Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?
From: "Maynard, Chris" <[email protected]>
Date: Fri, 12 Oct 2007 08:56:40 -0400
NISTnet was definitely a pain to set up, but I've got a working system
with it, so I guess I still use it because it's already configured and
ready to go ... and because I just never took the time to play with
netem (or any others).  But I'm sure you're right, either netem or Jeff
Morriss's suggestion of using FreeBSD's dummynet is probably the way to
go.

- Chris

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jaap Keuter
Sent: Friday, October 12, 2007 1:51 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How to capture original packet ?

Hi,

My advice: Stay away from NISTnet. It's outdated, and buggy. A far more 
clean and maintained solution is the netem feature of the Linux Kernel.
See http://linux-net.osdl.org/index.php/Netem

Thanx,
Jaap


Maynard, Chris wrote:
> Shunra also offers some excellent products, but I recall them being
rather expensive. (http://www.shunra.com/products)
>  
> Most of the time I simply use Nistnet for this purpose though:
http://www-x.antd.nist.gov/nistnet/
<http://www-x.antd.nist.gov/nistnet/> .  It's free.
> - Chris
> 
> 
> ________________________________
> 
> From: [email protected] on behalf of Lars Ruoff
> Sent: Thu 10/11/2007 5:26 AM
> To: 'Developer support list for Wireshark'
> Cc: 'jayesh agrawal'; [email protected]; 'Kartik Nibjiya
Studyin .... Wat else ???'
> Subject: Re: [Wireshark-dev] How to capture original packet ?
> 
> 
> 
> Hello Vivek,
> 
> Maybe you're mxing up some things.
> From what you write I conclude that what you actually might want to do
is
> "intercept" (=prevent that it is receptioned on a higher layer) a
packet,
> rather than just "capture" (=get a copy of its content) it.
> If so, then Wireshark is not the tool to do it.
> And I doubt that there is any tool for doing this easily.
> If you want a machine that stands in a transmission path and adds
delay (or
> other perturbations) to packets, then what you need is probably a PC
with
> two network interfaces, capturing from one, applying the perturbation
and
> then playing back onto the other.
> Some comercial solutions based on this principle exist: Netdisturb,
Internet
> Simlulator, ...
> 
> Regards,
> Lars Ruoff
> 
> 
>         On 10/11/07, Vivek Satpute <[email protected]> wrote:
> 
>                 Respected Sir/Madam,
>                
>                 I am student of Pune University, doing project on WAN
> Emulator.
>                
>                 I have following query :
>                 wireshark uses the libpcap library which gives the
copy of
> packet.
>                 So, How to capture the original packet at data link
layer or
> network layer ?
>                
>                 We want to experiment the behavior by adding delays to
those
> packets, and
>                 that is why we want the actual packet and a copy of
packet
> wont serve purpose.
>                
>                
>                 Thanks in advance.
>                
> 

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.