> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Ronnie Sahlberg
> Sent: giovedì 8 aprile 2004 8.27
> To: Ethereal development
> Subject: Re: [Ethereal-dev] Idea for ethereal
>
>
> Tim wrote:
> >> It is part of the ethereal gui.
> >>
> >> Run ethereal locally on your desktop, when starting a capture type in
> >> rpcap://10.1.2.3/eth0
> >> or something similar where you select which interface to capture from.
> >> the capture will then be performed on the remote host 10.1.2.3 on that
> hosts
> >> interface eth0 and the pacekts will be transferred across the
> entwork to
> >> your ethereal session as if you were capturing locally.
> >
> >Neat! It's even available for Linux - http://rpcap.sourceforge.net/
> >
> >From Ronnie's first mail I thought it might only be available for
> >Windows.
> >
>
> Well, yes and no.
> The agent/daemon itself runs on windows, linux and bsd and should be
> semitrivially portable to other unix-like platforms as well.
>
> Ethereal itself, only the win32 version (or rather the
> winpcapified version)
> of ethereal can connect to those daemons.
> This is a feature of winpcap and not ethereal. Ethereal just eats the
> packets coming in from the underlying libpcap/winpcap
> library.
>
> To get also linux and unix versions of ethereal be capable to talk to such
> rpcap daemons someone would need to port or
> add similar code to libpcap as the winpcap people have added to winpcap.
> It would be very useful.
This is not correct.
WinPcap is able to compile on Windows, Linux and FreeBSD.
So, you don't need to port anything.
You just need to *have the will* to merge WinPcap code with libpcap one.
And, as far as I know, this will does not exist in the libpcap community.
That's it.
> This should not be really that difficult to do and might be a suitable
> project for someone wanting to get into network programming (and
> caring enough to do the semi-small work required (i never capture
> packets at
> all myself anyway so myself i am less than interested in the
> capability))
>
> This however is functionality that should reside in libpcap so anyone
> interested in adding this feature to libpcap so linux/unix versions of
> ethereal
> can do remote capture should go to tcpdump-workers over at www.tcpdump.org
> and talk to Guy and friends on that list.
> I am sure they will tell anyone interested what needs to be done
> and review
> any donated code.
>
> This should not be integrated into ethereal since this
> functionality belongs
> in the libpcap layer so all users of libpcap, not only ethereal, will
> benefit from it.
>
>
> So, anyone wants eternal fame and glory? head over to
> www.tcpdump.org and
> offer your dedication to port this rpcap thing into libpcap.
Not correct.
Go to the tcpdump.org community, convince them that remote capture can be a
good thing, and then I can do the merge (with a litte help of some UNIX
experts regarding makefiles, autoconf and such this stuff).
fulvio
