Wireshark · Ethereal-users: Re: [Ethereal-users] capture on Unix Sockets ?

Ethereal-users: Re: [Ethereal-users] capture on Unix Sockets ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 25 Feb 2002 15:06:36 -0800

On Mon, Feb 25, 2002 at 04:01:41PM -0700, jim cromie wrote:
> is this a decent candidate for a plug-in ?

Given that the only plugins in Ethereal are packet dissector plugins,
and that this would not be a packet dissector plugin, no, it's not at
all a candidate for an Ethereal plugin.

(I.e., Ethereal plugins are not general plugins to make Ethereal do
arbitrary things in arbitrary places; they're just protocol dissectors.)

However, Ethereal *can* capture from a pipe, rather than from a network
device, so if you wrote a *program* that sniffed that data, and wrote it
to its standard output in libpcap/tcpdump format, you could put a
command to run that program into the "Interface:" box and capture from
it.

Note that you would have to add fake IP headers, and write it out as a
DLT_RAW capture.

Note also that, for X11, you'd have to add fake *TCP* headers instead;
X11 doesn't run over UDP, so you can't deal with UNIX-domain socket
traffic to an X server by putting in fake UDP headers.

References:
- [Ethereal-users] capture on Unix Sockets ?
  - From: jim cromie
- Re: [Ethereal-users] capture on Unix Sockets ?
  - From: Guy Harris
- Re: [Ethereal-users] capture on Unix Sockets ?
  - From: jim cromie

Prev by Date: Re: [Ethereal-users] capture on Unix Sockets ?
Next by Date: [Ethereal-users] GdK Error
Previous by thread: Re: [Ethereal-users] capture on Unix Sockets ?
Next by thread: Re: [Ethereal-users] capture on Unix Sockets ?
Index(es):
- Date
- Thread