29:18 -0500
Thanks for the feedback but we have tried both of those solutions we
encounter the following:

1. Use the ANY Interface
      -Problem: Does not capture in Promiscuous mode

2. Merge the traffic
      -Problem: There are no common frames.  This is all one flow of
traffic being split by direction, therefore every frame is unique.

I know that Ethereal will allow a capture from a named pipe, I just don't
know how one would go about setting such a thing up to accept data from
each NIC.  I am hoping someone out there has experience doing this.

Thanks.
--
Eric Elsten
3M IT Telecommunications
eelsten@xxxxxxx
651-733-0541


|---------+--------------------------------->
|         |           "Ronnie Sahlberg"     |
|         |           <sahlberg@xxxxxxxxxxxx|
|         |           m.au>                 |
|         |           Sent by:              |
|         |           ethereal-users-admin@e|
|         |           thereal.com           |
|         |                                 |
|         |                                 |
|         |           08/30/2002 05:18 PM   |
|         |                                 |
|---------+--------------------------------->
  >------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                  |
  |      To:       <ethereal-users@xxxxxxxxxxxx>                                                                     |
  |        <eelsten@xxxxxxx>                                                                                         |
  |      cc:                                                                                                         |
  |      Subject:  Re: [Ethereal-users] Capture from STDIN or a pipe                                                 |
  >------------------------------------------------------------------------------------------------------------------|



Hi eric.

There are two ways to do this easily with ethereal.

1,   Use Linux and capture from the "ANY" interface, then you will capture
from
all interfaces at the same time. I dont think any other platforms support
this.
Note, this is not a Ethereal feature per se but rather a feature of Linux
which
can provide a "virtual" network interface that is the set of all others.

2, Run two capture processes, one for each interface and then use mergecap
to merge the
two captures into one. Not as nice but can be used on all platforms.


There has also been discussion recently that someone might be working on
virtualization of
the capture mechanism used by ethereal. A very very interesting and useful
feature which
would allow sniffing from non-network devices as well as allowing what you
want.
Hopefully this feature may be implemented in ethereal.



> Has anyone successfully managed to direct two streams of network traffic
> into a pipe, then capture with ethereal?  If so, would you share some
info
> on setting this up?
>
> Basically we are using a network tap which divides the traffic into
> separate directions (so as to not overrun a 100 meg NIC on a full duplex
> link).  We would like to put this traffic back together within the system
> somehow before capturing it with ethereal.  I'm not smart enough to know
> how to do that.
>
> Thanks in advance!
>
> -Eric
>


_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users