> Is anyone working on this ?
All there is now is the ability to use the "any" device on Linux with
libpcap 0.6.2 (which, on systems with 2.2 or later kernels, lets you
listen on all network devices).
On most if not all other platforms, listening on multiple interfaces
would either require
1) multiple sub-processes, each listening on one interface, and
*somehow* merging their capture threads together
or
2) a "select()" or "poll()" or
"WaitForMultipleObjects()"/"MsgWaitForMultipleObjects()" loop
selecting on all the capture devices that are opened.
The former is, I suspect, trickier than one might think.
The latter is, I think, doable on all UNIX platforms (the loop in
question would, on Ethereal, just be the GTK+/GLib main loop; we could
either use the GLib main loop, or write our own main loop. for
Tethereal); however, it is not currently doable on Windows.
At some point in the future, WinPcap may support that (it's trickier on
Windows, as you can't just use handles for arbitrary devices in a
WaitFor call, you'd need a handle for a "waitable object", which might
have to be something like an event).
Over and above all that, however, given that not all network interfaces
have the same link-layer type, this would require a different capture
file format, which supports multiple different link-layer types in the
same capture, or a "fake" link-layer type of the sort that libpcap uses
on the "any" device on Linux.
So I wouldn't expect to see this feature any time in the near future.
