Wireshark · Ethereal-dev: Re: [Ethereal-dev] Tapping

Ethereal-dev: Re: [Ethereal-dev] Tapping

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Fri, 1 Oct 2004 12:49:59 +1000

On Thu, 30 Sep 2004 19:35:50 -0700 (PDT), Guy Harris  wrote:
> ronnie sahlberg said:
> >> Is it possible to write a tapping for an existing protocol without
> >> making any changes on the source code (Assuming that the protocol
> doesn't have
> >> a tap device installed on it.)?
> > No
> 
> Couldn't a tap just get the protocol tree and process that?  (That might
> not supply enough information, and the protocol tree is somewhat of a pain
> to process, but if he really wants to build a tap for an existing protocol
> without modifying the dissector, that's about all he can do....)

yes   it could do that but as you point out, it would be a very painful way to
process the packets.
it would be much less painful to just tappify the protocol he is interested in.

References:
- [Ethereal-dev] Tapping
  - From: Luis Monge
- Re: [Ethereal-dev] Tapping
  - From: ronnie sahlberg
- Re: [Ethereal-dev] Tapping
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Tapping
Previous by thread: Re: [Ethereal-dev] Tapping
Next by thread: [Ethereal-dev] [PATCH] Dissect EAP-FAST
Index(es):
- Date
- Thread