Ethereal-users: RE: [Ethereal-users] Capturing on multiple interfaces simultaneously

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>
Date: Thu, 7 Nov 2002 07:02:34 -0600
> On some platforms (Linux) Ethereal can capture from the 
> virtual ALL device which makes it capture from all network devices.

Yup.  I've seen that before (and I'm using Linux), which is what made me think perhaps I just hadn't figured out a way to capture from only two.

> There is no support in ethereal to capture from only a subset 
> of network interfaces.  No one has implemented this yet.

Ah.  Yet another opportunity to code my own stuff.  :-)

> But you can run multiple tcpdump-tethereal captures, one for 
> each interface, and later
> merge the aptures using mergecap into a single unified capture file.

Yes, but that's what I'm trying to avoid.

In my case, I'll probably be able to build a bidirectional port mirror, which should mux the two data streams together for me.  Since neither data stream is >100Mb, muxing them onto a 1Gb interface should be safe enough.

Anyway, the earlier discussion about 'splitcap' has my current attention, so when I have time to code I'm going to work on that first.  However, if time allows, perhaps I'll attempt to do something like this next (although I haven't the faintest idea of where to begin; yet another Learning Opportunity).

Thanks!

--J