On Wed, Jun 29, 2011 at 11:34 AM, Jakub Zawadzki
<darkjames-ws@xxxxxxxxxxxx> wrote:
> Btw. is there any specification of rpcap?
> Or we have only our code and patch for libpcap (from winpcap project)?
WinPcap sources includes this code. The rpcap dissector was written
using this sources, namely pcap-remote.h.
> I've found sf project of rpcap-libpcap from 2002 http://rpcap.sourceforge.net/
I did not know about this rpcap implementation, and surely don't know
which protocol they use :)
My long term project is about adding support for several ways to
capture traffic. We have dumpcap today, and we may add support for
adding other (custom) programs to capture from other sources using the
same arguments as dumpcap. In my case we are tracing internal
(proprietary) IPC traffic using a custom capture utility and
presenting the data using Lua scripts. This combined with a remote
capture functionality can be used in a lab environment to capture from
devices with just a network interface and no console. I don't know if
rpcap is the ultimate solution, but it works for network traces.
--
Stig Bjørlykke
