Ethereal-dev: [Ethereal-dev] Remote Capture Using rpcapd

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ross Carlson" <[email protected]>
Date: Wed, 27 Jul 2005 09:25:47 -0400

Greetings,

 

We’ve managed to modify, recompile and package (NSIS) the current 0.10.11 version of Ethereal to work properly with WinPcap’s rpcapd.  The application is currently capturing and displaying remote packet captures from several Gentoo linux boxes running rpcapd.

 

We put together a HOW-TO of sorts of the entire process, start to finish – from installing MSVC++ 6.0, Cygwin, hacking the sourcecode to use the pcap_next_ex() rather than the deprecated pcap_dispatch(), on through to recompiling on the Windows platform and then included a section on compiling WinPCap/Rpcapd on a remote linux host.  Hopefully this will be useful to others attempting to get the remote capture function working.

 

This HOW-TO can be found here:

 

http://www.corvus.com/documents/ethereal-remote

 

Our BIG question to the list:  Does anyone know of any immediate issues we might encounter as a result of this kludge?  It’s described in the HOW-TO, but essentially we took Ulflamping’s suggestion on this Wiki page

 

http://wiki.ethereal.com/CaptureSetup_2fWinPcapRemote

 

and in the following files:

capture-wpcap.c
capture_loop.c

we did a find and replace for each instance of pcap_dispatch (other than comments) with pcap_next_ex – it was a total of 6 edits…

Now, the application compiles fine, we were able to package it up nicely with NSIS, and we are now using it successfully, but we’re concerned that there may be some “gotchas” that we just aren’t aware of…

Does anyone have any thoughts off the top of the head? 

And also, if we were able to do this – why hasn’t this been implemented in Ethereal already?  This – the absence from the official release – is what gives us the most cause for concern.

Regards,

Ross Carlson

Corvus Technologies

320 East Clayton Street, Suite 508

Athens, GA  30601

(706) 543-9426 Office

(706) 296-1987 Mobile

[email protected]

www.corvus.com